diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2023-09-18 19:59:52 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2023-09-18 19:59:52 +0000 |
| commit | 401770e05c71ecb5ae61a59d316069b4b78bf622 (patch) | |
| tree | a66e3d57ff5dde81aaa0fdc4c2d86c8b7a525ae0 | |
| parent | 7699e1386a16236002b26107ffd2dcbde375e197 (diff) | |
242 files changed, 19043 insertions, 9035 deletions
diff --git a/Makefile.in b/Makefile.in index bc021aa1eb00..0a2e7f9b6f08 100644 --- a/Makefile.in +++ b/Makefile.in @@ -122,15 +122,15 @@ iterator/iter_delegpt.c iterator/iter_donotq.c iterator/iter_fwd.c \ iterator/iter_hints.c iterator/iter_priv.c iterator/iter_resptype.c \ iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \ services/localzone.c services/mesh.c services/modstack.c services/view.c \ -services/rpz.c \ +services/rpz.c util/rfc_1982.c \ services/outbound_list.c services/outside_network.c util/alloc.c \ util/config_file.c util/configlexer.c util/configparser.c \ util/shm_side/shm_main.c services/authzone.c \ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ -util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \ +util/rtt.c util/siphash.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \ util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \ -util/timehist.c util/tube.c util/proxy_protocol.c \ +util/timehist.c util/tube.c util/proxy_protocol.c util/timeval_func.c \ util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ validator/autotrust.c validator/val_anchor.c validator/validator.c \ validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ @@ -145,14 +145,14 @@ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \ outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \ -fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ +fptr_wlist.lo siphash.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \ -autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \ +autotrust.lo val_anchor.lo rpz.lo rfc_1982.lo proxy_protocol.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo +$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo timeval_func.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -198,7 +198,7 @@ CHECKCONF_OBJ=unbound-checkconf.lo worker_cb.lo CHECKCONF_OBJ_LINK=$(CHECKCONF_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ $(COMPAT_OBJ) @WIN_CHECKCONF_OBJ_LINK@ CONTROL_SRC=smallapp/unbound-control.c -CONTROL_OBJ=unbound-control.lo +CONTROL_OBJ=unbound-control.lo CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \ $(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@ HOST_SRC=smallapp/unbound-host.c @@ -455,6 +455,7 @@ unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnsta dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h +timeval_func.lo timeval_func.o: $(srcdir)/util/timeval_func.c $(srcdir)/util/timeval_func.h # dnscrypt dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -498,6 +499,7 @@ util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h echo "#include \"util/configyyrename.h\"" >> $@ ;\ $(LEX) -t $(srcdir)/util/configlexer.lex >> $@ ;\ fi + @if test ! -f $@; then echo "No $@ : need flex and bison to compile from source repository"; exit 1; fi util/configparser.c util/configparser.h: $(srcdir)/util/configparser.y @-if test ! -d util; then $(INSTALL) -d util; fi @@ -516,7 +518,7 @@ distclean: clean rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 doc/unbound-host.1 rm -f smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service rm -f $(TEST_BIN) - rm -f Makefile + rm -f Makefile maintainer-clean: distclean rm -f util/configlexer.c util/configparser.c util/configparser.h @@ -649,7 +651,7 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTA iana_update: curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed - if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '/<record>/ {p=0;} /<protocol>udp/ {p=1;} /<protocol>[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} /<number>/ { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc + if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '/<record>/ {p=0;} /<protocol>udp/ {p=1;} /<protocol>[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} /<number>/ { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc rm -f port-numbers.tmp # dependency generation @@ -877,7 +879,7 @@ rpz.lo rpz.o: $(srcdir)/services/rpz.c config.h $(srcdir)/services/rpz.h $(srcdi outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - + outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h \ @@ -915,7 +917,8 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/rrdef.h shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ @@ -928,7 +931,7 @@ shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/ut $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h + $(srcdir)/util/tube.h $(srcdir)/util/timeval_func.h authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ @@ -983,7 +986,7 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/timeval_func.h proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c config.h \ $(srcdir)/util/proxy_protocol.h $(srcdir)/sldns/sbuffer.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ @@ -1006,6 +1009,8 @@ rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/itera $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h +siphash.lo siphash.o: $(srcdir)/util/siphash.c +rfc_1982.lo rfc_1982.o: $(srcdir)/util/rfc_1982.c edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \ @@ -1186,7 +1191,7 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/r $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/services/outside_network.h + $(srcdir)/services/outside_network.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ @@ -1321,7 +1326,7 @@ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ @@ -1343,7 +1348,7 @@ testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/test $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ - $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/timeval_func.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ @@ -1357,7 +1362,7 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ @@ -1409,7 +1414,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ + $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/util/timeval_func.h \ $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -1417,7 +1422,7 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h $(srcdir)/util/timeval_func.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ diff --git a/README.md b/README.md index c3d9bc2492ef..c220da030458 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Unbound -[](https://travis-ci.org/NLnetLabs/unbound) +[](https://github.com/NLnetLabs/unbound/actions) [](https://repology.org/project/unbound/versions) [](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) [](https://unbound.readthedocs.io/en/latest/?badge=latest) diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index cf436ec54bb6..f27615bd8bce 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 44 +# Version 46 +# 2023-05-04 fix to remove unused whitespace. +# 2023-01-26 fix -Wstrict-prototypes. # 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. # 2021-08-17 fix sed script in ssldir split handling. # 2021-08-17 fix for openssl to detect split version, with ssldir_include @@ -187,7 +189,7 @@ dnl cache=`echo $1 | sed 'y%.=/+- %___p__%'` AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, [ echo '$2' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -233,7 +235,7 @@ dnl DEPFLAG: set to flag that generates dependencies. AC_DEFUN([ACX_DEPFLAG], [ AC_MSG_CHECKING([$CC dependency flag]) -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then DEPFLAG="-MM" else @@ -272,7 +274,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -309,7 +311,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -335,7 +337,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, [ #include <stdbool.h> #include <ctype.h> -int test() { +int test(void) { int a = 0; return a; } @@ -345,7 +347,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE, [ #include <ctype.h> -int test() { +int test(void) { int a; a = isascii(32); return a; @@ -356,7 +358,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE, [ #include <netinet/in.h> -int test() { +int test(void) { struct in6_pktinfo inf; int a = (int)sizeof(inf); return a; @@ -370,7 +372,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID, [ #include <unistd.h> -int test() { +int test(void) { int a = setresgid(0,0,0); a = setresuid(0,0,0); return a; @@ -385,7 +387,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_POSIX_C_SOURCE=200112, #endif #include <netdb.h> -int test() { +int test(void) { int a = 0; char *t; time_t time = 0; @@ -413,7 +415,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D__EXTENSIONS__, #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -475,7 +477,7 @@ fi dnl Setup ATTR_FORMAT config.h parts. dnl make sure you call ACX_CHECK_FORMAT_ATTRIBUTE also. AC_DEFUN([AHX_CONFIG_FORMAT_ATTRIBUTE], -[ +[ #ifdef HAVE_ATTR_FORMAT # define ATTR_FORMAT(archetype, string_index, first_to_check) \ __attribute__ ((format (archetype, string_index, first_to_check))) @@ -834,7 +836,7 @@ dnl try to see if an additional _LARGEFILE_SOURCE 1 is needed to get fseeko ACX_CHECK_COMPILER_FLAG_NEEDED(-D_LARGEFILE_SOURCE=1, [ #include <stdio.h> -int test() { +int test(void) { int a = fseeko(stdin, 0, 0); return a; } @@ -859,7 +861,7 @@ char* (*f) () = getaddrinfo; #ifdef __cplusplus } #endif -int main() { +int main(void) { ; return 0; } @@ -923,7 +925,7 @@ cache=`echo $1 | sed 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_cc_deprecated_$cache, [ echo '$3' >conftest.c -echo 'void f(){ $2 }' >>conftest.c +echo 'void f(void){ $2 }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -1317,7 +1319,7 @@ AC_DEFUN([AHX_CONFIG_W32_FD_SET_T], #ifdef HAVE_WINSOCK2_H #define FD_SET_T (u_int) #else -#define FD_SET_T +#define FD_SET_T #endif ]) @@ -1355,7 +1357,7 @@ dnl $3: define value, 1 AC_DEFUN([AHX_CONFIG_FLAG_OMITTED], [#if defined($1) && !defined($2) #define $2 $3 -[#]endif ]) +[#]endif]) dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags dnl $1: the -DNAME or -DNAME=value string. diff --git a/acx_python.m4 b/acx_python.m4 index 16c0c6fd943f..c945d6c8989e 100644 --- a/acx_python.m4 +++ b/acx_python.m4 @@ -17,33 +17,62 @@ AC_DEFUN([AC_PYTHON_DEVEL],[ PYTHON_VERSION=`$PYTHON -c "import sys; \ print(sys.version.split()[[0]])"` fi + # calculate the version number components. + [ + v="$PYTHON_VERSION" + PYTHON_VERSION_MAJOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MAJOR"; then PYTHON_VERSION_MAJOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_MINOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MINOR"; then PYTHON_VERSION_MINOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_PATCH=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_PATCH"; then PYTHON_VERSION_PATCH="0"; fi + ] - # Check if you have sysconfig - AC_MSG_CHECKING([for the sysconfig Python module]) - if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then + # For some systems, sysconfig exists, but has the wrong paths, + # on Debian 10, for python 2.7 and 3.7. So, we check the version, + # and for older versions try distutils.sysconfig first. For newer + # versions>=3.10, where distutils.sysconfig is deprecated, use + # sysconfig first and then attempt the other one. + py_distutils_first="no" + if test $PYTHON_VERSION_MAJOR -lt 3; then + py_distutils_first="yes" + fi + if test $PYTHON_VERSION_MAJOR -eq 3 -a $PYTHON_VERSION_MINOR -lt 10; then + py_distutils_first="yes" + fi + + # Check if you have the first module + if test "$py_distutils_first" = "yes"; then m="distutils"; else m="sysconfig"; fi + sysconfig_module="" + AC_MSG_CHECKING([for the $m Python module]) + if ac_modulecheck_result1=`$PYTHON -c "import $m" 2>&1`; then AC_MSG_RESULT([yes]) - sysconfig_module="sysconfig" - # if yes, use sysconfig, because distutils is deprecated. + sysconfig_module="$m" else AC_MSG_RESULT([no]) - # if no, try to use distutils + fi - # - # Check if you have distutils, else fail - # - AC_MSG_CHECKING([for the distutils Python package]) - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + # if not found, try the other one. + if test -z "$sysconfig_module"; then + if test "$py_distutils_first" = "yes"; then m2="sysconfig"; else m2="distutils"; fi + AC_MSG_CHECKING([for the $m2 Python module]) + if ac_modulecheck_result2=`$PYTHON -c "import $m2" 2>&1`; then AC_MSG_RESULT([yes]) + sysconfig_module="$m2" else AC_MSG_RESULT([no]) - AC_MSG_ERROR([cannot import Python module "distutils". - Please check your Python installation. The error was: - $ac_distutils_result]) + AC_MSG_ERROR([cannot import Python module "$m", or "$m2". + Please check your Python installation. The errors are: + $m + $ac_modulecheck_result1 + $m2 + $ac_modulecheck_result2]) PYTHON_VERSION="" fi - - sysconfig_module="distutils.sysconfig" fi + if test "$sysconfig_module" = "distutils"; then sysconfig_module="distutils.sysconfig"; fi # # Check for Python include path diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index 245daa986967..30645268ca23 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -102,7 +102,6 @@ static int testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) { struct testframe_moddata* d; - (void)env; verbose(VERB_ALGO, "testframe_init"); d = (struct testframe_moddata*)calloc(1, sizeof(struct testframe_moddata)); @@ -111,6 +110,15 @@ testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) log_err("out of memory"); return 0; } + /* Register an EDNS option (65534) to bypass the worker cache lookup + * for testing */ + if(!edns_register_option(LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, + 1 /* bypass cache */, + 0 /* no aggregation */, env)) { + log_err("testframe_init, could not register test opcode"); + free(d); + return 0; + } lock_basic_init(&d->lock); lock_protect(&d->lock, d, sizeof(*d)); return 1; @@ -218,6 +226,8 @@ static int cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) { const char* backend_str = cfg->cachedb_backend; + if(!backend_str || *backend_str==0) + return 1; cachedb_env->backend = cachedb_find_backend(backend_str); if(!cachedb_env->backend) { log_err("cachedb: cannot find backend name '%s'", backend_str); @@ -228,7 +238,7 @@ cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) return 1; } -int +int cachedb_init(struct module_env* env, int id) { struct cachedb_env* cachedb_env = (struct cachedb_env*)calloc(1, @@ -267,19 +277,16 @@ cachedb_init(struct module_env* env, int id) return 1; } -void +void cachedb_deinit(struct module_env* env, int id) { struct cachedb_env* cachedb_env; if(!env || !env->modinfo[id]) return; cachedb_env = (struct cachedb_env*)env->modinfo[id]; - /* free contents */ - /* TODO */ if(cachedb_env->enabled) { (*cachedb_env->backend->deinit)(env, cachedb_env); } - free(cachedb_env); env->modinfo[id] = NULL; } @@ -406,6 +413,14 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf) if(qstate->return_msg->rep->ttl == 0 && !qstate->env->cfg->serve_expired) return 0; + + /* The EDE is added to the out-list so it is encoded in the cached message */ + if (qstate->env->cfg->ede && qstate->return_msg->rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&edns.opt_list_out, qstate->env->scratch, + qstate->return_msg->rep->reason_bogus, + qstate->return_msg->rep->reason_bogus_str); + } + if(verbosity >= VERB_ALGO) log_dns_msg("cachedb encoding", &qstate->return_msg->qinfo, qstate->return_msg->rep); @@ -502,6 +517,7 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) { struct msg_parse* prs; struct edns_data edns; + struct edns_option* ede; uint64_t timestamp, expiry; time_t adjust; size_t lim = sldns_buffer_limit(buf); @@ -539,6 +555,24 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) if(!qstate->return_msg) return 0; + /* We find the EDE in the in-list after parsing */ + if(qstate->env->cfg->ede && + (ede = edns_opt_list_find(edns.opt_list_in, LDNS_EDNS_EDE))) { + if(ede->opt_len >= 2) { + qstate->return_msg->rep->reason_bogus = + sldns_read_uint16(ede->opt_data); + } + /* allocate space and store the error string and it's size */ + if(ede->opt_len > 2) { + size_t ede_len = ede->opt_len - 2; + qstate->return_msg->rep->reason_bogus_str = regional_alloc( + qstate->region, sizeof(char) * (ede_len+1)); + memcpy(qstate->return_msg->rep->reason_bogus_str, + ede->opt_data+2, ede_len); + qstate->return_msg->rep->reason_bogus_str[ede_len] = 0; + } + } + qstate->return_rcode = LDNS_RCODE_NOERROR; /* see how much of the TTL expired, and remove it */ @@ -630,11 +664,15 @@ cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) * See if unbound's internal cache can answer the query */ static int -cachedb_intcache_lookup(struct module_qstate* qstate) +cachedb_intcache_lookup(struct module_qstate* qstate, struct cachedb_env* cde) { uint8_t* dpname=NULL; size_t dpnamelen=0; struct dns_msg* msg; + /* for testframe bypass this lookup */ + if(cde->backend == &testframe_backend) { + return 0; + } if(iter_stub_fwd_no_cache(qstate, &qstate->qinfo, &dpname, &dpnamelen)) return 0; /* no cache for these queries */ @@ -693,6 +731,7 @@ cachedb_handle_query(struct module_qstate* qstate, struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) { + qstate->is_cachedb_answer = 0; /* check if we are enabled, and skip if so */ if(!ie->enabled) { /* pass request to next module */ @@ -709,7 +748,7 @@ cachedb_handle_query(struct module_qstate* qstate, /* lookup inside unbound's internal cache. * This does not look for expired entries. */ - if(cachedb_intcache_lookup(qstate)) { + if(cachedb_intcache_lookup(qstate, ie)) { if(verbosity >= VERB_ALGO) { if(qstate->return_msg->rep) log_dns_msg("cachedb internal cache lookup", @@ -746,6 +785,7 @@ cachedb_handle_query(struct module_qstate* qstate, qstate->ext_state[id] = module_wait_module; return; } + qstate->is_cachedb_answer = 1; /* we are done with the query */ qstate->ext_state[id] = module_finished; return; @@ -768,6 +808,7 @@ static void cachedb_handle_response(struct module_qstate* qstate, struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) { + qstate->is_cachedb_answer = 0; /* check if we are not enabled or instructed to not cache, and skip */ if(!ie->enabled || qstate->no_cache_store) { /* we are done with the query */ diff --git a/cachedb/redis.c b/cachedb/redis.c index 16c3741f786b..93a575a4c6d2 100644 --- a/cachedb/redis.c +++ b/cachedb/redis.c @@ -56,6 +56,8 @@ struct redis_moddata { int numctxs; /* number of ctx entries */ const char* server_host; /* server's IP address or host name */ int server_port; /* server's TCP port */ + const char* server_path; /* server's unix path, or "", NULL if unused */ + const char* server_password; /* server's AUTH password, or "", NULL if unused */ struct timeval timeout; /* timeout for connection setup and commands */ }; @@ -67,8 +69,13 @@ redis_connect(const struct redis_moddata* moddata) { redisContext* ctx; - ctx = redisConnectWithTimeout(moddata->server_host, - moddata->server_port, moddata->timeout); + if(moddata->server_path && moddata->server_path[0]!=0) { + ctx = redisConnectUnixWithTimeout(moddata->server_path, + moddata->timeout); + } else { + ctx = redisConnectWithTimeout(moddata->server_host, + moddata->server_port, moddata->timeout); + } if(!ctx || ctx->err) { const char *errstr = "out of memory"; if(ctx) @@ -80,6 +87,17 @@ redis_connect(const struct redis_moddata* moddata) log_err("failed to set redis timeout"); goto fail; } + if(moddata->server_password && moddata->server_password[0]!=0) { + redisReply* rep; + rep = redisCommand(ctx, "AUTH %s", moddata->server_password); + if(!rep || rep->type == REDIS_REPLY_ERROR) { + log_err("failed to authenticate with password"); + freeReplyObject(rep); + goto fail; + } + freeReplyObject(rep); + } + verbose(VERB_OPS, "Connection to Redis established"); return ctx; fail: @@ -94,7 +112,7 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) int i; struct redis_moddata* moddata = NULL; - verbose(VERB_ALGO, "redis_init"); + verbose(VERB_OPS, "Redis initialization"); moddata = calloc(1, sizeof(struct redis_moddata)); if(!moddata) { @@ -112,6 +130,8 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) * we don't have to free it in this module. */ moddata->server_host = env->cfg->redis_server_host; moddata->server_port = env->cfg->redis_server_port; + moddata->server_path = env->cfg->redis_server_path; + moddata->server_password = env->cfg->redis_server_password; moddata->timeout.tv_sec = env->cfg->redis_timeout / 1000; moddata->timeout.tv_usec = (env->cfg->redis_timeout % 1000) * 1000; for(i = 0; i < moddata->numctxs; i++) @@ -154,7 +174,7 @@ redis_deinit(struct module_env* env, struct cachedb_env* cachedb_env) cachedb_env->backend_data; (void)env; - verbose(VERB_ALGO, "redis_deinit"); + verbose(VERB_OPS, "Redis deinitialization"); if(!moddata) return; diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index 5e3b1cbbbd30..1ff8162917b3 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -47,7 +47,7 @@ #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final #else -#include "openssl/sha.h" +#include <openssl/sha.h> #endif #include <sys/vfs.h> diff --git a/config.guess b/config.guess index 980b02083815..b187213930f1 100755 --- a/config.guess +++ b/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2022 Free Software Foundation, Inc. +# Copyright 1992-2023 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2022-09-17' +timestamp='2023-07-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -47,7 +47,7 @@ me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] -Output the configuration name of the system \`$me' is run on. +Output the configuration name of the system '$me' is run on. Options: -h, --help print this help, then exit @@ -60,13 +60,13 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2022 Free Software Foundation, Inc. +Copyright 1992-2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" -Try \`$me --help' for more information." +Try '$me --help' for more information." # Parse command line while test $# -gt 0 ; do @@ -102,8 +102,8 @@ GUESS= # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. +# Historically, 'CC_FOR_BUILD' used to be named 'HOST_CC'. We still +# use 'HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. @@ -459,7 +459,7 @@ case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in UNAME_RELEASE=`uname -v` ;; esac - # Japanese Language versions have a version number like `4.1.3-JL'. + # Japanese Language versions have a version number like '4.1.3-JL'. SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'` GUESS=sparc-sun-sunos$SUN_REL ;; @@ -976,7 +976,27 @@ EOF GUESS=$UNAME_MACHINE-unknown-minix ;; aarch64:Linux:*:*) - GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + set_cc_for_build + CPU=$UNAME_MACHINE + LIBCABI=$LIBC + if test "$CC_FOR_BUILD" != no_compiler_found; then + ABI=64 + sed 's/^ //' << EOF > "$dummy.c" + #ifdef __ARM_EABI__ + #ifdef __ARM_PCS_VFP + ABI=eabihf + #else + ABI=eabi + #endif + #endif +EOF + cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'` + eval "$cc_set_abi" + case $ABI in + eabi | eabihf) CPU=armv8l; LIBCABI=$LIBC$ABI ;; + esac + fi + GUESS=$CPU-unknown-linux-$LIBCABI ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be @@ -1042,6 +1062,15 @@ EOF k1om:Linux:*:*) GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ;; + kvx:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + kvx:cos:*:*) + GUESS=$UNAME_MACHINE-unknown-cos + ;; + kvx:mbr:*:*) + GUESS=$UNAME_MACHINE-unknown-mbr + ;; loongarch32:Linux:*:* | loongarch64:Linux:*:*) GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ;; @@ -1197,7 +1226,7 @@ EOF GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION ;; i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility + # If we were able to find 'uname', then EMX Unix compatibility # is probably installed. GUESS=$UNAME_MACHINE-pc-os2-emx ;; @@ -1338,7 +1367,7 @@ EOF GUESS=ns32k-sni-sysv fi ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + PENTIUM:*:4.0*:*) # Unisys 'ClearPath HMP IX 4000' SVR4/MP effort # says <Richard.M.Bartel@ccMail.Census.GOV> GUESS=i586-unisys-sysv4 ;; diff --git a/config.h.in b/config.h.in index 2caecf30d040..f31354d01408 100644 --- a/config.h.in +++ b/config.h.in @@ -364,6 +364,9 @@ /* Define if we have LibreSSL */ #undef HAVE_LIBRESSL +/* Define to 1 if you have the <linux/net_tstamp.h> header file. */ +#undef HAVE_LINUX_NET_TSTAMP_H + /* Define to 1 if you have the `localtime_r' function. */ #undef HAVE_LOCALTIME_R @@ -1068,39 +1071,39 @@ #if defined(OMITTED__D_GNU_SOURCE) && !defined(_GNU_SOURCE) #define _GNU_SOURCE 1 -#endif +#endif #if defined(OMITTED__D_BSD_SOURCE) && !defined(_BSD_SOURCE) #define _BSD_SOURCE 1 -#endif +#endif #if defined(OMITTED__D_DEFAULT_SOURCE) && !defined(_DEFAULT_SOURCE) #define _DEFAULT_SOURCE 1 -#endif +#endif #if defined(OMITTED__D__EXTENSIONS__) && !defined(__EXTENSIONS__) #define __EXTENSIONS__ 1 -#endif +#endif #if defined(OMITTED__D_POSIX_C_SOURCE_200112) && !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112 -#endif +#endif #if defined(OMITTED__D_XOPEN_SOURCE_600) && !defined(_XOPEN_SOURCE) #define _XOPEN_SOURCE 600 -#endif +#endif #if defined(OMITTED__D_XOPEN_SOURCE_EXTENDED_1) && !defined(_XOPEN_SOURCE_EXTENDED) #define _XOPEN_SOURCE_EXTENDED 1 -#endif +#endif #if defined(OMITTED__D_ALL_SOURCE) && !defined(_ALL_SOURCE) #define _ALL_SOURCE 1 -#endif +#endif #if defined(OMITTED__D_LARGEFILE_SOURCE_1) && !defined(_LARGEFILE_SOURCE) #define _LARGEFILE_SOURCE 1 -#endif +#endif @@ -1184,7 +1187,7 @@ #endif - + #ifdef HAVE_ATTR_FORMAT # define ATTR_FORMAT(archetype, string_index, first_to_check) \ __attribute__ ((format (archetype, string_index, first_to_check))) @@ -1294,7 +1297,7 @@ void* reallocarray(void *ptr, size_t nmemb, size_t size); #ifdef HAVE_WINSOCK2_H #define FD_SET_T (u_int) #else -#define FD_SET_T +#define FD_SET_T #endif diff --git a/config.h.in~ b/config.h.in~ new file mode 100644 index 000000000000..f31354d01408 --- /dev/null +++ b/config.h.in~ @@ -0,0 +1,1456 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* apply the noreturn attribute to a function that exits the program */ +#undef ATTR_NORETURN + +/* apply the weak attribute to a symbol */ +#undef ATTR_WEAK + +/* Directory to chroot to */ +#undef CHROOT_DIR + +/* Define this to enable client subnet option. */ +#undef CLIENT_SUBNET + +/* Do sha512 definitions in config.h */ +#undef COMPAT_SHA512 + +/* Command line arguments used with configure */ +#undef CONFCMDLINE + +/* Pathname to the Unbound configuration file */ +#undef CONFIGFILE + +/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work + */ +#undef DARWIN_BROKEN_SETREUID + +/* Whether daemon is deprecated */ +#undef DEPRECATED_DAEMON + +/* Deprecate RSA 1024 bit length, makes that an unsupported key */ +#undef DEPRECATE_RSA_1024 + +/* Define this to enable kernel based UDP source port randomization. */ +#undef DISABLE_EXPLICIT_PORT_RANDOMISATION + +/* default dnstap socket path */ +#undef DNSTAP_SOCKET_PATH + +/* Define if you want to use debug lock checking (slow). */ +#undef ENABLE_LOCK_CHECKS + +/* Define this if you enabled-allsymbols from libunbound to link binaries to + it for smaller install size, but the libunbound export table is polluted by + internal symbols */ +#undef EXPORT_ALL_SYMBOLS + +/* Define to 1 if you have the `accept4' function. */ +#undef HAVE_ACCEPT4 + +/* Define to 1 if you have the `arc4random' function. */ +#undef HAVE_ARC4RANDOM + +/* Define to 1 if you have the `arc4random_uniform' function. */ +#undef HAVE_ARC4RANDOM_UNIFORM + +/* Define to 1 if you have the <arpa/inet.h> header file. */ +#undef HAVE_ARPA_INET_H + +/* Whether the C compiler accepts the "format" attribute */ +#undef HAVE_ATTR_FORMAT + +/* Whether the C compiler accepts the "noreturn" attribute */ +#undef HAVE_ATTR_NORETURN + +/* Whether the C compiler accepts the "unused" attribute */ +#undef HAVE_ATTR_UNUSED + +/* Whether the C compiler accepts the "weak" attribute */ +#undef HAVE_ATTR_WEAK + +/* If we have be64toh */ +#undef HAVE_BE64TOH + +/* Define to 1 if you have the `BIO_set_callback_ex' function. */ +#undef HAVE_BIO_SET_CALLBACK_EX + +/* Define to 1 if you have the <bsd/stdlib.h> header file. */ +#undef HAVE_BSD_STDLIB_H + +/* Define to 1 if you have the <bsd/string.h> header file. */ +#undef HAVE_BSD_STRING_H + +/* Define to 1 if you have the `chown' function. */ +#undef HAVE_CHOWN + +/* Define to 1 if you have the `chroot' function. */ +#undef HAVE_CHROOT + +/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ +#undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + +/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */ +#undef HAVE_CRYPTO_THREADID_SET_CALLBACK + +/* Define to 1 if you have the `ctime_r' function. */ +#undef HAVE_CTIME_R + +/* Define to 1 if you have the `daemon' function. */ +#undef HAVE_DAEMON + +/* Define to 1 if you have the declaration of `arc4random', and to 0 if you + don't. */ +#undef HAVE_DECL_ARC4RANDOM + +/* Define to 1 if you have the declaration of `arc4random_uniform', and to 0 + if you don't. */ +#undef HAVE_DECL_ARC4RANDOM_UNIFORM + +/* Define to 1 if you have the declaration of `evsignal_assign', and to 0 if + you don't. */ +#undef HAVE_DECL_EVSIGNAL_ASSIGN + +/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you + don't. */ +#undef HAVE_DECL_INET_NTOP + +/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you + don't. */ +#undef HAVE_DECL_INET_PTON + +/* Define to 1 if you have the declaration of `nghttp2_session_server_new', + and to 0 if you don't. */ +#undef HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW + +/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you + don't. */ +#undef HAVE_DECL_NID_ED25519 + +/* Define to 1 if you have the declaration of `NID_ED448', and to 0 if you + don't. */ +#undef HAVE_DECL_NID_ED448 + +/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you + don't. */ +#undef HAVE_DECL_NID_SECP384R1 + +/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0 + if you don't. */ +#undef HAVE_DECL_NID_X9_62_PRIME256V1 + +/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you + don't. */ +#undef HAVE_DECL_REALLOCARRAY + +/* Define to 1 if you have the declaration of `redisConnect', and to 0 if you + don't. */ +#undef HAVE_DECL_REDISCONNECT + +/* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 + if you don't. */ +#undef HAVE_DECL_SK_SSL_COMP_POP_FREE + +/* Define to 1 if you have the declaration of + `SSL_COMP_get_compression_methods', and to 0 if you don't. */ +#undef HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS + +/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to + 0 if you don't. */ +#undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO + +/* Define to 1 if you have the declaration of `strlcat', and to 0 if you + don't. */ +#undef HAVE_DECL_STRLCAT + +/* Define to 1 if you have the declaration of `strlcpy', and to 0 if you + don't. */ +#undef HAVE_DECL_STRLCPY + +/* Define to 1 if you have the declaration of `XML_StopParser', and to 0 if + you don't. */ +#undef HAVE_DECL_XML_STOPPARSER + +/* Define to 1 if you have the <dlfcn.h> header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the `DSA_SIG_set0' function. */ +#undef HAVE_DSA_SIG_SET0 + +/* Define to 1 if you have the <endian.h> header file. */ +#undef HAVE_ENDIAN_H + +/* Define to 1 if you have the `endprotoent' function. */ +#undef HAVE_ENDPROTOENT + +/* Define to 1 if you have the `endpwent' function. */ +#undef HAVE_ENDPWENT + +/* Define to 1 if you have the `endservent' function. */ +#undef HAVE_ENDSERVENT + +/* Define to 1 if you have the `ENGINE_cleanup' function. */ +#undef HAVE_ENGINE_CLEANUP + +/* Define to 1 if you have the `ERR_free_strings' function. */ +#undef HAVE_ERR_FREE_STRINGS + +/* Define to 1 if you have the `ERR_load_crypto_strings' function. */ +#undef HAVE_ERR_LOAD_CRYPTO_STRINGS + +/* Define to 1 if you have the `event_assign' function. */ +#undef HAVE_EVENT_ASSIGN + +/* Define to 1 if you have the `event_base_free' function. */ +#undef HAVE_EVENT_BASE_FREE + +/* Define to 1 if you have the `event_base_get_method' function. */ +#undef HAVE_EVENT_BASE_GET_METHOD + +/* Define to 1 if you have the `event_base_new' function. */ +#undef HAVE_EVENT_BASE_NEW + +/* Define to 1 if you have the `event_base_once' function. */ +#undef HAVE_EVENT_BASE_ONCE + +/* Define to 1 if you have the <event.h> header file. */ +#undef HAVE_EVENT_H + +/* Define to 1 if you have the `EVP_aes_256_cbc' function. */ +#undef HAVE_EVP_AES_256_CBC + +/* Define to 1 if you have the `EVP_cleanup' function. */ +#undef HAVE_EVP_CLEANUP + +/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled' + function. */ +#undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED + +/* Define to 1 if you have the `EVP_DigestVerify' function. */ +#undef HAVE_EVP_DIGESTVERIFY + +/* Define to 1 if you have the `EVP_dss1' function. */ +#undef HAVE_EVP_DSS1 + +/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */ +#undef HAVE_EVP_ENCRYPTINIT_EX + +/* Define to 1 if you have the `EVP_MAC_CTX_set_params' function. */ +#undef HAVE_EVP_MAC_CTX_SET_PARAMS + +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#undef HAVE_EVP_MD_CTX_NEW + +/* Define to 1 if you have the `EVP_sha1' function. */ +#undef HAVE_EVP_SHA1 + +/* Define to 1 if you have the `EVP_sha256' function. */ +#undef HAVE_EVP_SHA256 + +/* Define to 1 if you have the `EVP_sha512' function. */ +#undef HAVE_EVP_SHA512 + +/* Define to 1 if you have the `ev_default_loop' function. */ +#undef HAVE_EV_DEFAULT_LOOP + +/* Define to 1 if you have the `ev_loop' function. */ +#undef HAVE_EV_LOOP + +/* Define to 1 if you have the <expat.h> header file. */ +#undef HAVE_EXPAT_H + +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + +/* Define to 1 if you have the `fcntl' function. */ +#undef HAVE_FCNTL + +/* Define to 1 if you have the `FIPS_mode' function. */ +#undef HAVE_FIPS_MODE + +/* Define to 1 if you have the `fork' function. */ +#undef HAVE_FORK + +/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ +#undef HAVE_FSEEKO + +/* Define to 1 if you have the `fsync' function. */ +#undef HAVE_FSYNC + +/* Whether getaddrinfo is available */ +#undef HAVE_GETADDRINFO + +/* Define to 1 if you have the `getauxval' function. */ +#undef HAVE_GETAUXVAL + +/* Define to 1 if you have the `getentropy' function. */ +#undef HAVE_GETENTROPY + +/* Define to 1 if you have the `getifaddrs' function. */ +#undef HAVE_GETIFADDRS + +/* Define to 1 if you have the <getopt.h> header file. */ +#undef HAVE_GETOPT_H + +/* Define to 1 if you have the `getpwnam' function. */ +#undef HAVE_GETPWNAM + +/* Define to 1 if you have the `getrlimit' function. */ +#undef HAVE_GETRLIMIT + +/* Define to 1 if you have the `gettid' function. */ +#undef HAVE_GETTID + +/* Define to 1 if you have the `glob' function. */ +#undef HAVE_GLOB + +/* Define to 1 if you have the <glob.h> header file. */ +#undef HAVE_GLOB_H + +/* Define to 1 if you have the `gmtime_r' function. */ +#undef HAVE_GMTIME_R + +/* Define to 1 if you have the <grp.h> header file. */ +#undef HAVE_GRP_H + +/* Define to 1 if you have the <hiredis/hiredis.h> header file. */ +#undef HAVE_HIREDIS_HIREDIS_H + +/* Define to 1 if you have the `HMAC_Init_ex' function. */ +#undef HAVE_HMAC_INIT_EX + +/* If we have htobe64 */ +#undef HAVE_HTOBE64 + +/* Define to 1 if you have the <ifaddrs.h> header file. */ +#undef HAVE_IFADDRS_H + +/* Define to 1 if you have the `if_nametoindex' function. */ +#undef HAVE_IF_NAMETOINDEX + +/* Define to 1 if you have the `inet_aton' function. */ +#undef HAVE_INET_ATON + +/* Define to 1 if you have the `inet_ntop' function. */ +#undef HAVE_INET_NTOP + +/* Define to 1 if you have the `inet_pton' function. */ +#undef HAVE_INET_PTON + +/* Define to 1 if you have the `initgroups' function. */ +#undef HAVE_INITGROUPS + +/* Define to 1 if you have the <inttypes.h> header file. */ +#undef HAVE_INTTYPES_H + +/* if the function 'ioctlsocket' is available */ +#undef HAVE_IOCTLSOCKET + +/* Define to 1 if you have the <iphlpapi.h> header file. */ +#undef HAVE_IPHLPAPI_H + +/* Define to 1 if you have the `isblank' function. */ +#undef HAVE_ISBLANK + +/* Define to 1 if you have the `kill' function. */ +#undef HAVE_KILL + +/* Use portable libbsd functions */ +#undef HAVE_LIBBSD + +/* Define to 1 if you have the <libkern/OSByteOrder.h> header file. */ +#undef HAVE_LIBKERN_OSBYTEORDER_H + +/* Define if we have LibreSSL */ +#undef HAVE_LIBRESSL + +/* Define to 1 if you have the <linux/net_tstamp.h> header file. */ +#undef HAVE_LINUX_NET_TSTAMP_H + +/* Define to 1 if you have the `localtime_r' function. */ +#undef HAVE_LOCALTIME_R + +/* Define to 1 if you have the <login_cap.h> header file. */ +#undef HAVE_LOGIN_CAP_H + +/* If have GNU libc compatible malloc */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the `memmove' function. */ +#undef HAVE_MEMMOVE + +/* Define to 1 if you have the <memory.h> header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the <netdb.h> header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the <netinet/in.h> header file. */ +#undef HAVE_NETINET_IN_H + +/* Define to 1 if you have the <netinet/tcp.h> header file. */ +#undef HAVE_NETINET_TCP_H + +/* Define to 1 if you have the <netioapi.h> header file. */ +#undef HAVE_NETIOAPI_H + +/* Use libnettle for crypto */ +#undef HAVE_NETTLE + +/* Define to 1 if you have the <nettle/dsa-compat.h> header file. */ +#undef HAVE_NETTLE_DSA_COMPAT_H + +/* Define to 1 if you have the <nettle/eddsa.h> header file. */ +#undef HAVE_NETTLE_EDDSA_H + +/* Define to 1 if you have the <net/if.h> header file. */ +#undef HAVE_NET_IF_H + +/* Define this to use nghttp2 client. */ +#undef HAVE_NGHTTP2 + +/* Define to 1 if you have the <nghttp2/nghttp2.h> header file. */ +#undef HAVE_NGHTTP2_NGHTTP2_H + +/* Use libnss for crypto */ +#undef HAVE_NSS + +/* Define to 1 if you have the `OpenSSL_add_all_digests' function. */ +#undef HAVE_OPENSSL_ADD_ALL_DIGESTS + +/* Define to 1 if you have the <openssl/bn.h> header file. */ +#undef HAVE_OPENSSL_BN_H + +/* Define to 1 if you have the `OPENSSL_config' function. */ +#undef HAVE_OPENSSL_CONFIG + +/* Define to 1 if you have the <openssl/conf.h> header file. */ +#undef HAVE_OPENSSL_CONF_H + +/* Define to 1 if you have the <openssl/core_names.h> header file. */ +#undef HAVE_OPENSSL_CORE_NAMES_H + +/* Define to 1 if you have the <openssl/dh.h> header file. */ +#undef HAVE_OPENSSL_DH_H + +/* Define to 1 if you have the <openssl/dsa.h> header file. */ +#undef HAVE_OPENSSL_DSA_H + +/* Define to 1 if you have the <openssl/engine.h> header file. */ +#undef HAVE_OPENSSL_ENGINE_H + +/* Define to 1 if you have the <openssl/err.h> header file. */ +#undef HAVE_OPENSSL_ERR_H + +/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ +#undef HAVE_OPENSSL_INIT_CRYPTO + +/* Define to 1 if you have the `OPENSSL_init_ssl' function. */ +#undef HAVE_OPENSSL_INIT_SSL + +/* Define to 1 if you have the <openssl/param_build.h> header file. */ +#undef HAVE_OPENSSL_PARAM_BUILD_H + +/* Define to 1 if you have the <openssl/rand.h> header file. */ +#undef HAVE_OPENSSL_RAND_H + +/* Define to 1 if you have the <openssl/rsa.h> header file. */ +#undef HAVE_OPENSSL_RSA_H + +/* Define to 1 if you have the <openssl/ssl.h> header file. */ +#undef HAVE_OPENSSL_SSL_H + +/* Define to 1 if you have the `OSSL_PARAM_BLD_new' function. */ +#undef HAVE_OSSL_PARAM_BLD_NEW + +/* Define to 1 if you have the `poll' function. */ +#undef HAVE_POLL + +/* Define to 1 if you have the <poll.h> header file. */ +#undef HAVE_POLL_H + +/* Define if you have POSIX threads libraries and header files. */ +#undef HAVE_PTHREAD + +/* Have PTHREAD_PRIO_INHERIT. */ +#undef HAVE_PTHREAD_PRIO_INHERIT + +/* Define to 1 if the system has the type `pthread_rwlock_t'. */ +#undef HAVE_PTHREAD_RWLOCK_T + +/* Define to 1 if the system has the type `pthread_spinlock_t'. */ +#undef HAVE_PTHREAD_SPINLOCK_T + +/* Define to 1 if you have the <pwd.h> header file. */ +#undef HAVE_PWD_H + +/* Define if you have Python libraries and header files. */ +#undef HAVE_PYTHON + +/* Define to 1 if you have the `random' function. */ +#undef HAVE_RANDOM + +/* Define to 1 if you have the `RAND_cleanup' function. */ +#undef HAVE_RAND_CLEANUP + +/* If we have reallocarray(3) */ +#undef HAVE_REALLOCARRAY + +/* Define to 1 if you have the `recvmsg' function. */ +#undef HAVE_RECVMSG + +/* Define to 1 if you have the `sendmsg' function. */ +#undef HAVE_SENDMSG + +/* Define to 1 if you have the `setregid' function. */ +#undef HAVE_SETREGID + +/* Define to 1 if you have the `setresgid' function. */ +#undef HAVE_SETRESGID + +/* Define to 1 if you have the `setresuid' function. */ +#undef HAVE_SETRESUID + +/* Define to 1 if you have the `setreuid' function. */ +#undef HAVE_SETREUID + +/* Define to 1 if you have the `setrlimit' function. */ +#undef HAVE_SETRLIMIT + +/* Define to 1 if you have the `setsid' function. */ +#undef HAVE_SETSID + +/* Define to 1 if you have the `setusercontext' function. */ +#undef HAVE_SETUSERCONTEXT + +/* Define to 1 if you have the `SHA512_Update' function. */ +#undef HAVE_SHA512_UPDATE + +/* Define to 1 if you have the `shmget' function. */ +#undef HAVE_SHMGET + +/* Define to 1 if you have the `sigprocmask' function. */ +#undef HAVE_SIGPROCMASK + +/* Define to 1 if you have the `sleep' function. */ +#undef HAVE_SLEEP + +/* Define to 1 if you have the `snprintf' function. */ +#undef HAVE_SNPRINTF + +/* Define to 1 if you have the `socketpair' function. */ +#undef HAVE_SOCKETPAIR + +/* Using Solaris threads */ +#undef HAVE_SOLARIS_THREADS + +/* Define to 1 if you have the `srandom' function. */ +#undef HAVE_SRANDOM + +/* Define if you have the SSL libraries installed. */ +#undef HAVE_SSL + +/* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_PROTOS + +/* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB + +/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ +#undef HAVE_SSL_CTX_SET_CIPHERSUITES + +/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ +#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL + +/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_evp_cb' + function. */ +#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + +/* Define to 1 if you have the `SSL_get0_alpn_selected' function. */ +#undef HAVE_SSL_GET0_ALPN_SELECTED + +/* Define to 1 if you have the `SSL_get0_peername' function. */ +#undef HAVE_SSL_GET0_PEERNAME + +/* Define to 1 if you have the `SSL_get1_peer_certificate' function. */ +#undef HAVE_SSL_GET1_PEER_CERTIFICATE + +/* Define to 1 if you have the `SSL_set1_host' function. */ +#undef HAVE_SSL_SET1_HOST + +/* Define to 1 if you have the <stdarg.h> header file. */ +#undef HAVE_STDARG_H + +/* Define to 1 if you have the <stdbool.h> header file. */ +#undef HAVE_STDBOOL_H + +/* Define to 1 if you have the <stdint.h> header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the <stdlib.h> header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strftime' function. */ +#undef HAVE_STRFTIME + +/* Define to 1 if you have the <strings.h> header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the <string.h> header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strlcat' function. */ +#undef HAVE_STRLCAT + +/* Define to 1 if you have the `strlcpy' function. */ +#undef HAVE_STRLCPY + +/* Define to 1 if you have the `strptime' function. */ +#undef HAVE_STRPTIME + +/* Define to 1 if you have the `strsep' function. */ +#undef HAVE_STRSEP + +/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */ +#undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST + +/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */ +#undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN + +/* Define if you have Swig libraries and header files. */ +#undef HAVE_SWIG + +/* Define to 1 if you have the <syslog.h> header file. */ +#undef HAVE_SYSLOG_H + +/* Define to 1 if systemd should be used */ +#undef HAVE_SYSTEMD + +/* Define to 1 if you have the <sys/endian.h> header file. */ +#undef HAVE_SYS_ENDIAN_H + +/* Define to 1 if you have the <sys/ipc.h> header file. */ +#undef HAVE_SYS_IPC_H + +/* Define to 1 if you have the <sys/param.h> header file. */ +#undef HAVE_SYS_PARAM_H + +/* Define to 1 if you have the <sys/resource.h> header file. */ +#undef HAVE_SYS_RESOURCE_H + +/* Define to 1 if you have the <sys/select.h> header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define to 1 if you have the <sys/sha2.h> header file. */ +#undef HAVE_SYS_SHA2_H + +/* Define to 1 if you have the <sys/shm.h> header file. */ +#undef HAVE_SYS_SHM_H + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the <sys/sysctl.h> header file. */ +#undef HAVE_SYS_SYSCTL_H + +/* Define to 1 if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the <sys/uio.h> header file. */ +#undef HAVE_SYS_UIO_H + +/* Define to 1 if you have the <sys/un.h> header file. */ +#undef HAVE_SYS_UN_H + +/* Define to 1 if you have the <sys/wait.h> header file. */ +#undef HAVE_SYS_WAIT_H + +/* Define to 1 if you have the <TargetConditionals.h> header file. */ +#undef HAVE_TARGETCONDITIONALS_H + +/* Define to 1 if you have the <time.h> header file. */ +#undef HAVE_TIME_H + +/* Define to 1 if you have the `tzset' function. */ +#undef HAVE_TZSET + +/* Define to 1 if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `usleep' function. */ +#undef HAVE_USLEEP + +/* Define to 1 if you have the `vfork' function. */ +#undef HAVE_VFORK + +/* Define to 1 if you have the <vfork.h> header file. */ +#undef HAVE_VFORK_H + +/* Define to 1 if you have the <windows.h> header file. */ +#undef HAVE_WINDOWS_H + +/* Using Windows threads */ +#undef HAVE_WINDOWS_THREADS + +/* Define to 1 if you have the <winsock2.h> header file. */ +#undef HAVE_WINSOCK2_H + +/* Define to 1 if `fork' works. */ +#undef HAVE_WORKING_FORK + +/* Define to 1 if `vfork' works. */ +#undef HAVE_WORKING_VFORK + +/* Define to 1 if you have the `writev' function. */ +#undef HAVE_WRITEV + +/* Define to 1 if you have the <ws2tcpip.h> header file. */ +#undef HAVE_WS2TCPIP_H + +/* Define to 1 if you have the `X509_VERIFY_PARAM_set1_host' function. */ +#undef HAVE_X509_VERIFY_PARAM_SET1_HOST + +/* Define to 1 if you have the `_beginthreadex' function. */ +#undef HAVE__BEGINTHREADEX + +/* If HMAC_Init_ex() returns void */ +#undef HMAC_INIT_EX_RETURNS_VOID + +/* if lex has yylex_destroy */ +#undef LEX_HAS_YYLEX_DESTROY + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#undef LT_OBJDIR + +/* Define to the maximum message length to pass to syslog. */ +#undef MAXSYSLOGMSGLEN + +/* Define if memcmp() does not compare unsigned bytes */ +#undef MEMCMP_IS_BROKEN + +/* Define if mkdir has one argument. */ +#undef MKDIR_HAS_ONE_ARG + +/* Define if the network stack does not fully support nonblocking io (causes + lower performance). */ +#undef NONBLOCKING_IS_BROKEN + +/* Put -D_ALL_SOURCE define in config.h */ +#undef OMITTED__D_ALL_SOURCE + +/* Put -D_BSD_SOURCE define in config.h */ +#undef OMITTED__D_BSD_SOURCE + +/* Put -D_DEFAULT_SOURCE define in config.h */ +#undef OMITTED__D_DEFAULT_SOURCE + +/* Put -D_GNU_SOURCE define in config.h */ +#undef OMITTED__D_GNU_SOURCE + +/* Put -D_LARGEFILE_SOURCE=1 define in config.h */ +#undef OMITTED__D_LARGEFILE_SOURCE_1 + +/* Put -D_POSIX_C_SOURCE=200112 define in config.h */ +#undef OMITTED__D_POSIX_C_SOURCE_200112 + +/* Put -D_XOPEN_SOURCE=600 define in config.h */ +#undef OMITTED__D_XOPEN_SOURCE_600 + +/* Put -D_XOPEN_SOURCE_EXTENDED=1 define in config.h */ +#undef OMITTED__D_XOPEN_SOURCE_EXTENDED_1 + +/* Put -D__EXTENSIONS__ define in config.h */ +#undef OMITTED__D__EXTENSIONS__ + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* default pidfile location */ +#undef PIDFILE + +/* Define to necessary symbol if this constant uses a non-standard name on + your system. */ +#undef PTHREAD_CREATE_JOINABLE + +/* Return type of signal handlers, but autoconf 2.70 says 'your code may + safely assume C89 semantics that RETSIGTYPE is void.' */ +#undef RETSIGTYPE + +/* if REUSEPORT is enabled by default */ +#undef REUSEPORT_DEFAULT + +/* default rootkey location */ +#undef ROOT_ANCHOR_FILE + +/* default rootcert location */ +#undef ROOT_CERT_FILE + +/* version number for resource files */ +#undef RSRC_PACKAGE_VERSION + +/* Directory to chdir to */ +#undef RUN_DIR + +/* Shared data */ +#undef SHARE_DIR + +/* The size of `pthread_t', as computed by sizeof. */ +#undef SIZEOF_PTHREAD_T + +/* The size of `size_t', as computed by sizeof. */ +#undef SIZEOF_SIZE_T + +/* The size of `time_t', as computed by sizeof. */ +#undef SIZEOF_TIME_T + +/* The size of `unsigned long', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG + +/* define if (v)snprintf does not return length needed, (but length used) */ +#undef SNPRINTF_RET_BROKEN + +/* Define to 1 if libsodium supports sodium_set_misuse_handler */ +#undef SODIUM_MISUSE_HANDLER + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* use default strptime. */ +#undef STRPTIME_WORKS + +/* Use win32 resources and API */ +#undef UB_ON_WINDOWS + +/* the SYSLOG_FACILITY to use, default LOG_DAEMON */ +#undef UB_SYSLOG_FACILITY + +/* default username */ +#undef UB_USERNAME + +/* use to enable lightweight alloc assertions, for debug use */ +#undef UNBOUND_ALLOC_LITE + +/* use malloc not regions, for debug use */ +#undef UNBOUND_ALLOC_NONREGIONAL + +/* use statistics for allocs and frees, for debug use */ +#undef UNBOUND_ALLOC_STATS + +/* define this to enable debug checks. */ +#undef UNBOUND_DEBUG + +/* Define to 1 to use cachedb support */ +#undef USE_CACHEDB + +/* Define to 1 to enable dnscrypt support */ +#undef USE_DNSCRYPT + +/* Define to 1 to enable dnscrypt with xchacha20 support */ +#undef USE_DNSCRYPT_XCHACHA20 + +/* Define to 1 to enable dnstap support */ +#undef USE_DNSTAP + +/* Define this to enable DSA support. */ +#undef USE_DSA + +/* Define this to enable ECDSA support. */ +#undef USE_ECDSA + +/* Define this to enable an EVP workaround for older openssl */ +#undef USE_ECDSA_EVP_WORKAROUND + +/* Define this to enable ED25519 support. */ +#undef USE_ED25519 + +/* Define this to enable ED448 support. */ +#undef USE_ED448 + +/* Define this to enable GOST support. */ +#undef USE_GOST + +/* Define to 1 to use ipsecmod support. */ +#undef USE_IPSECMOD + +/* Define to 1 to use ipset support */ +#undef USE_IPSET + +/* Define if you enable libevent */ +#undef USE_LIBEVENT + +/* Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a + default outgoing port range. This is only for the libunbound on Linux and + does not affect unbound resolving daemon itself. This may severely limit + the number of available outgoing ports and thus decrease randomness. Define + this only when the target system restricts (e.g. some of SELinux enabled + distributions) the use of non-ephemeral ports. */ +#undef USE_LINUX_IP_LOCAL_PORT_RANGE + +/* Define if you want to use internal select based events */ +#undef USE_MINI_EVENT + +/* Define this to enable client TCP Fast Open. */ +#undef USE_MSG_FASTOPEN + +/* Define this to enable client TCP Fast Open. */ +#undef USE_OSX_MSG_FASTOPEN + +/* Define this to use hiredis client. */ +#undef USE_REDIS + +/* Define this to enable SHA1 support. */ +#undef USE_SHA1 + +/* Define this to enable SHA256 and SHA512 support. */ +#undef USE_SHA2 + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# undef _GNU_SOURCE +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# undef _POSIX_PTHREAD_SEMANTICS +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# undef _TANDEM_SOURCE +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif + + +/* Define this to enable server TCP Fast Open. */ +#undef USE_TCP_FASTOPEN + +/* Whether the windows socket API is used */ +#undef USE_WINSOCK + +/* the version of the windows API enabled */ +#undef WINVER + +/* Define if you want dynlib module. */ +#undef WITH_DYNLIBMODULE + +/* Define if you want Python module. */ +#undef WITH_PYTHONMODULE + +/* Define if you want PyUnbound. */ +#undef WITH_PYUNBOUND + +/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a + `char[]'. */ +#undef YYTEXT_POINTER + +/* Enable large inode numbers on Mac OS X 10.5. */ +#ifndef _DARWIN_USE_64_BIT_INODE +# define _DARWIN_USE_64_BIT_INODE 1 +#endif + +/* Number of bits in a file offset, on hosts where this is settable. */ +#undef _FILE_OFFSET_BITS + +/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ +#undef _LARGEFILE_SOURCE + +/* Define for large files, on AIX-style hosts. */ +#undef _LARGE_FILES + +/* Define to 1 if on MINIX. */ +#undef _MINIX + +/* Enable for compile on Minix */ +#undef _NETBSD_SOURCE + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +#undef _POSIX_1_SOURCE + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +#undef _POSIX_SOURCE + +/* defined to use gcc ansi snprintf and sscanf that understands %lld when + compiled for windows. */ +#undef __USE_MINGW_ANSI_STDIO + +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef gid_t + +/* in_addr_t */ +#undef in_addr_t + +/* in_port_t */ +#undef in_port_t + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Define to `short' if <sys/types.h> does not define. */ +#undef int16_t + +/* Define to `int' if <sys/types.h> does not define. */ +#undef int32_t + +/* Define to `long long' if <sys/types.h> does not define. */ +#undef int64_t + +/* Define to `signed char' if <sys/types.h> does not define. */ +#undef int8_t + +/* Define if replacement function should be used. */ +#undef malloc + +/* Define to `long int' if <sys/types.h> does not define. */ +#undef off_t + +/* Define to `int' if <sys/types.h> does not define. */ +#undef pid_t + +/* Define to 'int' if not defined */ +#undef rlim_t + +/* Define to `unsigned int' if <sys/types.h> does not define. */ +#undef size_t + +/* Define to 'int' if not defined */ +#undef socklen_t + +/* Define to `int' if <sys/types.h> does not define. */ +#undef ssize_t + +/* Define to 'unsigned char if not defined */ +#undef u_char + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef uid_t + +/* Define to `unsigned short' if <sys/types.h> does not define. */ +#undef uint16_t + +/* Define to `unsigned int' if <sys/types.h> does not define. */ +#undef uint32_t + +/* Define to `unsigned long long' if <sys/types.h> does not define. */ +#undef uint64_t + +/* Define to `unsigned char' if <sys/types.h> does not define. */ +#undef uint8_t + +/* Define as `fork' if `vfork' does not work. */ +#undef vfork + +#if defined(OMITTED__D_GNU_SOURCE) && !defined(_GNU_SOURCE) +#define _GNU_SOURCE 1 +#endif + +#if defined(OMITTED__D_BSD_SOURCE) && !defined(_BSD_SOURCE) +#define _BSD_SOURCE 1 +#endif + +#if defined(OMITTED__D_DEFAULT_SOURCE) && !defined(_DEFAULT_SOURCE) +#define _DEFAULT_SOURCE 1 +#endif + +#if defined(OMITTED__D__EXTENSIONS__) && !defined(__EXTENSIONS__) +#define __EXTENSIONS__ 1 +#endif + +#if defined(OMITTED__D_POSIX_C_SOURCE_200112) && !defined(_POSIX_C_SOURCE) +#define _POSIX_C_SOURCE 200112 +#endif + +#if defined(OMITTED__D_XOPEN_SOURCE_600) && !defined(_XOPEN_SOURCE) +#define _XOPEN_SOURCE 600 +#endif + +#if defined(OMITTED__D_XOPEN_SOURCE_EXTENDED_1) && !defined(_XOPEN_SOURCE_EXTENDED) +#define _XOPEN_SOURCE_EXTENDED 1 +#endif + +#if defined(OMITTED__D_ALL_SOURCE) && !defined(_ALL_SOURCE) +#define _ALL_SOURCE 1 +#endif + +#if defined(OMITTED__D_LARGEFILE_SOURCE_1) && !defined(_LARGEFILE_SOURCE) +#define _LARGEFILE_SOURCE 1 +#endif + + + + +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif + +#ifndef UNBOUND_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +/** Use small-ldns codebase */ +#define USE_SLDNS 1 +#ifdef HAVE_SSL +# define LDNS_BUILD_CONFIG_HAVE_SSL 1 +#endif + +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <assert.h> + +#if STDC_HEADERS +#include <stdlib.h> +#include <stddef.h> +#endif + +#ifdef HAVE_STDARG_H +#include <stdarg.h> +#endif + +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif + +#include <errno.h> + +#if HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +#ifdef HAVE_SYS_UIO_H +#include <sys/uio.h> +#endif + +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_NETINET_TCP_H +#include <netinet/tcp.h> +#endif + +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +#ifdef HAVE_WINSOCK2_H +#include <winsock2.h> +#endif + +#ifdef HAVE_WS2TCPIP_H +#include <ws2tcpip.h> +#endif + +#if !defined(USE_WINSOCK) || !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) || defined(__USE_MINGW_ANSI_STDIO) +#define ARG_LL "%ll" +#else +#define ARG_LL "%I64" +#endif + +#ifndef AF_LOCAL +#define AF_LOCAL AF_UNIX +#endif + + + +#ifdef HAVE_ATTR_FORMAT +# define ATTR_FORMAT(archetype, string_index, first_to_check) \ + __attribute__ ((format (archetype, string_index, first_to_check))) +#else /* !HAVE_ATTR_FORMAT */ +# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ +#endif /* !HAVE_ATTR_FORMAT */ + + +#if defined(DOXYGEN) +# define ATTR_UNUSED(x) x +#elif defined(__cplusplus) +# define ATTR_UNUSED(x) +#elif defined(HAVE_ATTR_UNUSED) +# define ATTR_UNUSED(x) x __attribute__((unused)) +#else /* !HAVE_ATTR_UNUSED */ +# define ATTR_UNUSED(x) x +#endif /* !HAVE_ATTR_UNUSED */ + + +#ifndef HAVE_FSEEKO +#define fseeko fseek +#define ftello ftell +#endif /* HAVE_FSEEKO */ + + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 256 +#endif + +#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) +#define snprintf snprintf_unbound +#define vsnprintf vsnprintf_unbound +#include <stdarg.h> +int snprintf (char *str, size_t count, const char *fmt, ...); +int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); +#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */ + +#ifndef HAVE_INET_PTON +#define inet_pton inet_pton_unbound +int inet_pton(int af, const char* src, void* dst); +#endif /* HAVE_INET_PTON */ + + +#ifndef HAVE_INET_NTOP +#define inet_ntop inet_ntop_unbound +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif + + +#ifndef HAVE_INET_ATON +#define inet_aton inet_aton_unbound +int inet_aton(const char *cp, struct in_addr *addr); +#endif + + +#ifndef HAVE_MEMMOVE +#define memmove memmove_unbound +void *memmove(void *dest, const void *src, size_t n); +#endif + + +#ifndef HAVE_STRLCAT +#define strlcat strlcat_unbound +size_t strlcat(char *dst, const char *src, size_t siz); +#endif + + +#ifndef HAVE_STRLCPY +#define strlcpy strlcpy_unbound +size_t strlcpy(char *dst, const char *src, size_t siz); +#endif + + +#ifndef HAVE_GMTIME_R +#define gmtime_r gmtime_r_unbound +struct tm *gmtime_r(const time_t *timep, struct tm *result); +#endif + + +#ifndef HAVE_REALLOCARRAY +#define reallocarray reallocarrayunbound +void* reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + + +#if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) +#define sleep(x) Sleep((x)*1000) /* on win32 */ +#endif /* HAVE_SLEEP */ + + +#ifndef HAVE_USLEEP +#define usleep(x) Sleep((x)/1000 + 1) /* on win32 */ +#endif /* HAVE_USLEEP */ + + +#ifndef HAVE_RANDOM +#define random rand /* on win32, for tests only (bad random) */ +#endif /* HAVE_RANDOM */ + + +#ifndef HAVE_SRANDOM +#define srandom(x) srand(x) /* on win32, for tests only (bad random) */ +#endif /* HAVE_SRANDOM */ + + +/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ +#ifdef HAVE_WINSOCK2_H +#define FD_SET_T (u_int) +#else +#define FD_SET_T +#endif + + +#ifndef IPV6_MIN_MTU +#define IPV6_MIN_MTU 1280 +#endif /* IPV6_MIN_MTU */ + + +#ifdef MEMCMP_IS_BROKEN +#include "compat/memcmp.h" +#define memcmp memcmp_unbound +int memcmp(const void *x, const void *y, size_t n); +#endif + + + +#ifndef HAVE_CTIME_R +#define ctime_r unbound_ctime_r +char *ctime_r(const time_t *timep, char *buf); +#endif + +#ifndef HAVE_STRSEP +#define strsep unbound_strsep +char *strsep(char **stringp, const char *delim); +#endif + +#ifndef HAVE_ISBLANK +#define isblank unbound_isblank +int isblank(int c); +#endif + +#ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero unbound_explicit_bzero +void explicit_bzero(void* buf, size_t len); +#endif + +#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif + +#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON +int inet_pton(int af, const char* src, void* dst); +#endif + +#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) +#define strptime unbound_strptime +struct tm; +char *strptime(const char *s, const char *format, struct tm *tm); +#endif + +#if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + +#ifdef HAVE_LIBBSD +#include <bsd/string.h> +#include <bsd/stdlib.h> +#endif + +#ifdef HAVE_LIBRESSL +# if !HAVE_DECL_STRLCPY +size_t strlcpy(char *dst, const char *src, size_t siz); +# endif +# if !HAVE_DECL_STRLCAT +size_t strlcat(char *dst, const char *src, size_t siz); +# endif +# if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM) +uint32_t arc4random(void); +# endif +# if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) +uint32_t arc4random_uniform(uint32_t upper_bound); +# endif +#endif /* HAVE_LIBRESSL */ +#ifndef HAVE_ARC4RANDOM +int getentropy(void* buf, size_t len); +uint32_t arc4random(void); +void arc4random_buf(void* buf, size_t n); +void _ARC4_LOCK(void); +void _ARC4_UNLOCK(void); +void _ARC4_LOCK_DESTROY(void); +#endif +#ifndef HAVE_ARC4RANDOM_UNIFORM +uint32_t arc4random_uniform(uint32_t upper_bound); +#endif +#ifdef COMPAT_SHA512 +#ifndef SHA512_DIGEST_LENGTH +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) +typedef struct _SHA512_CTX { + uint64_t state[8]; + uint64_t bitcount[2]; + uint8_t buffer[SHA512_BLOCK_LENGTH]; +} SHA512_CTX; +#endif /* SHA512_DIGEST_LENGTH */ +void SHA512_Init(SHA512_CTX*); +void SHA512_Update(SHA512_CTX*, void*, size_t); +void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*); +unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest); +#endif /* COMPAT_SHA512 */ + + + +#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS)) + /* using version of libevent that is not threadsafe. */ +# define LIBEVENT_SIGNAL_PROBLEM 1 +#endif + +#ifndef CHECKED_INET6 +# define CHECKED_INET6 +# ifdef AF_INET6 +# define INET6 +# else +# define AF_INET6 28 +# endif +#endif /* CHECKED_INET6 */ + +#ifndef HAVE_GETADDRINFO +struct sockaddr_storage; +#include "compat/fake-rfc2553.h" +#endif + +#ifdef UNBOUND_ALLOC_STATS +# define malloc(s) unbound_stat_malloc_log(s, __FILE__, __LINE__, __func__) +# define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__) +# define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__) +# define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__) +void *unbound_stat_malloc(size_t size); +void *unbound_stat_calloc(size_t nmemb, size_t size); +void unbound_stat_free(void *ptr); +void *unbound_stat_realloc(void *ptr, size_t size); +void *unbound_stat_malloc_log(size_t size, const char* file, int line, + const char* func); +void *unbound_stat_calloc_log(size_t nmemb, size_t size, const char* file, + int line, const char* func); +void unbound_stat_free_log(void *ptr, const char* file, int line, + const char* func); +void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, + int line, const char* func); +#elif defined(UNBOUND_ALLOC_LITE) +# include "util/alloc.h" +#endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */ + +/** default port for DNS traffic. */ +#define UNBOUND_DNS_PORT 53 +/** default port for DNS over TLS traffic. */ +#define UNBOUND_DNS_OVER_TLS_PORT 853 +/** default port for DNS over HTTPS traffic. */ +#define UNBOUND_DNS_OVER_HTTPS_PORT 443 +/** default port for unbound control traffic, registered port with IANA, + ub-dns-control 8953/tcp unbound dns nameserver control */ +#define UNBOUND_CONTROL_PORT 8953 +/** the version of unbound-control that this software implements */ +#define UNBOUND_CONTROL_VERSION 1 + + diff --git a/config.sub b/config.sub index baf1512b3c03..6ae25027537a 100755 --- a/config.sub +++ b/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2022 Free Software Foundation, Inc. +# Copyright 1992-2023 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2022-09-17' +timestamp='2023-07-31' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -76,13 +76,13 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright 1992-2022 Free Software Foundation, Inc. +Copyright 1992-2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" -Try \`$me --help' for more information." +Try '$me --help' for more information." # Parse command line while test $# -gt 0 ; do @@ -130,7 +130,7 @@ IFS=$saved_IFS # Separate into logical components for further validation case $1 in *-*-*-*-*) - echo Invalid configuration \`"$1"\': more than four components >&2 + echo "Invalid configuration '$1': more than four components" >&2 exit 1 ;; *-*-*-*) @@ -145,7 +145,8 @@ case $1 in nto-qnx* | linux-* | uclinux-uclibc* \ | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ - | storm-chaos* | os2-emx* | rtmk-nova* | managarm-*) + | storm-chaos* | os2-emx* | rtmk-nova* | managarm-* \ + | windows-* ) basic_machine=$field1 basic_os=$maybe_os ;; @@ -943,7 +944,7 @@ $basic_machine EOF IFS=$saved_IFS ;; - # We use `pc' rather than `unknown' + # We use 'pc' rather than 'unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) @@ -1075,7 +1076,7 @@ case $cpu-$vendor in pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) cpu=i586 ;; - pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*) + pentiumpro-* | p6-* | 6x86-* | athlon-* | athlon_*-*) cpu=i686 ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) @@ -1205,6 +1206,7 @@ case $cpu-$vendor in | i370 | i*86 | i860 | i960 | ia16 | ia64 \ | ip2k | iq2000 \ | k1om \ + | kvx \ | le32 | le64 \ | lm32 \ | loongarch32 | loongarch64 \ @@ -1213,31 +1215,7 @@ case $cpu-$vendor in | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \ | m88110 | m88k | maxq | mb | mcore | mep | metag \ | microblaze | microblazeel \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64eb | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa32r3 | mipsisa32r3el \ - | mipsisa32r5 | mipsisa32r5el \ - | mipsisa32r6 | mipsisa32r6el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64r3 | mipsisa64r3el \ - | mipsisa64r5 | mipsisa64r5el \ - | mipsisa64r6 | mipsisa64r6el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ + | mips* \ | mmix \ | mn10200 | mn10300 \ | moxie \ @@ -1285,7 +1263,7 @@ case $cpu-$vendor in ;; *) - echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2 + echo "Invalid configuration '$1': machine '$cpu-$vendor' not recognized" 1>&2 exit 1 ;; esac @@ -1732,7 +1710,7 @@ case $os in | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \ | hiux* | abug | nacl* | netware* | windows* \ - | os9* | macos* | osx* | ios* \ + | os9* | macos* | osx* | ios* | tvos* | watchos* \ | mpw* | magic* | mmixware* | mon960* | lnews* \ | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ | aos* | aros* | cloudabi* | sortix* | twizzler* \ @@ -1758,7 +1736,7 @@ case $os in | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \ - | fiwix* | mlibc* ) + | fiwix* | mlibc* | cos* | mbr* ) ;; # This one is extra strict with allowed versions sco3.2v2 | sco3.2v[4-9]* | sco5v6*) @@ -1766,11 +1744,11 @@ case $os in ;; none) ;; - kernel* ) + kernel* | msvc* ) # Restricted further below ;; *) - echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2 + echo "Invalid configuration '$1': OS '$os' not recognized" 1>&2 exit 1 ;; esac @@ -1785,18 +1763,24 @@ case $kernel-$os in ;; managarm-mlibc* | managarm-kernel* ) ;; + windows*-gnu* | windows*-msvc*) + ;; -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* | -mlibc* ) # These are just libc implementations, not actual OSes, and thus # require a kernel. - echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 + echo "Invalid configuration '$1': libc '$os' needs explicit kernel." 1>&2 exit 1 ;; -kernel* ) - echo "Invalid configuration \`$1': \`$os' needs explicit kernel." 1>&2 + echo "Invalid configuration '$1': '$os' needs explicit kernel." 1>&2 exit 1 ;; *-kernel* ) - echo "Invalid configuration \`$1': \`$kernel' does not support \`$os'." 1>&2 + echo "Invalid configuration '$1': '$kernel' does not support '$os'." 1>&2 + exit 1 + ;; + *-msvc* ) + echo "Invalid configuration '$1': '$os' needs 'windows'." 1>&2 exit 1 ;; kfreebsd*-gnu* | kopensolaris*-gnu*) @@ -1809,11 +1793,15 @@ case $kernel-$os in ;; *-eabi* | *-gnueabi*) ;; + none-coff* | none-elf*) + # None (no kernel, i.e. freestanding / bare metal), + # can be paired with an output format "OS" + ;; -*) # Blank kernel with real OS is always fine. ;; *-*) - echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 + echo "Invalid configuration '$1': Kernel '$kernel' not known to work with OS '$os'." 1>&2 exit 1 ;; esac diff --git a/configure b/configure index 5823e49f2f80..a77094ff7671 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.17.1. +# Generated by GNU Autoconf 2.69 for unbound 1.18.0. # # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.17.1' -PACKAGE_STRING='unbound 1.17.1' +PACKAGE_VERSION='1.18.0' +PACKAGE_STRING='unbound 1.18.0' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.17.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.18.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1543,7 +1543,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.17.1:";; + short | recursive ) echo "Configuration of unbound 1.18.0:";; esac cat <<\_ACEOF @@ -1785,7 +1785,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.17.1 +unbound configure 1.18.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.17.1, which was +It was created by unbound $as_me 1.18.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2844,13 +2844,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=17 +UNBOUND_VERSION_MINOR=18 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=0 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=21 +LIBUNBOUND_REVISION=22 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2939,6 +2939,7 @@ LIBUNBOUND_AGE=1 # 1.16.3 had 9:19:1 # 1.17.0 had 9:20:1 # 1.17.1 had 9:21:1 +# 1.18.0 had 9:22:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -5145,7 +5146,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking $CC dependency flag" >&5 $as_echo_n "checking $CC dependency flag... " >&6; } -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then DEPFLAG="-MM" else @@ -5327,7 +5328,7 @@ echo ' #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -5348,7 +5349,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5418,7 +5419,7 @@ echo ' #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -5439,7 +5440,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5498,12 +5499,12 @@ else echo ' #include <stdbool.h> #include <ctype.h> -int test() { +int test(void) { int a = 0; return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5562,13 +5563,13 @@ else echo ' #include <ctype.h> -int test() { +int test(void) { int a; a = isascii(32); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5627,13 +5628,13 @@ else echo ' #include <netinet/in.h> -int test() { +int test(void) { struct in6_pktinfo inf; int a = (int)sizeof(inf); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5695,13 +5696,13 @@ else echo ' #include <unistd.h> -int test() { +int test(void) { int a = setresgid(0,0,0); a = setresuid(0,0,0); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5764,7 +5765,7 @@ echo ' #endif #include <netdb.h> -int test() { +int test(void) { int a = 0; char *t; time_t time = 0; @@ -5777,7 +5778,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -5846,7 +5847,7 @@ echo ' #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -5859,7 +5860,7 @@ int test() { return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -6610,6 +6611,11 @@ $as_echo "no" >&6; }; fi fi +if test "$LEX" = "" -o "$LEX" = ":"; then + if test ! -f util/configlexer.c; then + as_fn_error $? "no lex and no util/configlexer.c: need flex and bison to compile from source repository." "$LINENO" 5 + fi +fi for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -6653,6 +6659,11 @@ fi done test -n "$YACC" || YACC="yacc" +if test "$YACC" = "" -o "$YACC" = ":"; then + if test ! -f util/configparser.c; then + as_fn_error $? "no yacc and no util/configparser.c: need flex and bison to compile from source repository." "$LINENO" 5 + fi +fi # Extract the first word of "doxygen", so it can be a program name with args. set dummy doxygen; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -14877,6 +14888,21 @@ fi done +# Check for Linux timestamping headers +for ac_header in linux/net_tstamp.h +do : + ac_fn_c_check_header_compile "$LINENO" "linux/net_tstamp.h" "ac_cv_header_linux_net_tstamp_h" "$ac_includes_default +" +if test "x$ac_cv_header_linux_net_tstamp_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_NET_TSTAMP_H 1 +_ACEOF + +fi + +done + + # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" @@ -15954,12 +15980,12 @@ else echo ' #include <stdio.h> -int test() { +int test(void) { int a = fseeko(stdin, 0, 0); return a; } ' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -17541,39 +17567,68 @@ fi PYTHON_VERSION=`$PYTHON -c "import sys; \ print(sys.version.split()[0])"` fi + # calculate the version number components. + + v="$PYTHON_VERSION" + PYTHON_VERSION_MAJOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MAJOR"; then PYTHON_VERSION_MAJOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_MINOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MINOR"; then PYTHON_VERSION_MINOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_PATCH=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_PATCH"; then PYTHON_VERSION_PATCH="0"; fi + + + # For some systems, sysconfig exists, but has the wrong paths, + # on Debian 10, for python 2.7 and 3.7. So, we check the version, + # and for older versions try distutils.sysconfig first. For newer + # versions>=3.10, where distutils.sysconfig is deprecated, use + # sysconfig first and then attempt the other one. + py_distutils_first="no" + if test $PYTHON_VERSION_MAJOR -lt 3; then + py_distutils_first="yes" + fi + if test $PYTHON_VERSION_MAJOR -eq 3 -a $PYTHON_VERSION_MINOR -lt 10; then + py_distutils_first="yes" + fi - # Check if you have sysconfig - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the sysconfig Python module" >&5 -$as_echo_n "checking for the sysconfig Python module... " >&6; } - if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then + # Check if you have the first module + if test "$py_distutils_first" = "yes"; then m="distutils"; else m="sysconfig"; fi + sysconfig_module="" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the $m Python module" >&5 +$as_echo_n "checking for the $m Python module... " >&6; } + if ac_modulecheck_result1=`$PYTHON -c "import $m" 2>&1`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - sysconfig_module="sysconfig" - # if yes, use sysconfig, because distutils is deprecated. + sysconfig_module="$m" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - # if no, try to use distutils - - # - # Check if you have distutils, else fail - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 -$as_echo_n "checking for the distutils Python package... " >&6; } - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + fi + + # if not found, try the other one. + if test -z "$sysconfig_module"; then + if test "$py_distutils_first" = "yes"; then m2="sysconfig"; else m2="distutils"; fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the $m2 Python module" >&5 +$as_echo_n "checking for the $m2 Python module... " >&6; } + if ac_modulecheck_result2=`$PYTHON -c "import $m2" 2>&1`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } + sysconfig_module="$m2" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "cannot import Python module \"distutils\". - Please check your Python installation. The error was: - $ac_distutils_result" "$LINENO" 5 + as_fn_error $? "cannot import Python module \"$m\", or \"$m2\". + Please check your Python installation. The errors are: + $m + $ac_modulecheck_result1 + $m2 + $ac_modulecheck_result2" "$LINENO" 5 PYTHON_VERSION="" fi - - sysconfig_module="distutils.sysconfig" fi + if test "$sysconfig_module" = "distutils"; then sysconfig_module="distutils.sysconfig"; fi # # Check for Python include path @@ -17705,7 +17760,14 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # if test ! -z "$PYTHON_VERSION"; then - if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then + badversion="no" + if test "$PYTHON_VERSION_MAJOR" -lt 2; then + badversion="yes" + fi + if test "$PYTHON_VERSION_MAJOR" -eq 2 -a "$PYTHON_VERSION_MINOR" -lt 4; then + badversion="yes" + fi + if test "$badversion" = "yes"; then as_fn_error $? "Python version >= 2.4.0 is required" "$LINENO" 5 fi @@ -20174,7 +20236,7 @@ char* (*f) () = getaddrinfo; #ifdef __cplusplus } #endif -int main() { +int main(void) { ; return 0; } @@ -20448,7 +20510,7 @@ echo ' #include <stdlib.h> #include <unistd.h> ' >conftest.c -echo 'void f(){ (void)daemon(0, 0); }' >>conftest.c +echo 'void f(void){ (void)daemon(0, 0); }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -22086,7 +22148,7 @@ _ACEOF -version=1.17.1 +version=1.18.0 date=`date +'%b %e, %Y'` @@ -22605,7 +22667,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.17.1, which was +This file was extended by unbound $as_me 1.18.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22671,7 +22733,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.17.1 +unbound config.status 1.18.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 2c7583310f20..098988f55f8a 100644 --- a/configure.ac +++ b/configure.ac @@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[17]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MINOR],[18]) +m4_define([VERSION_MICRO],[0]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=21 +LIBUNBOUND_REVISION=22 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -107,6 +107,7 @@ LIBUNBOUND_AGE=1 # 1.16.3 had 9:19:1 # 1.17.0 had 9:20:1 # 1.17.1 had 9:21:1 +# 1.18.0 had 9:22:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -156,7 +157,7 @@ esac # are we on MinGW? if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes" -else +else if echo $host | grep mingw >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -185,9 +186,9 @@ ub_conf_dir=`AS_DIRNAME(["$ub_conf_file"])` AC_SUBST(ub_conf_dir) # Determine run, chroot directory and pidfile locations -AC_ARG_WITH(run-dir, - AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]), - UNBOUND_RUN_DIR="$withval", +AC_ARG_WITH(run-dir, + AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]), + UNBOUND_RUN_DIR="$withval", if test $on_mingw = no; then UNBOUND_RUN_DIR=`dirname "$ub_conf_file"` else @@ -198,9 +199,9 @@ AC_SUBST(UNBOUND_RUN_DIR) ACX_ESCAPE_BACKSLASH($UNBOUND_RUN_DIR, hdr_run) AC_DEFINE_UNQUOTED(RUN_DIR, ["$hdr_run"], [Directory to chdir to]) -AC_ARG_WITH(chroot-dir, - AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]), - UNBOUND_CHROOT_DIR="$withval", +AC_ARG_WITH(chroot-dir, + AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]), + UNBOUND_CHROOT_DIR="$withval", if test $on_mingw = no; then UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR" else @@ -218,9 +219,9 @@ AC_ARG_WITH(share-dir, AC_SUBST(UNBOUND_SHARE_DIR) AC_DEFINE_UNQUOTED(SHARE_DIR, ["$UNBOUND_SHARE_DIR"], [Shared data]) -AC_ARG_WITH(pidfile, - AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]), - UNBOUND_PIDFILE="$withval", +AC_ARG_WITH(pidfile, + AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]), + UNBOUND_PIDFILE="$withval", if test $on_mingw = no; then UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid" else @@ -231,9 +232,9 @@ AC_SUBST(UNBOUND_PIDFILE) ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid) AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location]) -AC_ARG_WITH(rootkey-file, - AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]), - UNBOUND_ROOTKEY_FILE="$withval", +AC_ARG_WITH(rootkey-file, + AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]), + UNBOUND_ROOTKEY_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else @@ -244,9 +245,9 @@ AC_SUBST(UNBOUND_ROOTKEY_FILE) ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey) AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location]) -AC_ARG_WITH(rootcert-file, - AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), - UNBOUND_ROOTCERT_FILE="$withval", +AC_ARG_WITH(rootcert-file, + AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), + UNBOUND_ROOTCERT_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else @@ -257,9 +258,9 @@ AC_SUBST(UNBOUND_ROOTCERT_FILE) ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem) AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location]) -AC_ARG_WITH(username, - AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]), - UNBOUND_USERNAME="$withval", +AC_ARG_WITH(username, + AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]), + UNBOUND_USERNAME="$withval", UNBOUND_USERNAME="unbound") AC_SUBST(UNBOUND_USERNAME) AC_DEFINE_UNQUOTED(UB_USERNAME, ["$UNBOUND_USERNAME"], [default username]) @@ -285,7 +286,7 @@ ACX_DETERMINE_EXT_FLAGS_UNBOUND # debug mode flags warnings AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable warnings, asserts, makefile-dependencies])) AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[same as enable-checking])) -if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; +if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; else debug_enabled="$enable_checking"; fi AC_SUBST(debug_enabled) case "$debug_enabled" in @@ -388,7 +389,17 @@ fi if test "$LEX" != "" -a "$LEX" != ":"; then ACX_YYLEX_OPTION fi +if test "$LEX" = "" -o "$LEX" = ":"; then + if test ! -f util/configlexer.c; then + AC_MSG_ERROR([no lex and no util/configlexer.c: need flex and bison to compile from source repository.]) + fi +fi AC_PROG_YACC +if test "$YACC" = "" -o "$YACC" = ":"; then + if test ! -f util/configparser.c; then + AC_MSG_ERROR([no yacc and no util/configparser.c: need flex and bison to compile from source repository.]) + fi +fi AC_CHECK_PROG(doxygen, doxygen, doxygen) AC_CHECK_TOOL(STRIP, strip) ACX_LIBTOOL_C_ONLY @@ -453,6 +464,9 @@ AC_CHECK_HEADERS([netioapi.h],,, [AC_INCLUDES_DEFAULT #endif ]) +# Check for Linux timestamping headers +AC_CHECK_HEADERS([linux/net_tstamp.h],,, [AC_INCLUDES_DEFAULT]) + # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. AC_CHECK_TYPE(int8_t, signed char) @@ -548,11 +562,11 @@ sinclude(systemd.m4) # Include systemd.m4 - end # set memory allocation checking if requested -AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]), +AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]), +AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), +AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), , ) if test x_$enable_alloc_nonregional = x_yes; then AC_DEFINE(UNBOUND_ALLOC_NONREGIONAL, 1, [use malloc not regions, for debug use]) @@ -585,7 +599,7 @@ if test "$on_mingw" = "yes"; then ])], AC_MSG_RESULT(yes) AC_DEFINE(HAVE_WINDOWS_THREADS, 1, [Using Windows threads]) -, +, AC_MSG_RESULT(no) ) @@ -596,7 +610,7 @@ else # check this first, so that the pthread lib does not get linked in via # libssl or libpython, and thus distorts the tests, and we end up using # the non-threadsafe C libraries. -AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]), +AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]), [ ],[ withval="yes" ]) ub_have_pthreads=no if test x_$withval != x_no; then @@ -623,7 +637,7 @@ int main(void) {return 0;} # first compile echo "$CC $CFLAGS -c conftest.c -o conftest.o" >&AS_MESSAGE_LOG_FD $CC $CFLAGS -c conftest.c -o conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD - if test $? = 0; then + if test $? = 0; then # then link echo "$CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest contest.o" >&AS_MESSAGE_LOG_FD $CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD @@ -644,7 +658,7 @@ int main(void) {return 0;} ]) fi -# check solaris thread library +# check solaris thread library AC_ARG_WITH(solaris-threads, AS_HELP_STRING([--with-solaris-threads],[use solaris native thread library.]), [ ],[ withval="no" ]) ub_have_sol_threads=no if test x_$withval != x_no; then @@ -658,8 +672,8 @@ if test x_$withval != x_no; then ACX_CHECK_COMPILER_FLAG(mt, [CFLAGS="$CFLAGS -mt"], [CFLAGS="$CFLAGS -D_REENTRANT"]) ub_have_sol_threads=yes - ] , [ - AC_MSG_ERROR([no solaris threads found.]) + ] , [ + AC_MSG_ERROR([no solaris threads found.]) ]) fi fi @@ -734,7 +748,14 @@ if test x_$ub_test_python != x_no; then ac_save_LIBS="$LIBS" dnl otherwise AC_PYTHON_DEVEL thrashes $LIBS AC_PYTHON_DEVEL if test ! -z "$PYTHON_VERSION"; then - if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then + badversion="no" + if test "$PYTHON_VERSION_MAJOR" -lt 2; then + badversion="yes" + fi + if test "$PYTHON_VERSION_MAJOR" -eq 2 -a "$PYTHON_VERSION_MINOR" -lt 4; then + badversion="yes" + fi + if test "$badversion" = "yes"; then AC_MSG_ERROR([Python version >= 2.4.0 is required]) fi @@ -1085,7 +1106,7 @@ int load_gost_id(void) EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); return gost_id; } -int main(void) { +int main(void) { EVP_MD_CTX* ctx; const EVP_MD* md; unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */ @@ -1529,7 +1550,7 @@ if test x_$enable_fully_static = x_yes; then fi # set lock checking if requested -AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]), +AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]), , ) if test x_$enable_lock_checks = x_yes; then AC_DEFINE(ENABLE_LOCK_CHECKS, 1, [Define if you want to use debug lock checking (slow).]) @@ -1980,11 +2001,11 @@ AC_ARG_WITH(libunbound-only, AS_HELP_STRING([--with-libunbound-only],[do not bui fi ]) if test $ALLTARGET = "alltargets"; then - if test $USE_NSS = "yes"; then - AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) + if test $USE_NSS = "yes"; then + AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) fi if test $USE_NETTLE = "yes"; then - AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) + AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) fi fi @@ -1995,7 +2016,7 @@ ACX_STRIP_EXT_FLAGS if test -n "$LATE_LDFLAGS"; then LDFLAGS="$LATE_LDFLAGS $LDFLAGS" fi -# remove start spaces +# remove start spaces LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'` LIBS=`echo "$LIBS"|sed -e 's/^ *//'` diff --git a/contrib/Dockerfile.tests b/contrib/Dockerfile.tests index 417daccb21f9..4d13210216b2 100644 --- a/contrib/Dockerfile.tests +++ b/contrib/Dockerfile.tests @@ -1,10 +1,8 @@ FROM gcc:latest WORKDIR /usr/src/unbound -RUN apt-get update # install semantic parser & lexical analyzer -RUN apt-get install -y bison flex # install packages used in tests -RUN apt-get install -y ldnsutils dnsutils xxd splint doxygen netcat +RUN apt-get update && apt-get install -y bison flex ldnsutils dnsutils xxd splint doxygen netcat-openbsd # accept short rsa keys, which are used in tests RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf diff --git a/contrib/README b/contrib/README index ef2a0ab885dd..2427a02947fd 100644 --- a/contrib/README +++ b/contrib/README @@ -55,3 +55,6 @@ distribution but may be helpful. contributed by Andreas Schulze. * metrics.awk: awk script that can convert unbound-control stats to Prometheus metrics format output. +* unbound.init_yocto: An init script to start and stop the server. Put it + in /etc/init.d/unbound to use it. It is for the Yocto Project, in + embedded systems, contributed by beni-sandu. diff --git a/contrib/aaaa-filter-iterator.patch b/contrib/aaaa-filter-iterator.patch index 5513133722db..cb6dabc44856 100644 --- a/contrib/aaaa-filter-iterator.patch +++ b/contrib/aaaa-filter-iterator.patch @@ -105,9 +105,9 @@ index 2482a1f4..bd5ba243 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -177,6 +177,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) - iter_env->supports_ipv6 = cfg->do_ip6; - iter_env->supports_ipv4 = cfg->do_ip4; iter_env->outbound_msg_retry = cfg->outbound_msg_retry; + iter_env->max_sent_count = cfg->max_sent_count; + iter_env->max_query_restarts = cfg->max_query_restarts; + iter_env->aaaa_filter = cfg->aaaa_filter; return 1; } diff --git a/contrib/unbound.init_yocto b/contrib/unbound.init_yocto new file mode 100644 index 000000000000..4eba752bc55c --- /dev/null +++ b/contrib/unbound.init_yocto @@ -0,0 +1,139 @@ +#!/bin/sh +# +# unbound This shell script takes care of starting and stopping +# unbound (DNS server). +# +# chkconfig: - 14 86 +# description: unbound is a Domain Name Server (DNS) \ +# that is used to resolve host names to IP addresses. + +### BEGIN INIT INFO +# Provides: $named unbound +# Required-Start: $network $local_fs +# Required-Stop: $network $local_fs +# Should-Start: $syslog +# Should-Stop: $syslog +# Short-Description: unbound recursive Domain Name Server. +# Description: unbound is a Domain Name Server (DNS) +# that is used to resolve host names to IP addresses. +### END INIT INFO + +# Source function library. +. /etc/init.d/functions + +exec="/usr/sbin/unbound" +prog="unbound" +config="/etc/unbound/unbound.conf" +pidfile="/var/unbound/unbound.pid" +rootdir="/var/unbound" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + + # setup root jail + if [ -s /etc/localtime ]; then + [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; + if [ ! -e ${rootdir}/etc/localtime ] || ! /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then + cp -fp /etc/localtime ${rootdir}/etc/localtime + fi; + fi; + if [ -s /etc/resolv.conf ]; then + [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; + if [ ! -e ${rootdir}/etc/resolv.conf ] || ! /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then + cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf + fi; + fi; + if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then + [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; + [ -e ${rootdir}/dev/log ] || touch ${rootdir}/dev/log + mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; + fi; + if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then + [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; + [ -e ${rootdir}/dev/random ] || touch ${rootdir}/dev/random + mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; + fi; + + # if not running, start it up here + daemonize $exec + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + # stop it here, often "killproc $prog" + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then + umount ${rootdir}/dev/log >/dev/null 2>&1 + fi; + if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then + umount ${rootdir}/dev/random >/dev/null 2>&1 + fi; + return $retval +} + +restart() { + stop + start +} + +reload() { + kill -HUP `cat $pidfile` +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status -p $pidfile >/dev/null 2>&1 +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/daemon/acl_list.c b/daemon/acl_list.c index f3961dbbb7ad..83cfd7ddf939 100644 --- a/daemon/acl_list.c +++ b/daemon/acl_list.c @@ -109,6 +109,8 @@ parse_acl_access(const char* str, enum acl_access* control) *control = acl_allow_snoop; else if(strcmp(str, "allow_setrd") == 0) *control = acl_allow_setrd; + else if (strcmp(str, "allow_cookie") == 0) + *control = acl_allow_cookie; else { log_err("access control type %s unknown", str); return 0; diff --git a/daemon/acl_list.h b/daemon/acl_list.h index c717179baf5e..9da43bef37e5 100644 --- a/daemon/acl_list.h +++ b/daemon/acl_list.h @@ -64,8 +64,12 @@ enum acl_access { acl_allow, /** allow full access for all queries, recursion and cache snooping */ acl_allow_snoop, - /** allow full access for recursion queries and set RD flag regardless of request */ - acl_allow_setrd + /** allow full access for recursion queries and set RD flag regardless + * of request */ + acl_allow_setrd, + /** allow full access for recursion (+RD) queries if valid cookie + * present or stateful transport */ + acl_allow_cookie }; /** diff --git a/daemon/cachedump.c b/daemon/cachedump.c index 943eb63f326c..61ee1d29133f 100644 --- a/daemon/cachedump.c +++ b/daemon/cachedump.c @@ -166,8 +166,7 @@ dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k) /** dump message entry */ static int -dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, - time_t now) +dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, time_t now) { size_t i; char* nm, *tp, *cl; @@ -192,13 +191,15 @@ dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, } /* meta line */ - if(!ssl_printf(ssl, "msg %s %s %s %d %d " ARG_LL "d %d %u %u %u\n", + if(!ssl_printf(ssl, "msg %s %s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n", nm, cl, tp, (int)d->flags, (int)d->qdcount, (long long)(d->ttl-now), (int)d->security, - (unsigned)d->an_numrrsets, + (unsigned)d->an_numrrsets, (unsigned)d->ns_numrrsets, - (unsigned)d->ar_numrrsets)) { + (unsigned)d->ar_numrrsets, + (int)d->reason_bogus, + d->reason_bogus_str?d->reason_bogus_str:"")) { free(nm); free(tp); free(cl); @@ -633,6 +634,9 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker) long long ttl; size_t i; int go_on = 1; + int ede; + int consumed = 0; + char* ede_str = NULL; regional_free_all(region); @@ -647,11 +651,16 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker) } /* read remainder of line */ - if(sscanf(s, " %u %u " ARG_LL "d %u %u %u %u", &flags, &qdcount, &ttl, - &security, &an, &ns, &ar) != 7) { + /* note the last space before any possible EDE text */ + if(sscanf(s, " %u %u " ARG_LL "d %u %u %u %u %d %n", &flags, &qdcount, &ttl, + &security, &an, &ns, &ar, &ede, &consumed) != 8) { log_warn("error cannot parse numbers: %s", s); return 0; } + /* there may be EDE text after the numbers */ + if(consumed > 0 && (size_t)consumed < strlen(s)) + ede_str = s + consumed; + memset(&rep, 0, sizeof(rep)); rep.flags = (uint16_t)flags; rep.qdcount = (uint16_t)qdcount; rep.ttl = (time_t)ttl; @@ -666,6 +675,8 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker) rep.ns_numrrsets = (size_t)ns; rep.ar_numrrsets = (size_t)ar; rep.rrset_count = (size_t)an+(size_t)ns+(size_t)ar; + rep.reason_bogus = (sldns_ede_code)ede; + rep.reason_bogus_str = ede_str?(char*)regional_strdup(region, ede_str):NULL; rep.rrsets = (struct ub_packed_rrset_key**)regional_alloc_zero( region, sizeof(struct ub_packed_rrset_key*)*rep.rrset_count); @@ -860,7 +871,8 @@ int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm, /* go up? */ if(iter_dp_is_useless(&qinfo, BIT_RD, dp, (worker->env.cfg->do_ip4 && worker->back->num_ip4 != 0), - (worker->env.cfg->do_ip6 && worker->back->num_ip6 != 0))) { + (worker->env.cfg->do_ip6 && worker->back->num_ip6 != 0), + worker->env.cfg->do_nat64)) { print_dp_main(ssl, dp, msg); print_dp_details(ssl, worker, dp); if(!ssl_printf(ssl, "cache delegation was " diff --git a/daemon/remote.c b/daemon/remote.c index 7c5a036f343d..4990fc8e9195 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -4,22 +4,22 @@ * Copyright (c) 2008, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -38,7 +38,7 @@ * * This file contains the remote control functionality for the daemon. * The remote control can be performed using either the commandline - * unbound-control tool, or a TLS capable web browser. + * unbound-control tool, or a TLS capable web browser. * The channel is secured using TLSv1, and certificates. * Both the server and the client(control tool) have their own keys. */ @@ -87,6 +87,7 @@ #include "sldns/parseutil.h" #include "sldns/wire2str.h" #include "sldns/sbuffer.h" +#include "util/timeval_func.h" #ifdef HAVE_SYS_TYPES_H # include <sys/types.h> @@ -106,47 +107,6 @@ /** what to put on statistics lines between var and value, ": " or "=" */ #define SQ "=" -/** subtract timers and the values do not overflow or become negative */ -static void -timeval_subtract(struct timeval* d, const struct timeval* end, - const struct timeval* start) -{ -#ifndef S_SPLINT_S - time_t end_usec = end->tv_usec; - d->tv_sec = end->tv_sec - start->tv_sec; - if(end_usec < start->tv_usec) { - end_usec += 1000000; - d->tv_sec--; - } - d->tv_usec = end_usec - start->tv_usec; -#endif -} - -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d <= 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - if(leftover <= 0) - leftover = 0; - avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; - if(avg->tv_sec < 0) - avg->tv_sec = 0; - if(avg->tv_usec < 0) - avg->tv_usec = 0; -#endif -} - static int remote_setup_ctx(struct daemon_remote* rc, struct config_file* cfg) { @@ -201,7 +161,7 @@ remote_setup_ctx(struct daemon_remote* rc, struct config_file* cfg) struct daemon_remote* daemon_remote_create(struct config_file* cfg) { - struct daemon_remote* rc = (struct daemon_remote*)calloc(1, + struct daemon_remote* rc = (struct daemon_remote*)calloc(1, sizeof(*rc)); if(!rc) { log_err("out of memory in daemon_remote_create"); @@ -410,7 +370,7 @@ accept_open(struct daemon_remote* rc, int fd) n->next = rc->accept_list; rc->accept_list = n; /* open commpt */ - n->com = comm_point_create_raw(rc->worker->base, fd, 0, + n->com = comm_point_create_raw(rc->worker->base, fd, 0, &remote_accept_callback, rc); if(!n->com) return 0; @@ -419,7 +379,7 @@ accept_open(struct daemon_remote* rc, int fd) return 1; } -int daemon_remote_open_accept(struct daemon_remote* rc, +int daemon_remote_open_accept(struct daemon_remote* rc, struct listen_port* ports, struct worker* worker) { struct listen_port* p; @@ -437,7 +397,7 @@ void daemon_remote_stop_accept(struct daemon_remote* rc) { struct listen_list* p; for(p=rc->accept_list; p; p=p->next) { - comm_point_stop_listening(p->com); + comm_point_stop_listening(p->com); } } @@ -445,11 +405,11 @@ void daemon_remote_start_accept(struct daemon_remote* rc) { struct listen_list* p; for(p=rc->accept_list; p; p=p->next) { - comm_point_start_listening(p->com, -1, -1); + comm_point_start_listening(p->com, -1, -1); } } -int remote_accept_callback(struct comm_point* c, void* arg, int err, +int remote_accept_callback(struct comm_point* c, void* arg, int err, struct comm_reply* ATTR_UNUSED(rep)) { struct daemon_remote* rc = (struct daemon_remote*)arg; @@ -481,7 +441,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, } n->fd = newfd; /* start in reading state */ - n->c = comm_point_create_raw(rc->worker->base, newfd, 0, + n->c = comm_point_create_raw(rc->worker->base, newfd, 0, &remote_control_callback, n); if(!n->c) { log_err("out of memory"); @@ -521,7 +481,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, rc->busy_list = n; rc->active ++; - /* perform the first nonblocking read already, for windows, + /* perform the first nonblocking read already, for windows, * so it can return wouldblock. could be faster too. */ (void)remote_control_callback(n->c, n, NETEVENT_NOERROR, NULL); return 0; @@ -558,7 +518,7 @@ int ssl_print_text(RES* res, const char* text) { int r; - if(!res) + if(!res) return 0; if(res->ssl) { ERR_clear_error(); @@ -660,7 +620,7 @@ static char* skipwhite(char* str) { /* EOS \0 is not a space */ - while( isspace((unsigned char)*str) ) + while( isspace((unsigned char)*str) ) str++; return str; } @@ -708,20 +668,30 @@ static int print_stats(RES* ssl, const char* nm, struct ub_stats_info* s) { struct timeval sumwait, avg; - if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries)) return 0; if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries_ip_ratelimited)) return 0; - if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm, - (unsigned long)(s->svr.num_queries + if(!ssl_printf(ssl, "%s.num.queries_cookie_valid"SQ"%lu\n", nm, + (unsigned long)s->svr.num_queries_cookie_valid)) return 0; + if(!ssl_printf(ssl, "%s.num.queries_cookie_client"SQ"%lu\n", nm, + (unsigned long)s->svr.num_queries_cookie_client)) return 0; + if(!ssl_printf(ssl, "%s.num.queries_cookie_invalid"SQ"%lu\n", nm, + (unsigned long)s->svr.num_queries_cookie_invalid)) return 0; + if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm, + (unsigned long)(s->svr.num_queries - s->svr.num_queries_missed_cache))) return 0; - if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries_missed_cache)) return 0; - if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries_prefetch)) return 0; + if(!ssl_printf(ssl, "%s.num.queries_timed_out"SQ"%lu\n", nm, + (unsigned long)s->svr.num_queries_timed_out)) return 0; + if(!ssl_printf(ssl, "%s.query.queue_time_us.max"SQ"%lu\n", nm, + (unsigned long)s->svr.max_query_time_us)) return 0; if(!ssl_printf(ssl, "%s.num.expired"SQ"%lu\n", nm, (unsigned long)s->svr.ans_expired)) return 0; - if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, + if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, (unsigned long)s->mesh_replies_sent)) return 0; #ifdef USE_DNSCRYPT if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm, @@ -755,7 +725,7 @@ print_stats(RES* ssl, const char* nm, struct ub_stats_info* s) timeval_divide(&avg, &sumwait, s->mesh_replies_sent); if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm, (long long)avg.tv_sec, (int)avg.tv_usec)) return 0; - if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, + if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median)) return 0; if(!ssl_printf(ssl, "%s.tcpusage"SQ"%lu\n", nm, (unsigned long)s->svr.tcp_accept_usage)) return 0; @@ -780,7 +750,7 @@ print_longnum(RES* ssl, const char* desc, size_t x) /* more than a Gb */ size_t front = x / (size_t)1000000; size_t back = x % (size_t)1000000; - return ssl_printf(ssl, "%s%u%6.6u\n", desc, + return ssl_printf(ssl, "%s%u%6.6u\n", desc, (unsigned)front, (unsigned)back); } else { return ssl_printf(ssl, "%s%lu\n", desc, (unsigned long)x); @@ -880,11 +850,11 @@ print_uptime(RES* ssl, struct worker* worker, int reset) timeval_subtract(&dt, &now, &worker->daemon->time_last_stat); if(reset) worker->daemon->time_last_stat = now; - if(!ssl_printf(ssl, "time.now"SQ ARG_LL "d.%6.6d\n", + if(!ssl_printf(ssl, "time.now"SQ ARG_LL "d.%6.6d\n", (long long)now.tv_sec, (unsigned)now.tv_usec)) return 0; - if(!ssl_printf(ssl, "time.up"SQ ARG_LL "d.%6.6d\n", + if(!ssl_printf(ssl, "time.up"SQ ARG_LL "d.%6.6d\n", (long long)up.tv_sec, (unsigned)up.tv_usec)) return 0; - if(!ssl_printf(ssl, "time.elapsed"SQ ARG_LL "d.%6.6d\n", + if(!ssl_printf(ssl, "time.elapsed"SQ ARG_LL "d.%6.6d\n", (long long)dt.tv_sec, (unsigned)dt.tv_usec)) return 0; return 1; } @@ -902,7 +872,7 @@ print_hist(RES* ssl, struct ub_stats_info* s) } timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST); for(i=0; i<hist->num; i++) { - if(!ssl_printf(ssl, + if(!ssl_printf(ssl, "histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n", (int)hist->buckets[i].lower.tv_sec, (int)hist->buckets[i].lower.tv_usec, @@ -945,11 +915,11 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) } else { snprintf(nm, sizeof(nm), "TYPE%d", i); } - if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n", nm, (unsigned long)s->svr.qtype[i])) return 0; } if(!inhibit_zero || s->svr.qtype_big) { - if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n", (unsigned long)s->svr.qtype_big)) return 0; } /* CLASS */ @@ -962,11 +932,11 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) } else { snprintf(nm, sizeof(nm), "CLASS%d", i); } - if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n", nm, (unsigned long)s->svr.qclass[i])) return 0; } if(!inhibit_zero || s->svr.qclass_big) { - if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n", (unsigned long)s->svr.qclass_big)) return 0; } /* OPCODE */ @@ -979,44 +949,44 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) } else { snprintf(nm, sizeof(nm), "OPCODE%d", i); } - if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n", nm, (unsigned long)s->svr.qopcode[i])) return 0; } /* transport */ - if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n", (unsigned long)s->svr.qtcp)) return 0; - if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n", (unsigned long)s->svr.qtcp_outgoing)) return 0; if(!ssl_printf(ssl, "num.query.udpout"SQ"%lu\n", (unsigned long)s->svr.qudp_outgoing)) return 0; - if(!ssl_printf(ssl, "num.query.tls"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tls"SQ"%lu\n", (unsigned long)s->svr.qtls)) return 0; - if(!ssl_printf(ssl, "num.query.tls.resume"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.tls.resume"SQ"%lu\n", (unsigned long)s->svr.qtls_resume)) return 0; - if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n", (unsigned long)s->svr.qipv6)) return 0; if(!ssl_printf(ssl, "num.query.https"SQ"%lu\n", (unsigned long)s->svr.qhttps)) return 0; /* flags */ - if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n", (unsigned long)s->svr.qbit_QR)) return 0; - if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n", (unsigned long)s->svr.qbit_AA)) return 0; - if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n", (unsigned long)s->svr.qbit_TC)) return 0; - if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n", (unsigned long)s->svr.qbit_RD)) return 0; - if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n", (unsigned long)s->svr.qbit_RA)) return 0; - if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n", (unsigned long)s->svr.qbit_Z)) return 0; - if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n", (unsigned long)s->svr.qbit_AD)) return 0; - if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n", (unsigned long)s->svr.qbit_CD)) return 0; - if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n", (unsigned long)s->svr.qEDNS)) return 0; - if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n", (unsigned long)s->svr.qEDNS_DO)) return 0; /* RCODE */ @@ -1030,31 +1000,31 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) } else { snprintf(nm, sizeof(nm), "RCODE%d", i); } - if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n", nm, (unsigned long)s->svr.ans_rcode[i])) return 0; } if(!inhibit_zero || s->svr.ans_rcode_nodata) { - if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n", (unsigned long)s->svr.ans_rcode_nodata)) return 0; } /* iteration */ - if(!ssl_printf(ssl, "num.query.ratelimited"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.ratelimited"SQ"%lu\n", (unsigned long)s->svr.queries_ratelimited)) return 0; /* validation */ - if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n", (unsigned long)s->svr.ans_secure)) return 0; - if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n", + if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n", (unsigned long)s->svr.ans_bogus)) return 0; - if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n", + if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n", (unsigned long)s->svr.rrset_bogus)) return 0; - if(!ssl_printf(ssl, "num.query.aggressive.NOERROR"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.aggressive.NOERROR"SQ"%lu\n", (unsigned long)s->svr.num_neg_cache_noerror)) return 0; - if(!ssl_printf(ssl, "num.query.aggressive.NXDOMAIN"SQ"%lu\n", + if(!ssl_printf(ssl, "num.query.aggressive.NXDOMAIN"SQ"%lu\n", (unsigned long)s->svr.num_neg_cache_nxdomain)) return 0; /* threat detection */ - if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n", + if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n", (unsigned long)s->svr.unwanted_queries)) return 0; - if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n", + if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n", (unsigned long)s->svr.unwanted_replies)) return 0; /* cache counts */ if(!ssl_printf(ssl, "msg.cache.count"SQ"%u\n", @@ -1065,6 +1035,11 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) (unsigned)s->svr.infra_cache_count)) return 0; if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n", (unsigned)s->svr.key_cache_count)) return 0; + /* max collisions */ + if(!ssl_printf(ssl, "msg.cache.max_collisions"SQ"%u\n", + (unsigned)s->svr.msg_cache_max_collisions)) return 0; + if(!ssl_printf(ssl, "rrset.cache.max_collisions"SQ"%u\n", + (unsigned)s->svr.rrset_cache_max_collisions)) return 0; /* applied RPZ actions */ for(i=0; i<UB_STATS_RPZ_ACTION_NUM; i++) { if(i == RPZ_NO_OVERRIDE_ACTION) @@ -1095,6 +1070,10 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) if(!ssl_printf(ssl, "num.query.subnet_cache"SQ"%lu\n", (unsigned long)s->svr.num_query_subnet_cache)) return 0; #endif /* CLIENT_SUBNET */ +#ifdef USE_CACHEDB + if(!ssl_printf(ssl, "num.query.cachedb"SQ"%lu\n", + (unsigned long)s->svr.num_query_cachedb)) return 0; +#endif /* USE_CACHEDB */ return 1; } @@ -1119,7 +1098,7 @@ do_stats(RES* ssl, struct worker* worker, int reset) } /* print the thread statistics */ total.mesh_time_median /= (double)daemon->num; - if(!print_stats(ssl, "total", &total)) + if(!print_stats(ssl, "total", &total)) return; if(!print_uptime(ssl, worker, reset)) return; @@ -1208,7 +1187,7 @@ perform_zone_add(RES* ssl, struct local_zones* zones, char* arg) return 0; } lock_rw_wrlock(&zones->lock); - if((z=local_zones_find(zones, nm, nmlen, + if((z=local_zones_find(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN))) { /* already present in tree */ lock_rw_wrlock(&z->lock); @@ -1218,7 +1197,7 @@ perform_zone_add(RES* ssl, struct local_zones* zones, char* arg) lock_rw_unlock(&zones->lock); return 1; } - if(!local_zones_add_zone(zones, nm, nmlen, + if(!local_zones_add_zone(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN, t)) { lock_rw_unlock(&zones->lock); ssl_printf(ssl, "error out of memory\n"); @@ -1267,7 +1246,7 @@ perform_zone_remove(RES* ssl, struct local_zones* zones, char* arg) if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return 0; lock_rw_wrlock(&zones->lock); - if((z=local_zones_find(zones, nm, nmlen, + if((z=local_zones_find(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN))) { /* present in tree */ local_zones_del_zone(zones, z); @@ -1608,8 +1587,11 @@ do_flush_type(RES* ssl, struct worker* worker, char* arg) if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; t = sldns_get_rr_type_by_name(arg2); + if(t == 0 && strcmp(arg2, "TYPE0") != 0) { + return; + } do_cache_remove(worker, nm, nmlen, t, LDNS_RR_CLASS_IN); - + free(nm); send_ok(ssl); } @@ -1719,7 +1701,7 @@ zone_del_rrset(struct lruhash_entry* e, void* arg) struct del_info* inf = (struct del_info*)arg; struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key; if(dname_subdomain_c(k->rk.dname, inf->name)) { - struct packed_rrset_data* d = + struct packed_rrset_data* d = (struct packed_rrset_data*)e->data; if(d->ttl > inf->expired) { d->ttl = inf->expired; @@ -1783,21 +1765,21 @@ do_flush_zone(RES* ssl, struct worker* worker, char* arg) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, + slabhash_traverse(&worker->env.rrset_cache->table, 1, &zone_del_rrset, &inf); slabhash_traverse(worker->env.msg_cache, 1, &zone_del_msg, &inf); /* and validator cache */ if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, + slabhash_traverse(worker->env.key_cache->slab, 1, &zone_del_kcache, &inf); } free(nm); (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, + "and %lu key entries\n", (unsigned long)inf.num_rrsets, (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); } @@ -1852,19 +1834,19 @@ do_flush_bogus(RES* ssl, struct worker* worker) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, + slabhash_traverse(&worker->env.rrset_cache->table, 1, &bogus_del_rrset, &inf); slabhash_traverse(worker->env.msg_cache, 1, &bogus_del_msg, &inf); /* and validator cache */ if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, + slabhash_traverse(worker->env.key_cache->slab, 1, &bogus_del_kcache, &inf); } (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, + "and %lu key entries\n", (unsigned long)inf.num_rrsets, (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); } @@ -1927,19 +1909,19 @@ do_flush_negative(RES* ssl, struct worker* worker) inf.num_rrsets = 0; inf.num_msgs = 0; inf.num_keys = 0; - slabhash_traverse(&worker->env.rrset_cache->table, 1, + slabhash_traverse(&worker->env.rrset_cache->table, 1, &negative_del_rrset, &inf); slabhash_traverse(worker->env.msg_cache, 1, &negative_del_msg, &inf); /* and validator cache */ if(worker->env.key_cache) { - slabhash_traverse(worker->env.key_cache->slab, 1, + slabhash_traverse(worker->env.key_cache->slab, 1, &negative_del_kcache, &inf); } (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages " - "and %lu key entries\n", (unsigned long)inf.num_rrsets, + "and %lu key entries\n", (unsigned long)inf.num_rrsets, (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys); } @@ -1964,7 +1946,7 @@ do_flush_name(RES* ssl, struct worker* w, char* arg) do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN); do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN); do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN); - + free(nm); send_ok(ssl); } @@ -2334,7 +2316,7 @@ do_status(RES* ssl, struct worker* worker) uptime = (time_t)time(NULL) - (time_t)worker->daemon->time_boot.tv_sec; if(!ssl_printf(ssl, "uptime: " ARG_LL "d seconds\n", (long long)uptime)) return; - if(!ssl_printf(ssl, "options:%s%s%s%s\n" , + if(!ssl_printf(ssl, "options:%s%s%s%s\n" , (worker->daemon->reuseport?" reuseport":""), (worker->daemon->rc->accept_list?" control":""), (worker->daemon->rc->accept_list && worker->daemon->rc->use_cert?"(ssl)":""), @@ -2348,7 +2330,7 @@ do_status(RES* ssl, struct worker* worker) /** get age for the mesh state */ static void -get_mesh_age(struct mesh_state* m, char* buf, size_t len, +get_mesh_age(struct mesh_state* m, char* buf, size_t len, struct module_env* env) { if(m->reply_list) { @@ -2367,7 +2349,7 @@ get_mesh_age(struct mesh_state* m, char* buf, size_t len, /** get status of a mesh state */ static void -get_mesh_status(struct mesh_area* mesh, struct mesh_state* m, +get_mesh_status(struct mesh_area* mesh, struct mesh_state* m, char* buf, size_t len) { enum module_ext_state s = m->s.ext_state[m->s.curmod]; @@ -2389,7 +2371,7 @@ get_mesh_status(struct mesh_area* mesh, struct mesh_state* m, snprintf(buf, len, " "); l = strlen(buf); buf += l; len -= l; - addr_to_str(&e->qsent->addr, e->qsent->addrlen, + addr_to_str(&e->qsent->addr, e->qsent->addrlen, buf, len); l = strlen(buf); buf += l; len -= l; @@ -2442,7 +2424,7 @@ do_dump_requestlist(RES* ssl, struct worker* worker) dname_str(m->s.qinfo.qname, buf); get_mesh_age(m, timebuf, sizeof(timebuf), &worker->env); get_mesh_status(mesh, m, statbuf, sizeof(statbuf)); - if(!ssl_printf(ssl, "%3d %4s %2s %s %s %s\n", + if(!ssl_printf(ssl, "%3d %4s %2s %s %s %s\n", num, (t?t:"TYPE??"), (c?c:"CLASS??"), buf, timebuf, statbuf)) { free(t); @@ -2632,7 +2614,7 @@ do_auth_zone_transfer(RES* ssl, struct worker* worker, char* arg) free(nm); send_ok(ssl); } - + /** do the set_option command */ static void do_set_option(RES* ssl, struct worker* worker, char* arg) @@ -2770,7 +2752,7 @@ do_list_local_zones(RES* ssl, struct local_zones* zones) RBTREE_FOR(z, struct local_zone*, &zones->ztree) { lock_rw_rdlock(&z->lock); dname_str(z->name, buf); - if(!ssl_printf(ssl, "%s %s\n", buf, + if(!ssl_printf(ssl, "%s %s\n", buf, local_zone_type2str(z->type))) { /* failure to print */ lock_rw_unlock(&z->lock); @@ -2999,7 +2981,7 @@ static void distribute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd) { int i; - if(!cmd || !ssl) + if(!cmd || !ssl) return; /* skip i=0 which is me */ for(i=1; i<rc->worker->daemon->num; i++) { @@ -3022,7 +3004,7 @@ cmdcmp(char* p, const char* cmd, size_t len) /** execute a remote control command */ static void -execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, +execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, struct worker* worker) { char* p = skipwhite(cmd); @@ -3206,7 +3188,7 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, } } -void +void daemon_remote_exec(struct worker* worker) { /* read the cmd string */ @@ -3315,7 +3297,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, return 0; } -int remote_control_callback(struct comm_point* c, void* arg, int err, +int remote_control_callback(struct comm_point* c, void* arg, int err, struct comm_reply* ATTR_UNUSED(rep)) { RES res; @@ -3323,7 +3305,7 @@ int remote_control_callback(struct comm_point* c, void* arg, int err, struct daemon_remote* rc = s->rc; int r; if(err != NETEVENT_NOERROR) { - if(err==NETEVENT_TIMEOUT) + if(err==NETEVENT_TIMEOUT) log_err("remote control timed out"); clean_point(rc, s); return 0; diff --git a/daemon/remote.h b/daemon/remote.h index 217ea21e80c1..4902803f5e42 100644 --- a/daemon/remote.h +++ b/daemon/remote.h @@ -46,7 +46,7 @@ #ifndef DAEMON_REMOTE_H #define DAEMON_REMOTE_H #ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" +#include <openssl/ssl.h> #endif struct config_file; struct listen_list; diff --git a/daemon/stats.c b/daemon/stats.c index 6b3834977844..4855bf1c1d2d 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -116,8 +116,8 @@ void server_stats_log(struct ub_server_stats* stats, struct worker* worker, log_info("server stats for thread %d: %u queries, " "%u answers from cache, %u recursions, %u prefetch, %u rejected by " "ip ratelimiting", - threadnum, (unsigned)stats->num_queries, - (unsigned)(stats->num_queries - + threadnum, (unsigned)stats->num_queries, + (unsigned)(stats->num_queries - stats->num_queries_missed_cache), (unsigned)stats->num_queries_missed_cache, (unsigned)stats->num_queries_prefetch, @@ -279,7 +279,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i]; for(i=0; i<UB_STATS_RPZ_ACTION_NUM; i++) s->svr.rpz_action[i] += (long long)worker->env.mesh->rpz_action[i]; - timehist_export(worker->env.mesh->histogram, s->svr.hist, + timehist_export(worker->env.mesh->histogram, s->svr.hist, NUM_BUCKETS_HIST); /* values from outside network */ s->svr.unwanted_replies = (long long)worker->back->unwanted_replies; @@ -293,8 +293,10 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.queries_ratelimited = (long long)get_queries_ratelimit(worker, reset); /* get cache sizes */ - s->svr.msg_cache_count = (long long)count_slabhash_entries(worker->env.msg_cache); - s->svr.rrset_cache_count = (long long)count_slabhash_entries(&worker->env.rrset_cache->table); + get_slabhash_stats(worker->env.msg_cache, + &s->svr.msg_cache_count, &s->svr.msg_cache_max_collisions); + get_slabhash_stats(&worker->env.rrset_cache->table, + &s->svr.rrset_cache_count, &s->svr.rrset_cache_max_collisions); s->svr.infra_cache_count = (long long)count_slabhash_entries(worker->env.infra_cache->hosts); if(worker->env.key_cache) s->svr.key_cache_count = (long long)count_slabhash_entries(worker->env.key_cache->slab); @@ -354,6 +356,11 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.num_query_subnet = 0; s->svr.num_query_subnet_cache = 0; #endif +#ifdef USE_CACHEDB + s->svr.num_query_cachedb = (long long)worker->env.mesh->ans_cachedb; +#else + s->svr.num_query_cachedb = 0; +#endif /* get tcp accept usage */ s->svr.tcp_accept_usage = 0; @@ -419,7 +426,7 @@ void server_stats_reply(struct worker* worker, int reset) struct ub_stats_info s; server_stats_compile(worker, &s, reset); verbose(VERB_ALGO, "write stats replymsg"); - if(!tube_write_msg(worker->daemon->workers[0]->cmd, + if(!tube_write_msg(worker->daemon->workers[0]->cmd, (uint8_t*)&s, sizeof(s), 0)) fatal_exit("could not write stat values over cmd channel"); } @@ -428,8 +435,14 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) { total->svr.num_queries += a->svr.num_queries; total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited; + total->svr.num_queries_cookie_valid += a->svr.num_queries_cookie_valid; + total->svr.num_queries_cookie_client += a->svr.num_queries_cookie_client; + total->svr.num_queries_cookie_invalid += a->svr.num_queries_cookie_invalid; total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache; total->svr.num_queries_prefetch += a->svr.num_queries_prefetch; + total->svr.num_queries_timed_out += a->svr.num_queries_timed_out; + if (total->svr.max_query_time_us < a->svr.max_query_time_us) + total->svr.max_query_time_us = a->svr.max_query_time_us; total->svr.sum_query_list_size += a->svr.sum_query_list_size; total->svr.ans_expired += a->svr.ans_expired; #ifdef USE_DNSCRYPT @@ -471,6 +484,9 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) total->svr.unwanted_replies += a->svr.unwanted_replies; total->svr.unwanted_queries += a->svr.unwanted_queries; total->svr.tcp_accept_usage += a->svr.tcp_accept_usage; +#ifdef USE_CACHEDB + total->svr.num_query_cachedb += a->svr.num_query_cachedb; +#endif for(i=0; i<UB_STATS_QTYPE_NUM; i++) total->svr.qtype[i] += a->svr.qtype[i]; for(i=0; i<UB_STATS_QCLASS_NUM; i++) @@ -514,7 +530,7 @@ void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c, if(c->ssl != NULL) { stats->qtls++; #ifdef HAVE_SSL - if(SSL_session_reused(c->ssl)) + if(SSL_session_reused(c->ssl)) stats->qtls_resume++; #endif if(c->type == comm_http) @@ -555,3 +571,16 @@ void server_stats_insrcode(struct ub_server_stats* stats, sldns_buffer* buf) stats->ans_rcode_nodata ++; } } + +void server_stats_downstream_cookie(struct ub_server_stats* stats, + struct edns_data* edns) +{ + if(!(edns->edns_present && edns->cookie_present)) return; + if(edns->cookie_valid) { + stats->num_queries_cookie_valid++; + } else if(edns->cookie_client) { + stats->num_queries_cookie_client++; + } else { + stats->num_queries_cookie_invalid++; + } +} diff --git a/daemon/stats.h b/daemon/stats.h index 4e5e6cf8aed5..47bb20d7f8a7 100644 --- a/daemon/stats.h +++ b/daemon/stats.h @@ -126,4 +126,11 @@ void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c, */ void server_stats_insrcode(struct ub_server_stats* stats, struct sldns_buffer* buf); +/** + * Add DNS Cookie stats for this query + * @param stats: the stats + * @param edns: edns record + */ +void server_stats_downstream_cookie(struct ub_server_stats* stats, + struct edns_data* edns); #endif /* DAEMON_STATS_H */ diff --git a/daemon/worker.c b/daemon/worker.c index 99dcf9940004..8c6fa3b9af33 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -68,6 +68,7 @@ #include "util/fptr_wlist.h" #include "util/tube.h" #include "util/edns.h" +#include "util/timeval_func.h" #include "iterator/iter_fwd.h" #include "iterator/iter_hints.h" #include "iterator/iter_utils.h" @@ -112,7 +113,7 @@ /** Report on memory usage by this thread and global */ static void -worker_mem_report(struct worker* ATTR_UNUSED(worker), +worker_mem_report(struct worker* ATTR_UNUSED(worker), struct serviced_query* ATTR_UNUSED(cur_serv)) { #ifdef UNBOUND_ALLOC_STATS @@ -125,7 +126,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), #ifdef CLIENT_SUBNET size_t subnet = 0; #endif /* CLIENT_SUBNET */ - if(verbosity < VERB_ALGO) + if(verbosity < VERB_ALGO) return; front = listen_get_mem(worker->front); back = outnet_get_mem(worker->back); @@ -154,10 +155,10 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), (&worker->env, i); } me = sizeof(*worker) + sizeof(*worker->base) + sizeof(*worker->comsig) - + comm_point_get_mem(worker->cmd_com) - + sizeof(worker->rndstate) - + regional_get_mem(worker->scratchpad) - + sizeof(*worker->env.scratch_buffer) + + comm_point_get_mem(worker->cmd_com) + + sizeof(worker->rndstate) + + regional_get_mem(worker->scratchpad) + + sizeof(*worker->env.scratch_buffer) + sldns_buffer_capacity(worker->env.scratch_buffer) + forwards_get_mem(worker->env.fwds) + hints_get_mem(worker->env.hints); @@ -172,7 +173,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " "rrset=%u infra=%u iter=%u val=%u subnet=%u anchors=%u " "alloccache=%u globalalloccache=%u me=%u", - (unsigned)total, (unsigned)front, (unsigned)back, + (unsigned)total, (unsigned)front, (unsigned)back, (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)subnet, (unsigned)anch, (unsigned)ac, @@ -181,13 +182,13 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " "rrset=%u infra=%u iter=%u val=%u anchors=%u " "alloccache=%u globalalloccache=%u me=%u", - (unsigned)total, (unsigned)front, (unsigned)back, - (unsigned)mesh, (unsigned)msg, (unsigned)rrset, + (unsigned)total, (unsigned)front, (unsigned)back, + (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)anch, (unsigned)ac, (unsigned)superac, (unsigned)me); #endif /* CLIENT_SUBNET */ log_info("Total heap memory estimate: %u total-alloc: %u " - "total-free: %u", (unsigned)total, + "total-free: %u", (unsigned)total, (unsigned)unbound_mem_alloc, (unsigned)unbound_mem_freed); #else /* no UNBOUND_ALLOC_STATS */ size_t val = 0; @@ -227,7 +228,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), #endif /* UNBOUND_ALLOC_STATS */ } -void +void worker_send_cmd(struct worker* worker, enum worker_commands cmd) { uint32_t c = (uint32_t)htonl(cmd); @@ -236,8 +237,8 @@ worker_send_cmd(struct worker* worker, enum worker_commands cmd) } } -int -worker_handle_service_reply(struct comm_point* c, void* arg, int error, +int +worker_handle_service_reply(struct comm_point* c, void* arg, int error, struct comm_reply* reply_info) { struct outbound_entry* e = (struct outbound_entry*)arg; @@ -252,13 +253,13 @@ worker_handle_service_reply(struct comm_point* c, void* arg, int error, } /* sanity check. */ if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer)) - || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != + || LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) != LDNS_PACKET_QUERY || LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) { /* error becomes timeout for the module as if this reply * never arrived. */ verbose(VERB_ALGO, "worker: bad reply handled as timeout"); - mesh_report_reply(worker->env.mesh, e, reply_info, + mesh_report_reply(worker->env.mesh, e, reply_info, NETEVENT_TIMEOUT); worker_mem_report(worker, sq); return 0; @@ -288,64 +289,86 @@ worker_err_ratelimit(struct worker* worker, int err) return err; } +/** + * Structure holding the result of the worker_check_request function. + * Based on configuration it could be called up to four times; ideally should + * be called once. + */ +struct check_request_result { + int checked; + int value; +}; /** check request sanity. * @param pkt: the wire packet to examine for sanity. * @param worker: parameters for checking. - * @return error code, 0 OK, or -1 discard. + * @param out: struct to update with the result. */ -static int -worker_check_request(sldns_buffer* pkt, struct worker* worker) +static void +worker_check_request(sldns_buffer* pkt, struct worker* worker, + struct check_request_result* out) { + if(out->checked) return; + out->checked = 1; if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) { verbose(VERB_QUERY, "request too short, discarded"); - return -1; + out->value = -1; + return; } - if(sldns_buffer_limit(pkt) > NORMAL_UDP_SIZE && + if(sldns_buffer_limit(pkt) > NORMAL_UDP_SIZE && worker->daemon->cfg->harden_large_queries) { verbose(VERB_QUERY, "request too large, discarded"); - return -1; + out->value = -1; + return; } if(LDNS_QR_WIRE(sldns_buffer_begin(pkt))) { verbose(VERB_QUERY, "request has QR bit on, discarded"); - return -1; + out->value = -1; + return; } if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))) { LDNS_TC_CLR(sldns_buffer_begin(pkt)); verbose(VERB_QUERY, "request bad, has TC bit on"); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY && LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_NOTIFY) { - verbose(VERB_QUERY, "request unknown opcode %d", + verbose(VERB_QUERY, "request unknown opcode %d", LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL); + return; } if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) { - verbose(VERB_QUERY, "request wrong nr qd=%d", + verbose(VERB_QUERY, "request wrong nr qd=%d", LDNS_QDCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } - if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 && + if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 && (LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 1 || LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_NOTIFY)) { - verbose(VERB_QUERY, "request wrong nr an=%d", + verbose(VERB_QUERY, "request wrong nr an=%d", LDNS_ANCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } if(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) { - verbose(VERB_QUERY, "request wrong nr ns=%d", + verbose(VERB_QUERY, "request wrong nr ns=%d", LDNS_NSCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { - verbose(VERB_QUERY, "request wrong nr ar=%d", + verbose(VERB_QUERY, "request wrong nr ar=%d", LDNS_ARCOUNT(sldns_buffer_begin(pkt))); - return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + out->value = worker_err_ratelimit(worker, LDNS_RCODE_FORMERR); + return; } - return 0; + out->value = 0; + return; } -void +void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* msg, size_t len, int error, void* arg) { @@ -388,7 +411,7 @@ worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* msg, /** check if a delegation is secure */ static enum sec_status -check_delegation_secure(struct reply_info *rep) +check_delegation_secure(struct reply_info *rep) { /* return smallest security status */ size_t i; @@ -424,10 +447,10 @@ deleg_remove_nonsecure_additional(struct reply_info* rep) s = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data) ->security; if(s != sec_status_secure) { - memmove(rep->rrsets+i, rep->rrsets+i+1, - sizeof(struct ub_packed_rrset_key*)* + memmove(rep->rrsets+i, rep->rrsets+i+1, + sizeof(struct ub_packed_rrset_key*)* (rep->rrset_count - i - 1)); - rep->ar_numrrsets--; + rep->ar_numrrsets--; rep->rrset_count--; i--; } @@ -437,27 +460,28 @@ deleg_remove_nonsecure_additional(struct reply_info* rep) /** answer nonrecursive query from the cache */ static int answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, - uint16_t id, uint16_t flags, struct comm_reply* repinfo, + uint16_t id, uint16_t flags, struct comm_reply* repinfo, struct edns_data* edns) { /* for a nonrecursive query return either: * o an error (servfail; we try to avoid this) * o a delegation (closest we have; this routine tries that) - * o the answer (checked by answer_from_cache) + * o the answer (checked by answer_from_cache) * - * So, grab a delegation from the rrset cache. + * So, grab a delegation from the rrset cache. * Then check if it needs validation, if so, this routine fails, * so that iterator can prime and validator can verify rrsets. */ uint16_t udpsize = edns->udp_size; int secure = 0; time_t timenow = *worker->env.now; - int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd) + int has_cd_bit = (flags&BIT_CD); + int must_validate = (!has_cd_bit || worker->env.cfg->ignore_cd) && worker->env.need_to_validate; struct dns_msg *msg = NULL; struct delegpt *dp; - dp = dns_cache_find_delegation(&worker->env, qinfo->qname, + dp = dns_cache_find_delegation(&worker->env, qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, worker->scratchpad, &msg, timenow, 0, NULL, 0); if(!dp) { /* no delegation, need to reprime */ @@ -470,7 +494,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, if(must_validate) { switch(check_delegation_secure(msg->rep)) { case sec_status_unchecked: - /* some rrsets have not been verified yet, go and + /* some rrsets have not been verified yet, go and * let validator do that */ return 0; case sec_status_bogus: @@ -484,13 +508,14 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) return 0; - /* TODO store the reason for the bogus reply in cache - * and implement in here instead of the hardcoded EDE */ - if (worker->env.cfg->ede) { - EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, - worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, ""); + /* Attach the cached EDE (RFC8914) */ + if(worker->env.cfg->ede && + msg->rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&edns->opt_list_out, + worker->scratchpad, msg->rep->reason_bogus, + msg->rep->reason_bogus_str); } - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, + error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); if(worker->stats.extended) { worker->stats.ans_bogus++; @@ -522,6 +547,16 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, worker->env.now_tv)) return 0; msg->rep->flags |= BIT_QR|BIT_RA; + /* Attach the cached EDE (RFC8914) if CD bit is set and the answer is + * bogus. */ + if(worker->env.cfg->ede && has_cd_bit && + (check_delegation_secure(msg->rep) == sec_status_bogus || + check_delegation_secure(msg->rep) == sec_status_secure_sentinel_fail) && + msg->rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&edns->opt_list_out, + worker->scratchpad, msg->rep->reason_bogus, + msg->rep->reason_bogus_str); + } if(!reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags, repinfo->c->buffer, 0, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { @@ -529,7 +564,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) edns->opt_list_inplace_cb_out = NULL; - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, + error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); } if(worker->stats.extended) { @@ -565,9 +600,10 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo, /* xxx_deny actions mean dropping the reply, unless the original reply * was redirected to response-ip data. */ - if((actinfo.action == respip_deny || + if(actinfo.action == respip_always_deny || + ((actinfo.action == respip_deny || actinfo.action == respip_inform_deny) && - *encode_repp == rep) + *encode_repp == rep)) *encode_repp = NULL; /* If address info is returned, it means the action should be an @@ -611,7 +647,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, uint16_t udpsize = edns->udp_size; struct reply_info* encode_rep = rep; struct reply_info* partial_rep = *partial_repp; - int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd) + int has_cd_bit = (flags&BIT_CD); + int must_validate = (!has_cd_bit || worker->env.cfg->ignore_cd) && worker->env.need_to_validate; *partial_repp = NULL; /* avoid accidental further pass */ @@ -669,11 +706,11 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) goto bail_out; - /* TODO store the reason for the bogus reply in cache - * and implement in here instead of the hardcoded EDE */ - if (worker->env.cfg->ede) { - EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, - worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, ""); + /* Attach the cached EDE (RFC8914) */ + if(worker->env.cfg->ede && rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&edns->opt_list_out, + worker->scratchpad, rep->reason_bogus, + rep->reason_bogus_str); } error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); @@ -705,10 +742,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, edns->udp_size = EDNS_ADVERTISED_SIZE; edns->ext_rcode = 0; edns->bits &= EDNS_DO; - if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep, - (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad, - worker->env.now_tv)) - goto bail_out; *alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */ if((worker->daemon->use_response_ip || worker->daemon->use_rpz) && !partial_rep && !apply_respip_action(worker, qinfo, cinfo, rep, @@ -738,11 +771,24 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, goto bail_out; } } else { - if (*is_expired_answer == 1 && + if(*is_expired_answer == 1 && worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) { EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, worker->scratchpad, LDNS_EDE_STALE_ANSWER, ""); } + /* Attach the cached EDE (RFC8914) if CD bit is set and the + * answer is bogus. */ + if(*is_secure_answer == 0 && + worker->env.cfg->ede && has_cd_bit && + encode_rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&edns->opt_list_out, + worker->scratchpad, encode_rep->reason_bogus, + encode_rep->reason_bogus_str); + } + if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, encode_rep, + (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad, + worker->env.now_tv)) + goto bail_out; if(!reply_info_answer_encode(qinfo, encode_rep, id, flags, repinfo->c->buffer, timenow, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), @@ -763,7 +809,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, return 1; bail_out: - rrset_array_unlock_touch(worker->env.rrset_cache, + rrset_array_unlock_touch(worker->env.rrset_cache, worker->scratchpad, rep->ref, rep->rrset_count); return 0; } @@ -793,7 +839,8 @@ reply_and_prefetch(struct worker* worker, struct query_info* qinfo, if(modstack_find(&worker->env.mesh->mods, "subnetcache") != -1 && worker->env.unique_mesh) { mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway + - PREFETCH_EXPIRY_ADD, rpz_passthru, repinfo, opt_list); + PREFETCH_EXPIRY_ADD, rpz_passthru, + &repinfo->client_addr, opt_list); return; } #endif @@ -947,12 +994,12 @@ answer_chaos(struct worker* w, struct query_info* qinfo, struct config_file* cfg = w->env.cfg; if(qinfo->qtype != LDNS_RR_TYPE_ANY && qinfo->qtype != LDNS_RR_TYPE_TXT) return 0; - if(query_dname_compare(qinfo->qname, + if(query_dname_compare(qinfo->qname, (uint8_t*)"\002id\006server") == 0 || - query_dname_compare(qinfo->qname, + query_dname_compare(qinfo->qname, (uint8_t*)"\010hostname\004bind") == 0) { - if(cfg->hide_identity) + if(cfg->hide_identity) return 0; if(cfg->identity==NULL || cfg->identity[0]==0) { char buf[MAXHOSTNAMELEN+1]; @@ -967,12 +1014,12 @@ answer_chaos(struct worker* w, struct query_info* qinfo, else chaos_replyonestr(pkt, cfg->identity, edns, w, repinfo); return 1; } - if(query_dname_compare(qinfo->qname, + if(query_dname_compare(qinfo->qname, (uint8_t*)"\007version\006server") == 0 || - query_dname_compare(qinfo->qname, + query_dname_compare(qinfo->qname, (uint8_t*)"\007version\004bind") == 0) { - if(cfg->hide_version) + if(cfg->hide_version) return 0; if(cfg->version==NULL || cfg->version[0]==0) chaos_replyonestr(pkt, PACKAGE_STRING, edns, w, repinfo); @@ -1056,7 +1103,8 @@ static int deny_refuse(struct comm_point* c, enum acl_access acl, enum acl_access deny, enum acl_access refuse, struct worker* worker, struct comm_reply* repinfo, - struct acl_addr* acladdr, int ede) + struct acl_addr* acladdr, int ede, + struct check_request_result* check_result) { if(acl == deny) { if(verbosity >= VERB_ALGO) { @@ -1079,9 +1127,16 @@ deny_refuse(struct comm_point* c, enum acl_access acl, if(worker->stats.extended) worker->stats.unwanted_queries++; - if(worker_check_request(c->buffer, worker) == -1) { + worker_check_request(c->buffer, worker, check_result); + if(check_result->value != 0) { + if(check_result->value != -1) { + LDNS_QR_SET(sldns_buffer_begin(c->buffer)); + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + check_result->value); + return 1; + } comm_point_drop_reply(repinfo); - return 0; /* discard this */ + return 0; } /* worker_check_request() above guarantees that the buffer contains at * least a header and that qdcount == 1 @@ -1131,7 +1186,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl, return 1; } LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); sldns_buffer_skip(c->buffer, (ssize_t)sizeof(uint16_t)); /* skip qtype */ @@ -1146,7 +1201,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl, /* Skip through the RR records */ if(LDNS_ANCOUNT(sldns_buffer_begin(c->buffer)) != 0 || LDNS_NSCOUNT(sldns_buffer_begin(c->buffer)) != 0) { - if(!skip_pkt_rrs(c->buffer, + if(!skip_pkt_rrs(c->buffer, ((int)LDNS_ANCOUNT(sldns_buffer_begin(c->buffer)))+ ((int)LDNS_NSCOUNT(sldns_buffer_begin(c->buffer))))) { LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), @@ -1235,7 +1290,8 @@ deny_refuse(struct comm_point* c, enum acl_access acl, static int deny_refuse_all(struct comm_point* c, enum acl_access* acl, struct worker* worker, struct comm_reply* repinfo, - struct acl_addr** acladdr, int ede, int check_proxy) + struct acl_addr** acladdr, int ede, int check_proxy, + struct check_request_result* check_result) { if(check_proxy) { *acladdr = acl_addr_lookup(worker->daemon->acl, @@ -1250,16 +1306,51 @@ deny_refuse_all(struct comm_point* c, enum acl_access* acl, } *acl = acl_get_control(*acladdr); return deny_refuse(c, *acl, acl_deny, acl_refuse, worker, repinfo, - *acladdr, ede); + *acladdr, ede, check_result); } static int deny_refuse_non_local(struct comm_point* c, enum acl_access acl, struct worker* worker, struct comm_reply* repinfo, - struct acl_addr* acladdr, int ede) + struct acl_addr* acladdr, int ede, + struct check_request_result* check_result) { return deny_refuse(c, acl, acl_deny_non_local, acl_refuse_non_local, - worker, repinfo, acladdr, ede); + worker, repinfo, acladdr, ede, check_result); +} + +/* Returns 1 if the ip rate limit check can happen before EDNS parsing, + * else 0 */ +static int +pre_edns_ip_ratelimit_check(enum acl_access acl) +{ + if(acl == acl_allow_cookie) return 0; + return 1; +} + +/* Check if the query is blocked by source IP rate limiting. + * Returns 1 if it passes the check, 0 otherwise. */ +static int +check_ip_ratelimit(struct worker* worker, struct sockaddr_storage* addr, + socklen_t addrlen, int has_cookie, sldns_buffer* pkt) +{ + if(!infra_ip_ratelimit_inc(worker->env.infra_cache, addr, addrlen, + *worker->env.now, has_cookie, + worker->env.cfg->ip_ratelimit_backoff, pkt)) { + /* See if we can pass through with slip factor */ + if(!has_cookie && worker->env.cfg->ip_ratelimit_factor != 0 && + ub_random_max(worker->env.rnd, + worker->env.cfg->ip_ratelimit_factor) == 0) { + char addrbuf[128]; + addr_to_str(addr, addrlen, addrbuf, sizeof(addrbuf)); + verbose(VERB_QUERY, "ip_ratelimit allowed through for " + "ip address %s because of slip in " + "ip_ratelimit_factor", addrbuf); + return 1; + } + return 0; + } + return 1; } int @@ -1275,11 +1366,13 @@ worker_handle_request(struct comm_point* c, void* arg, int error, struct edns_option* original_edns_list = NULL; enum acl_access acl; struct acl_addr* acladdr; + int pre_edns_ip_ratelimit = 1; int rc = 0; int need_drop = 0; int is_expired_answer = 0; int is_secure_answer = 0; int rpz_passthru = 0; + long long wait_queue_time = 0; /* We might have to chase a CNAME chain internally, in which case * we'll have up to two replies and combine them to build a complete * answer. These variables control this case. */ @@ -1288,6 +1381,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, struct query_info* lookup_qinfo = &qinfo; struct query_info qinfo_tmp; /* placeholder for lookup_qinfo */ struct respip_client_info* cinfo = NULL, cinfo_tmp; + struct timeval wait_time; + struct check_request_result check_result = {0,0}; memset(&qinfo, 0, sizeof(qinfo)); if((error != NETEVENT_NOERROR && error != NETEVENT_DONE)|| !repinfo) { @@ -1295,6 +1390,20 @@ worker_handle_request(struct comm_point* c, void* arg, int error, verbose(VERB_ALGO, "handle request called with err=%d", error); return 0; } + + if (worker->env.cfg->sock_queue_timeout && timeval_isset(&c->recv_tv)) { + timeval_subtract(&wait_time, worker->env.now_tv, &c->recv_tv); + wait_queue_time = wait_time.tv_sec * 1000000 + wait_time.tv_usec; + if (worker->stats.max_query_time_us < wait_queue_time) + worker->stats.max_query_time_us = wait_queue_time; + if(wait_queue_time > + (long long)(worker->env.cfg->sock_queue_timeout * 1000000)) { + /* count and drop queries that were sitting in the socket queue too long */ + worker->stats.num_queries_timed_out++; + return 0; + } + } + #ifdef USE_DNSCRYPT repinfo->max_udp_size = worker->daemon->cfg->max_udp_size; if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) { @@ -1304,7 +1413,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(c->dnscrypt && !repinfo->is_dnscrypted) { char buf[LDNS_MAX_DOMAINLEN+1]; /* Check if this is unencrypted and asking for certs */ - if(worker_check_request(c->buffer, worker) != 0) { + worker_check_request(c->buffer, worker, &check_result); + if(check_result.value != 0) { verbose(VERB_ALGO, "dnscrypt: worker check request: bad query."); log_addr(VERB_CLIENT,"from",&repinfo->client_addr, @@ -1346,31 +1456,34 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(worker->dtenv.log_client_query_messages) { log_addr(VERB_ALGO, "request from client", &repinfo->client_addr, repinfo->client_addrlen); log_addr(VERB_ALGO, "to local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); - dt_msg_send_client_query(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + dt_msg_send_client_query(&worker->dtenv, &repinfo->client_addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer, + ((worker->env.cfg->sock_queue_timeout && timeval_isset(&c->recv_tv))?&c->recv_tv:NULL)); } #endif /* Check deny/refuse ACLs */ if(repinfo->is_proxied) { if((ret=deny_refuse_all(c, &acl, worker, repinfo, &acladdr, - worker->env.cfg->ede, 1)) != -1) { + worker->env.cfg->ede, 1, &check_result)) != -1) { if(ret == 1) goto send_reply; return ret; } } if((ret=deny_refuse_all(c, &acl, worker, repinfo, &acladdr, - worker->env.cfg->ede, 0)) != -1) { + worker->env.cfg->ede, 0, &check_result)) != -1) { if(ret == 1) goto send_reply; return ret; } - if((ret=worker_check_request(c->buffer, worker)) != 0) { + worker_check_request(c->buffer, worker, &check_result); + if(check_result.value != 0) { verbose(VERB_ALGO, "worker check request: bad query."); log_addr(VERB_CLIENT,"from",&repinfo->client_addr, repinfo->client_addrlen); - if(ret != -1) { + if(check_result.value != -1) { LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + check_result.value); return 1; } comm_point_drop_reply(repinfo); @@ -1378,33 +1491,21 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } worker->stats.num_queries++; - - /* check if this query should be dropped based on source ip rate limiting - * NOTE: we always check the repinfo->client_address. IP ratelimiting is - * implicitly disabled for proxies. */ - if(!infra_ip_ratelimit_inc(worker->env.infra_cache, - &repinfo->client_addr, repinfo->client_addrlen, - *worker->env.now, - worker->env.cfg->ip_ratelimit_backoff, c->buffer)) { - /* See if we are passed through with slip factor */ - if(worker->env.cfg->ip_ratelimit_factor != 0 && - ub_random_max(worker->env.rnd, - worker->env.cfg->ip_ratelimit_factor) == 0) { - char addrbuf[128]; - addr_to_str(&repinfo->client_addr, - repinfo->client_addrlen, addrbuf, - sizeof(addrbuf)); - verbose(VERB_QUERY, "ip_ratelimit allowed through for " - "ip address %s because of slip in " - "ip_ratelimit_factor", addrbuf); - } else { + pre_edns_ip_ratelimit = pre_edns_ip_ratelimit_check(acl); + + /* If the IP rate limiting check needs extra EDNS information (e.g., + * DNS Cookies) postpone the check until after EDNS is parsed. */ + if(pre_edns_ip_ratelimit) { + /* NOTE: we always check the repinfo->client_address. + * IP ratelimiting is implicitly disabled for proxies. */ + if(!check_ip_ratelimit(worker, &repinfo->client_addr, + repinfo->client_addrlen, 0, c->buffer)) { worker->stats.num_queries_ip_ratelimited++; comm_point_drop_reply(repinfo); return 0; } } - /* see if query is in the cache */ if(!query_info_parse(&qinfo, c->buffer)) { verbose(VERB_ALGO, "worker parse request: formerror."); log_addr(VERB_CLIENT, "from", &repinfo->client_addr, @@ -1416,7 +1517,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_FORMERR); goto send_reply; } @@ -1425,21 +1526,21 @@ worker_handle_request(struct comm_point* c, void* arg, int error, addr_to_str(&repinfo->client_addr, repinfo->client_addrlen, ip, sizeof(ip)); log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); } - if(qinfo.qtype == LDNS_RR_TYPE_AXFR || + if(qinfo.qtype == LDNS_RR_TYPE_AXFR || qinfo.qtype == LDNS_RR_TYPE_IXFR) { verbose(VERB_ALGO, "worker request: refused zone transfer."); log_addr(VERB_CLIENT, "from", &repinfo->client_addr, repinfo->client_addrlen); sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; } goto send_reply; } - if(qinfo.qtype == LDNS_RR_TYPE_OPT || + if(qinfo.qtype == LDNS_RR_TYPE_OPT || qinfo.qtype == LDNS_RR_TYPE_TSIG || qinfo.qtype == LDNS_RR_TYPE_TKEY || qinfo.qtype == LDNS_RR_TYPE_MAILA || @@ -1454,23 +1555,23 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } sldns_buffer_rewind(c->buffer); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_FORMERR); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; } goto send_reply; } - if((ret=parse_edns_from_query_pkt(c->buffer, &edns, worker->env.cfg, c, - worker->scratchpad)) != 0) { + if((ret=parse_edns_from_query_pkt( + c->buffer, &edns, worker->env.cfg, c, repinfo, + (worker->env.now ? *worker->env.now : time(NULL)), + worker->scratchpad)) != 0) { struct edns_data reply_edns; verbose(VERB_ALGO, "worker parse edns: formerror."); log_addr(VERB_CLIENT, "from", &repinfo->client_addr, repinfo->client_addrlen); memset(&reply_edns, 0, sizeof(reply_edns)); reply_edns.edns_present = 1; - reply_edns.udp_size = EDNS_ADVERTISED_SIZE; - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret); error_encode(c->buffer, ret, &qinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns); @@ -1479,23 +1580,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } if(edns.edns_present) { if(edns.edns_version != 0) { - edns.ext_rcode = (uint8_t)(EDNS_RCODE_BADVERS>>4); - edns.edns_version = EDNS_ADVERTISED_VERSION; - edns.udp_size = EDNS_ADVERTISED_SIZE; - edns.bits &= EDNS_DO; edns.opt_list_in = NULL; edns.opt_list_out = NULL; edns.opt_list_inplace_cb_out = NULL; - edns.padding_block_size = 0; verbose(VERB_ALGO, "query with bad edns version."); log_addr(VERB_CLIENT, "from", &repinfo->client_addr, repinfo->client_addrlen); - error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo, + extended_error_encode(c->buffer, EDNS_RCODE_BADVERS, &qinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), NULL); - if(sldns_buffer_capacity(c->buffer) >= - sldns_buffer_limit(c->buffer)+calc_edns_field_size(&edns)) - attach_edns_record(c->buffer, &edns); + sldns_buffer_read_u16_at(c->buffer, 2), 0, &edns); regional_free_all(worker->scratchpad); goto send_reply; } @@ -1508,6 +1601,62 @@ worker_handle_request(struct comm_point* c, void* arg, int error, edns.udp_size = NORMAL_UDP_SIZE; } } + + /* Get stats for cookies */ + server_stats_downstream_cookie(&worker->stats, &edns); + + /* If the IP rate limiting check was postponed, check now. */ + if(!pre_edns_ip_ratelimit) { + /* NOTE: we always check the repinfo->client_address. + * IP ratelimiting is implicitly disabled for proxies. */ + if(!check_ip_ratelimit(worker, &repinfo->client_addr, + repinfo->client_addrlen, edns.cookie_valid, + c->buffer)) { + worker->stats.num_queries_ip_ratelimited++; + comm_point_drop_reply(repinfo); + return 0; + } + } + + /* "if, else if" sequence below deals with downstream DNS Cookies */ + if(acl != acl_allow_cookie) + ; /* pass; No cookie downstream processing whatsoever */ + + else if(edns.cookie_valid) + ; /* pass; Valid cookie is good! */ + + else if(c->type != comm_udp) + ; /* pass; Stateful transport */ + + else if(edns.cookie_present) { + /* Cookie present, but not valid: Cookie was bad! */ + extended_error_encode(c->buffer, + LDNS_EXT_RCODE_BADCOOKIE, &qinfo, + *(uint16_t*)(void *) + sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), + 0, &edns); + regional_free_all(worker->scratchpad); + goto send_reply; + } else { + /* Cookie required, but no cookie present on UDP */ + verbose(VERB_ALGO, "worker request: " + "need cookie or stateful transport"); + log_addr(VERB_ALGO, "from",&repinfo->remote_addr + , repinfo->remote_addrlen); + EDNS_OPT_LIST_APPEND_EDE(&edns.opt_list_out, + worker->scratchpad, LDNS_EDE_OTHER, + "DNS Cookie needed for UDP replies"); + error_encode(c->buffer, + (LDNS_RCODE_REFUSED|BIT_TC), &qinfo, + *(uint16_t*)(void *) + sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), + &edns); + regional_free_all(worker->scratchpad); + goto send_reply; + } + if(edns.udp_size > worker->daemon->cfg->max_udp_size && c->type == comm_udp) { verbose(VERB_QUERY, @@ -1523,10 +1672,10 @@ worker_handle_request(struct comm_point* c, void* arg, int error, repinfo->client_addrlen); LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_TC_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), + LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_SERVFAIL); sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_write_at(c->buffer, 4, + sldns_buffer_write_at(c->buffer, 4, (uint8_t*)"\0\0\0\0\0\0\0\0", 8); sldns_buffer_flip(c->buffer); regional_free_all(worker->scratchpad); @@ -1593,7 +1742,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, /* We've looked in our local zones. If the answer isn't there, we * might need to bail out based on ACLs now. */ if((ret=deny_refuse_non_local(c, acl, worker, repinfo, acladdr, - worker->env.cfg->ede)) != -1) + worker->env.cfg->ede, &check_result)) != -1) { regional_free_all(worker->scratchpad); if(ret == 1) @@ -1612,7 +1761,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, * ACLs allow the snooping. */ if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) && acl != acl_allow_snoop ) { - if (worker->env.cfg->ede) { + if(worker->env.cfg->ede) { EDNS_OPT_LIST_APPEND_EDE(&edns.opt_list_out, worker->scratchpad, LDNS_EDE_NOT_AUTHORITATIVE, ""); } @@ -1745,8 +1894,8 @@ lookup_cache: if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { if(answer_norec_from_cache(worker, &qinfo, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, &edns)) { regional_free_all(worker->scratchpad); goto send_reply; @@ -1825,10 +1974,10 @@ send_reply_rc: return rc; } -void +void worker_sighandler(int sig, void* arg) { - /* note that log, print, syscalls here give race conditions. + /* note that log, print, syscalls here give race conditions. * And cause hangups if the log-lock is held by the application. */ struct worker* worker = (struct worker*)arg; switch(sig) { @@ -1903,13 +2052,13 @@ void worker_probe_timer_cb(void* arg) comm_timer_set(worker->env.probe_timer, &tv); } -struct worker* +struct worker* worker_create(struct daemon* daemon, int id, int* ports, int n) { unsigned int seed; - struct worker* worker = (struct worker*)calloc(1, + struct worker* worker = (struct worker*)calloc(1, sizeof(struct worker)); - if(!worker) + if(!worker) return NULL; worker->numports = n; worker->ports = (int*)memdup(ports, sizeof(int)*n); @@ -1937,7 +2086,7 @@ worker_create(struct daemon* daemon, int id, int* ports, int n) } int -worker_init(struct worker* worker, struct config_file *cfg, +worker_init(struct worker* worker, struct config_file *cfg, struct listen_port* ports, int do_sigs) { #ifdef USE_DNSTAP @@ -1970,9 +2119,9 @@ worker_init(struct worker* worker, struct config_file *cfg, #endif ub_thread_sig_unblock(SIGTERM); #ifndef LIBEVENT_SIGNAL_PROBLEM - worker->comsig = comm_signal_create(worker->base, + worker->comsig = comm_signal_create(worker->base, worker_sighandler, worker); - if(!worker->comsig + if(!worker->comsig #ifdef SIGHUP || !comm_signal_bind(worker->comsig, SIGHUP) #endif @@ -1989,7 +2138,7 @@ worker_init(struct worker* worker, struct config_file *cfg, return 0; } #endif /* LIBEVENT_SIGNAL_PROBLEM */ - if(!daemon_remote_open_accept(worker->daemon->rc, + if(!daemon_remote_open_accept(worker->daemon->rc, worker->daemon->rc_ports, worker)) { worker_delete(worker); return 0; @@ -2023,8 +2172,8 @@ worker_init(struct worker* worker, struct config_file *cfg, return 0; } worker->back = outside_network_create(worker->base, - cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, - cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, + cfg->msg_buffer_size, (size_t)cfg->outgoing_num_ports, + cfg->out_ifs, cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6, cfg->do_tcp?cfg->outgoing_num_tcp:0, cfg->ip_dscp, worker->daemon->env->infra_cache, worker->rndstate, cfg->use_caps_bits_for_id, worker->ports, worker->numports, @@ -2049,13 +2198,13 @@ worker_init(struct worker* worker, struct config_file *cfg, worker_delete(worker); return 0; } - worker->stat_timer = comm_timer_create(worker->base, + worker->stat_timer = comm_timer_create(worker->base, worker_stat_timer_cb, worker); if(!worker->stat_timer) { log_err("could not create statistics timer"); } - /* we use the msg_buffer_size as a good estimate for what the + /* we use the msg_buffer_size as a good estimate for what the * user wants for memory usage sizes */ worker->scratchpad = regional_create_custom(cfg->msg_buffer_size); if(!worker->scratchpad) { @@ -2164,23 +2313,23 @@ worker_init(struct worker* worker, struct config_file *cfg, worker_mem_report(worker, NULL); /* if statistics enabled start timer */ if(worker->env.cfg->stat_interval > 0) { - verbose(VERB_ALGO, "set statistics interval %d secs", + verbose(VERB_ALGO, "set statistics interval %d secs", worker->env.cfg->stat_interval); worker_restart_timer(worker); } return 1; } -void +void worker_work(struct worker* worker) { comm_base_dispatch(worker->base); } -void +void worker_delete(struct worker* worker) { - if(!worker) + if(!worker) return; if(worker->env.mesh && verbosity >= VERB_OPS) { server_stats_log(&worker->stats, worker, worker->thread_num); @@ -2232,7 +2381,7 @@ worker_send_query(struct query_info* qinfo, uint16_t flags, int dnssec, struct worker* worker = q->env->worker; struct outbound_entry* e = (struct outbound_entry*)regional_alloc( q->region, sizeof(*e)); - if(!e) + if(!e) return NULL; e->qstate = q; e->qsent = outnet_serviced_query(worker->back, qinfo, flags, dnssec, @@ -2246,7 +2395,7 @@ worker_send_query(struct query_info* qinfo, uint16_t flags, int dnssec, return e; } -void +void worker_alloc_cleanup(void* arg) { struct worker* worker = (struct worker*)arg; @@ -2294,7 +2443,7 @@ struct outbound_entry* libworker_send_query( return 0; } -int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), +int libworker_handle_service_reply(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) { diff --git a/dns64/dns64.c b/dns64/dns64.c index 4b98b609e2d3..1e31f51e831f 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -59,7 +59,7 @@ ******************************************************************************/ /** - * This is the default DNS64 prefix that is used whent he dns64 module is listed + * This is the default DNS64 prefix that is used when the dns64 module is listed * in module-config but when the dns64-prefix variable is not present. */ static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96"; @@ -841,7 +841,7 @@ dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount, rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets, - rep->rrset_count, rep->security); + rep->rrset_count, rep->security, LDNS_EDE_NONE); if(!cp) return; diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index 5c0cde1d5588..d15eb9b004b2 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -388,12 +388,15 @@ dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, struct sockaddr_storage *rsock, enum comm_point_type cptype, - sldns_buffer *qmsg) + sldns_buffer *qmsg, + struct timeval* tstamp) { struct dt_msg dm; struct timeval qtime; - gettimeofday(&qtime, NULL); + if(tstamp) + memcpy(&qtime, tstamp, sizeof(qtime)); + else gettimeofday(&qtime, NULL); /* type */ dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_QUERY); diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h index 449fae727eac..169bdc2c6815 100644 --- a/dnstap/dnstap.h +++ b/dnstap/dnstap.h @@ -126,13 +126,15 @@ dt_delete(struct dt_env *env); * @param rsock: local (service) address/port. * @param cptype: comm_udp or comm_tcp. * @param qmsg: query message. + * @param tstamp: timestamp or NULL if none provided. */ void dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, struct sockaddr_storage *rsock, enum comm_point_type cptype, - struct sldns_buffer *qmsg); + struct sldns_buffer *qmsg, + struct timeval* tstamp); /** * Create and send a new dnstap "Message" event of type CLIENT_RESPONSE. diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c index 3bf889463eac..d172a6744a07 100644 --- a/dnstap/unbound-dnstap-socket.c +++ b/dnstap/unbound-dnstap-socket.c @@ -61,6 +61,7 @@ #include "services/listen_dnsport.h" #include "sldns/sbuffer.h" #include "sldns/wire2str.h" +#include "sldns/pkthdr.h" #ifdef USE_DNSTAP #include <protobuf-c/protobuf-c.h> #include "dnstap/dnstap.pb-c.h" @@ -448,6 +449,7 @@ static char* q_of_msg(ProtobufCBinaryData message) char buf[300]; /* header, name, type, class minimum to get the query tuple */ if(message.len < 12 + 1 + 4 + 4) return NULL; + if(LDNS_QDCOUNT(message.data) < 1) return NULL; if(sldns_wire2str_rrquestion_buf(message.data+12, message.len-12, buf, sizeof(buf)) != 0) { /* remove trailing newline, tabs to spaces */ @@ -502,7 +504,7 @@ static char* tv_to_str(protobuf_c_boolean has_time_sec, uint64_t time_sec, time_t time_t_sec; memset(&tv, 0, sizeof(tv)); if(has_time_sec) tv.tv_sec = time_sec; - if(has_time_nsec) tv.tv_usec = time_nsec; + if(has_time_nsec) tv.tv_usec = time_nsec/1000; buf[0]=0; time_t_sec = tv.tv_sec; @@ -789,7 +791,7 @@ static int reply_with_accept(struct tap_data* data) /** reply with FINISH control frame to bidirectional client, * returns 0 on error */ -static int reply_with_finish(int fd) +static int reply_with_finish(struct tap_data* data) { #ifdef USE_DNSTAP size_t len = 0; @@ -799,21 +801,34 @@ static int reply_with_finish(int fd) return 0; } - fd_set_block(fd); - if(send(fd, finishframe, len, 0) == -1) { - log_err("send failed: %s", sock_strerror(errno)); - fd_set_nonblock(fd); - free(finishframe); - return 0; + fd_set_block(data->fd); + if(data->ssl) { + int r; + if((r=SSL_write(data->ssl, finishframe, len)) <= 0) { + if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN) + log_err("SSL_write, peer closed connection"); + else + log_err("could not SSL_write"); + fd_set_nonblock(data->fd); + free(finishframe); + return 0; + } + } else { + if(send(data->fd, finishframe, len, 0) == -1) { + log_err("send failed: %s", sock_strerror(errno)); + fd_set_nonblock(data->fd); + free(finishframe); + return 0; + } } if(verbosity) log_info("sent control frame(finish)"); - fd_set_nonblock(fd); + fd_set_nonblock(data->fd); free(finishframe); return 1; #else log_err("no dnstap compiled, no reply"); - (void)fd; + (void)data; return 0; #endif } @@ -933,7 +948,7 @@ static int tap_handshake(struct tap_data* data) #endif /* HAVE_SSL */ /** callback for dnstap listener */ -void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) +void dtio_tap_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(bits), void* arg) { struct tap_data* data = (struct tap_data*)arg; if(verbosity>=3) log_info("tap callback"); @@ -1016,7 +1031,7 @@ void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) } } else if(data->len >= 4 && sldns_read_uint32(data->frame) == FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) { - if(!reply_with_finish(fd)) { + if(!reply_with_finish(data)) { tap_data_free(data); return; } diff --git a/doc/Changelog b/doc/Changelog index 899026352434..a7c9c40026e5 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,326 @@ +25 August 2023: Wouter + - Fix compile error on NetBSD in util/netevent.h. + +23 August 2023: Wouter + - Tag for 1.18.0rc1 release. + +22 August 2023: Wouter + - Set version number to 1.18.0. + +21 August 2023: Wouter + - Debug Windows ci workflow. + - Fix windows ci workflow to install bison and flex. + - Fix for #925: unbound.service: Main process exited, code=killed, + status=11/SEGV. Fixes cachedb configuration handling. + - Fix #923: processQueryResponse() THROWAWAY should be mindful of + fail_reply. + - Fix unit test for unbound-control to work when threads are disabled, + and fix cache dump check. + +18 August 2023: Wouter + - Fix for iter_dec_attempts that could cause a hang, part of + capsforid and qname minimisation, depending on the settings. + - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg. + - Fix stat_values test to work with dig that enables DNS cookies. + +17 August 2023: Wouter + - Merge PR #762: Downstream DNS Server Cookies a la RFC7873 and + RFC9018. Create server cookies for clients that send client cookies. + This needs to be explicitly turned on in the config file with: + `answer-cookie: yes`. A `cookie-secret:` can be configured for + anycast setups. Without one, a random cookie secret is generated. + The acl option `allow_cookie` allows queries with either a valid + cookie or over a stateful transport. The statistics output has + `queries_cookie_valid` and `queries_cookie_client` and + `queries_cookie_invalid` information. The `ip\-ratelimit\-cookie:` + value determines a rate limit for queries with cookies, if desired. + - Fix regional_alloc_init for potential unaligned source of the copy. + - Fix ip_ratelimit test to work with dig that enables DNS cookies. + +2 August 2023: George + - Move a cache reply callback in worker.c closer to the cache reply + generation. + +1 August 2023: George + - Merge #911 from natalie-reece: Exclude EDE before other EDNS options + when there isn't enough space. + - For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options + altogether) before giving up on attaching EDE options. + - More braces and formatting for Fix for EDNS EDE size calculation to + avoid future bugs. + - Fix to use the now cached EDE, if any, for CD_bit queries. + +1 August 2023: Wouter + - Fix for EDNS EDE size calculation. + +31 July 2023: George + - Merge #790 from Tom Carpay: Add support for EDE caching in cachedb + and subnetcache. + +31 July 2023: Wouter + - iana portlist update. + +30 July 2023: George + - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. + +28 July 2023: George + - Fix unused variable compile warning for kernel timestamps in + netevent.c + +21 July 2023: George + - Merge #857 from eaglegai: fix potential memory leaks when errors + happen. + - For #857: fix mixed declarations and code. + - Merge #118 from mibere: Changed verbosity level for Redis init & + deinit. + - Merge #390 from Frank Riley: Add missing callbacks to the python + module. + - Cleaner failure code for callback functions in interface.i. + - Merge #889 from borisVanhoof: Free memory in error case + remove + unused function. + - For #889: use netcat-openbsd instead of netcat-traditional. + - For #889: Account for num_detached_states before possible + mesh_state_delete when erroring out. + +20 July 2023: George + - Merge #909 from headshog: Numeric truncation when parsing TYPEXX and + CLASSXX representation. + - For #909: Fix return values. + - Merge #901 from Sergei Trofimovich: config: improve handling of + unknown modules. + +20 July 2023: Wouter + - For #909: Fix RR class comparison. + +14 July 2023: George + - More clear description of the different auth-zone behaviors on the + man page. + +13 July 2023: George + - Merge #880 from chipitsine: services/authzone.c: remove redundant + check. + +11 July 2023: George + - Merge #664 from tilan7763: Add prefetch support for subnet cache + entries. + - For #664: Easier code flow for subnetcache prefetching. + - For #664: Add testcase. + - For #664: Rename subnet_prefetch tests to subnet_global_prefetch to + differentiate from the new subnet prefetch support. + +3 July 2023: George + - Merge #739: Add SVCB dohpath support. + - Code cleanup for sldns_str2wire_svcparam_key_lookup. + - Merge #802: add validation EDEs to queries where the CD bit is set. + - For #802: Cleanup comments and add RCODE check for CD bit test case. + - Skip the 00-lint test. splint is not maintained; it either does not + work or produces false positives. Static analysis is handled in the + clang test. + +3 July 2023: Wouter + - Fix #906: warning: ‘Py_SetProgramName’ is deprecated. + - Fix dereference of NULL variable warning in mesh_do_callback. + +29 June 2023: George + - More fixes for reference counting for python module and clean up + failure code. + - Merge #827 from rcmcdonald91: Eliminate unnecessary Python reloading + which causes memory leaks. + +29 June 2023: Wouter + - Fix python modules with multiple scripts, by incrementing reference + counts. + +27 June 2023: George + - Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as + a new statistical counter. + - Remove warning about unknown cast-function-type warning pragma. + +22 June 2023: Wouter + - Merge #903: contrib: add yocto compatible init script. + +15 June 2023: Philip + - Fix for issue #887 (Timeouts to forward servers on BSD based + system with ASLR) + - Probably fixes #516 (Stream reuse does not work on Windows) as well + +14 June 2023: George + - Properly handle all return values of worker_check_request during + early EDE code. + - Do not check the incoming request more than once. + +12 June 2023: Wouter + - Merge #896: Fix: #895: pythonmodule: add all site-packages + directories to sys.path. + - Fix #895: python + sysconfig gives ANOTHER path comparing to + distutils. + - Fix for uncertain unit test for doh buffer size events. + +25 May 2023: Wouter + - Fix unbound-dnstap-socket printout when no query is present. + - Fix unbound-dnstap-socket time fraction conversion for printout. + +19 May 2023: Wouter + - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. + - Fix to remove unused variables from RPZ clientip data structure. + +16 May 2023: Wouter + - Fix #888: [FR] Use kernel timestamps for dnstap. + - Fix to print debug log for ancillary data with correct IP address. + +11 May 2023: Wouter + - Fix warning in windows compile, in set_recvtimestamp. + +4 May 2023: Wouter + - Fix #885: Error: util/configlexer.c: No such file or directory, + adds error messages explaining to install flex and bison. + - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h. + - Fix doxygen in addr_to_nat64 header definition. + +1 May 2023: George + - Merge #722 from David 'eqvinox' Lamparter: NAT64 support. + - For #722: minor fixes, formatting, refactoring. + +1 May 2023: Wouter + - Fix RPZ IP responses with trigger rpz-drop on cache entries, that + they are dropped. + +26 April 2023: Philip + - Fix issue #860: Bad interaction with 0 TTL records and serve-expired + +26 April 2023: Wouter + - Merge #882 from vvfedorenko: Features/dropqueuedpackets, with + sock-queue-timeout option that drops packets that have been in the + socket queue for too long. Added statistics num.queries_timed_out + and query.queue_time_us.max that track the socket queue timeouts. + - Fix for #882: small changes, date updated in Copyright for + util/timeval_func.c and util/timeval_func.h. Man page entries and + example entry. + - Fix for #882: document variable to stop doxygen warning. + +19 April 2023: Wouter + - Fix for #878: Invalid IP address in unbound.conf causes Segmentation + Fault on OpenBSD. + +14 April 2023: Wouter + - Merge #875: change obsolete txt URL in unbound-anchor.c to point + to RFC 7958, and Fix #874. + +13 April 2023: Wouter + - Fix build badge, from failing travis link to github ci action link. + +6 April 2023: Wouter + - Fix for #870: Add test case for the qname minimisation and CNAME. + +4 April 2023: Wouter + - Fix #870: NXDOMAIN instead of NOERROR rcode when asked for existing + CNAME record. + +24 March 2023: Philip + - Fix issue #676: Unencrypted query is sent when + forward-tls-upstream: yes is used without tls-cert-bundle + - Extra consistency check to make sure that when TLS is requested, + either we set up a TLS connection or we return an error. + +21 March 2023: Philip + - Fix issue #851: reserved identifier violation + +20 March 2023: Wouter + - iana portlist update. + +17 March 2023: George + - Fix #812, fix #846, by using the SSL_OP_IGNORE_UNEXPECTED_EOF option + to ignore the unexpected eof while reading in openssl >= 3. + +16 March 2023: Wouter + - Fix ssl.h include brackets, instead of quotes. + +14 March 2023: Wouter + - Fix unbound-dnstap-socket test program to reply the finish frame + over a TLS connection correctly. + +23 February 2023: Wouter + - Fix for #852: Completion of error handling. + +21 February 2023: Philip + - Fix #825: Unexpected behavior with client-subnet-always-forward + and serve-expired + +10 February 2023: George + - Clean up iterator/iterator.c::error_response_cache() and allow for + better interaction with serve-expired, prefetch and cached error + responses. + +9 February 2023: George + - Allow TTL refresh of expired error responses. + - Add testcase for refreshing expired error responses. + +9 February 2023: Wouter + - Fix to ignore entirely empty responses, and try at another authority. + This turns completely empty responses, a type of noerror/nodata into + a servfail, but they do not conform to RFC2308, and the retry can + fetch improved content. + - Fix unit tests for spurious empty messages. + - Fix consistency of unit test without roundrobin answers for the + cnametooptout unit test. + - Fix to git ignore the library symbol file that configure can create. + +8 February 2023: Wouter + - Fix #841: Unbound won't build with aaaa-filter-iterator.patch. + +30 January 2023: George + - Add duration variable for speed_local.test. + +26 January 2023: Wouter + - Fix acx_nlnetlabs.m4 for -Wstrict-prototypes. + +23 January 2023: George + - Fix #833: [FR] Ability to set the Redis password. + +23 January 2023: Wouter + - Fix #835: [FR] Ability to use Redis unix sockets. + +20 January 2023: Wouter + - Merge #819: Added new static zone type block_a to suppress all A + queries for specific zones. + +19 January 2023: Wouter + - Set max-udp-size default to 1232. This is the same default value as + the default value for edns-buffer-size. It restricts client edns + buffer size choices, and makes unbound behave similar to other DNS + resolvers. The new choice, down from 4096 means it is harder to get + large responses from Unbound. Thanks to Xiang Li, from NISL Lab, + Tsinghua University. + - Add harden-unknown-additional option. It removes + unknown records from the authority section and additional section. + Thanks to Xiang Li, from NISL Lab, Tsinghua University. + - Set default for harden-unknown-additional to no. So that it does + not hamper future protocol developments. + - Fix test for new default. + +18 January 2023: Wouter + - Fix not following cleared RD flags potentially enables amplification + DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab, + Tsinghua University. The fix stops query loops, by refusing to send + RD=0 queries to a forwarder, they still get answered from cache. + +13 January 2023: Wouter + - Merge #826: Аdd a metric about the maximum number of collisions in + lrushah. + - Improve documentation for #826, describe the large collisions amount. + +9 January 2023: Wouter + - Fix python module install path detection. + - Fix python version detection in configure. + +6 January 2023: Wouter + - Fix #823: Response change to NODATA for some ANY queries since + 1.12, tested on 1.16.1. + - Fix wildcard in hyperlocal zone service degradation, reported + by Sergey Kacheev. This fix is included in 1.17.1rc2. + That became 1.17.1 on 12 Jan 2023, the code repo continues + with 1.17.2. 1.17.1 excludes fix #823, it is included forwards. + 5 January 2023: Wouter - Tag for 1.17.1 release. diff --git a/doc/README b/doc/README index faab92bcb077..8bc8765d464f 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.17.1 +README for Unbound 1.18.0 Copyright 2007 NLnet Labs http://unbound.net diff --git a/doc/README.DNS64 b/doc/README.DNS64 index 49446ac575d1..71e2310ed9aa 100644 --- a/doc/README.DNS64 +++ b/doc/README.DNS64 @@ -28,3 +28,23 @@ prefix. For example: ;; ANSWER SECTION: jazz-v4.viagenie.ca. 86400 IN AAAA 64:ff9b::ce7b:1f02 + +NAT64 support was added by David Lamparter in 2022; license(s) of the +surrounding code apply. Note that NAT64 is closely related but functionally +orthogonal to DNS64; it allows Unbound to send outgoing queries to IPv4-only +servers over IPv6 through the configured NAT64 prefix. This allows running +an Unbound instance on an IPv6-only host without breaking every single domain +that only has IPv4 servers. Whether that Unbound instance also does DNS64 is +an independent choice. + +To enable NAT64 in Unbound, add to unbound.conf's "server" section: + + do-nat64: yes + +The NAT64 prefix defaults to the DNS64 prefix, which in turn defaults to the +standard 64:FF9B::/96 prefix. You can reconfigure it with: + + nat64-prefix: 64:FF9B::/96 + +To test NAT64 operation, pick a domain that only has IPv4 reachability for its +nameservers and try resolving any names in that domain. diff --git a/doc/example.conf.in b/doc/example.conf.in index 8cf3d868285e..849e6d28446f 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.17.1. +# See unbound.conf(5) man page, version 1.18.0. # # this is a comment. @@ -143,8 +143,8 @@ server: # edns-buffer-size: 1232 # Maximum UDP response size (not applied to TCP response). - # Suggested values are 512 to 4096. Default is 4096. 65536 disables it. - # max-udp-size: 4096 + # Suggested values are 512 to 4096. Default is 1232. 65536 disables it. + # max-udp-size: 1232 # max memory to use for stream(tcp and tls) waiting result buffers. # stream-wait-size: 4m @@ -243,6 +243,18 @@ server: # Enable IPv6, "yes" or "no". # do-ip6: yes + # If running unbound on an IPv6-only host, domains that only have + # IPv4 servers would become unresolveable. If NAT64 is available in + # the network, unbound can use NAT64 to reach these servers with + # the following option. This is NOT needed for enabling DNS64 on a + # system that has IPv4 connectivity. + # Consider also enabling prefer-ip6 to prefer native IPv6 connections + # to nameservers. + # do-nat64: no + + # NAT64 prefix. Defaults to using dns64-prefix value. + # nat64-prefix: 64:ff9b::0/96 + # Enable UDP, "yes" or "no". # do-udp: yes @@ -274,6 +286,10 @@ server: # Timeout for EDNS TCP keepalive, in msec. # edns-tcp-keepalive-timeout: 120000 + # UDP queries that have waited in the socket buffer for a long time + # can be dropped. Default is 0, disabled. In seconds, such as 3. + # sock-queue-timeout: 0 + # Use systemd socket activation for UDP, TCP, and control sockets. # use-systemd: no @@ -503,6 +519,10 @@ server: # to validate the zone. # harden-algo-downgrade: no + # Harden against unknown records in the authority section and the + # additional section. + # harden-unknown-additional: no + # Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set QTYPE # to A when possible. @@ -810,6 +830,8 @@ server: # o always_transparent, always_refuse, always_nxdomain, always_nodata, # always_deny resolve in that way but ignore local data for # that name + # o block_a resolves all records normally but returns + # NODATA for A queries and ignores local data for that name # o always_null returns 0.0.0.0 or ::0 for any name in the zone. # o noview breaks out of that view towards global local-zones. # @@ -1206,6 +1228,10 @@ remote-control: # redis-server-host: 127.0.0.1 # # redis server's TCP port # redis-server-port: 6379 +# # if the server uses a unix socket, set its path, or "" when not used. +# # redis-server-path: "/var/lib/redis/redis-server.sock" +# # if the server uses an AUTH password, specify here, or "" when not used. +# # redis-server-password: "" # # timeout (in ms) for communication with the redis server # redis-timeout: 100 # # set timeout on redis records based on DNS response TTL diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 19a213e1aa6f..429ac93407fd 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" +.TH "libunbound" "3" "Aug 30, 2023" "NLnet Labs" "unbound 1.18.0" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.17.1 functions. +\- Unbound DNS validating resolver 1.18.0 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index 9bba2522a19c..4e862fc89c79 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" +.TH "unbound-anchor" "8" "Aug 30, 2023" "NLnet Labs" "unbound 1.18.0" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index 128f1cebd94b..6a2c2cc94eea 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" +.TH "unbound-checkconf" "8" "Aug 30, 2023" "NLnet Labs" "unbound 1.18.0" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 10be612fe20e..db4eb72308a6 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" +.TH "unbound-control" "8" "Aug 30, 2023" "NLnet Labs" "unbound 1.18.0" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -369,6 +369,15 @@ number of queries received by thread .I threadX.num.queries_ip_ratelimited number of queries rate limited by thread .TP +.I threadX.num.queries_cookie_valid +number of queries with a valid DNS Cookie by thread +.TP +.I threadX.num.queries_cookie_client +number of queries with a client part only DNS Cookie by thread +.TP +.I threadX.num.queries_cookie_invalid +number of queries with an invalid DNS Cookie by thread +.TP .I threadX.num.cachehits number of queries that were successfully answered using a cache lookup .TP @@ -398,6 +407,14 @@ as a cache response was sent. .I threadX.num.expired number of replies that served an expired cache entry. .TP +.I threadX.num.queries_timed_out +number of queries that are dropped because they waited in the UDP socket buffer +for too long. +.TP +.I threadX.query.queue_time_us.max +The maximum wait time for packets in the socket buffer, in microseconds. This +is only reported when sock-queue-timeout is enabled. +.TP .I threadX.num.recursivereplies The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries. .TP @@ -438,6 +455,18 @@ buffers are full. .I total.num.queries summed over threads. .TP +.I total.num.queries_ip_ratelimited +summed over threads. +.TP +.I total.num.queries_cookie_valid +summed over threads. +.TP +.I total.num.queries_cookie_client +summed over threads. +.TP +.I total.num.queries_cookie_invalid +summed over threads. +.TP .I total.num.cachehits summed over threads. .TP @@ -462,6 +491,12 @@ summed over threads. .I total.num.expired summed over threads. .TP +.I total.num.queries_timed_out +summed over threads. +.TP +.I total.query.queue_time_us.max +the maximum of the thread values. +.TP .I total.num.recursivereplies summed over threads. .TP @@ -597,7 +632,7 @@ ratelimiting. .TP .I num.query.dnscrypt.shared_secret.cachemiss The number of dnscrypt queries that did not find a shared secret in the cache. -The can be use to compute the shared secret hitrate. +This can be used to compute the shared secret hitrate. .TP .I num.query.dnscrypt.replay The number of dnscrypt queries that found a nonce hit in the nonce cache and @@ -653,6 +688,18 @@ timing and protocol support information. The number of items in the key cache. These are DNSSEC keys, one item per delegation point, and their validation status. .TP +.I msg.cache.max_collisions +The maximum number of hash table collisions in the msg cache. This is the +number of hashes that are identical when a new element is inserted in the +hash table. If the value is very large, like hundreds, something is wrong +with the performance of the hash table, hash values are incorrect or malicious. +.TP +.I rrset.cache.max_collisions +The maximum number of hash table collisions in the rrset cache. This is the +number of hashes that are identical when a new element is inserted in the +hash table. If the value is very large, like hundreds, something is wrong +with the performance of the hash table, hash values are incorrect or malicious. +.TP .I dnscrypt_shared_secret.cache.count The number of items in the shared secret cache. These are precomputed shared secrets for a given client public key/server secret key pair. Shared secrets @@ -692,7 +739,12 @@ Number of queries that got an answer that contained EDNS client subnet data. .I num.query.subnet_cache Number of queries answered from the edns client subnet cache. These are counted as cachemiss by the main counters, but hit the client subnet -specific cache, after getting processed by the edns client subnet module. +specific cache after getting processed by the edns client subnet module. +.TP +.I num.query.cachedb +Number of queries answered from the external cache of cachedb. +These are counted as cachemiss by the main counters, but hit the cachedb +external cache after getting processed by the cachedb module. .TP .I num.rpz.action.<rpz_action> Number of queries answered using configured RPZ policy, per RPZ action type. diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index 0af5777f0492..e4fe718ab071 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" +.TH "unbound\-host" "1" "Aug 30, 2023" "NLnet Labs" "unbound 1.18.0" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index 498690805c85..7b955a92e542 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" +.TH "unbound" "8" "Aug 30, 2023" "NLnet Labs" "unbound 1.18.0" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.17.1. +\- Unbound DNS validating resolver 1.18.0. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 3844d52551c6..1c785ea5fa6a 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" +.TH "unbound.conf" "5" "Aug 30, 2023" "NLnet Labs" "unbound 1.18.0" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -233,7 +233,8 @@ number). .B max\-udp\-size: \fI<number> Maximum UDP response size (not applied to TCP response). 65536 disables the udp response size maximum, and uses the choice from the client, always. -Suggested values are 512 to 4096. Default is 4096. +Suggested values are 512 to 4096. Default is 1232. The default value is the +same as the default for edns\-buffer\-size. .TP .B stream\-wait\-size: \fI<number> Number of bytes size maximum to use for waiting stream buffers. Default is @@ -504,6 +505,14 @@ configured, and finally to 0 if the number of free buffers falls below A minimum actual timeout of 200 milliseconds is observed regardless of the advertised timeout. .TP +.B sock\-queue\-timeout: \fI<sec>\fR +UDP queries that have waited in the socket buffer for a long time can be +dropped. Default is 0, disabled. The time is set in seconds, 3 could be a +good value to ignore old queries that likely the client does not need a reply +for any more. This could happen if the host has not been able to service +the queries for a while, i.e. Unbound is not running, and then is enabled +again. It uses timestamp socket options. +.TP .B tcp\-upstream: \fI<yes or no> Enable or disable whether the upstream queries use TCP only for transport. Default is no. Useful in tunneling scenarios. If set to no you can specify @@ -692,17 +701,17 @@ This option is experimental at this time. .B access\-control: \fI<IP netblock> <action> The netblock is given as an IP4 or IP6 address with /size appended for a classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, -\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or -\fIrefuse_non_local\fR. +\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIallow_cookie\fR, +\fIdeny_non_local\fR or \fIrefuse_non_local\fR. The most specific netblock match is used, if none match \fIrefuse\fR is used. The order of the access\-control statements therefore does not matter. .IP -The action \fIdeny\fR stops queries from hosts from that netblock. +The \fIdeny\fR action stops queries from hosts from that netblock. .IP -The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED +The \fIrefuse\fR action stops queries too, but sends a DNS rcode REFUSED error message back. .IP -The action \fIallow\fR gives access to clients from that netblock. +The \fIallow\fR action gives access to clients from that netblock. It gives only access for recursion clients (which is what almost all clients need). Nonrecursive queries are refused. .IP @@ -722,13 +731,27 @@ may be useful if another DNS server must forward requests for specific zones to a resolver DNS server, but only supports stub domains and sends queries to the resolver DNS server with the RD bit cleared. .IP -The action \fIallow_snoop\fR gives nonrecursive access too. This give +The \fIallow_snoop\fR action gives nonrecursive access too. This give both recursive and non recursive access. The name \fIallow_snoop\fR refers to cache snooping, a technique to use nonrecursive queries to examine the cache contents (for malicious acts). However, nonrecursive queries can also be a valuable debugging tool (when you want to examine the cache contents). In that case use \fIallow_snoop\fR for your administration host. .IP +The \fIallow_cookie\fR action allows access to UDP queries that contain a +valid DNS Cookie as specified in RFC 7873 and RFC 9018, when the +\fBanswer\-cookie\fR option is enabled. +UDP queries containing only a DNS Client Cookie and no Server Cookie, or an +invalid DNS Cookie, will receive a BADCOOKIE response including a newly +generated DNS Cookie, allowing clients to retry with that DNS Cookie. +The \fIallow_cookie\fR action will also accept requests over stateful +transports, regardless of the presence of an DNS Cookie and regardless of the +\fBanswer\-cookie\fR setting. +If \fBip\-ratelimit\fR is used, clients with a valid DNS Cookie will bypass the +ratelimit. +If a ratelimit for such clients is still needed, \fBip\-ratelimit\-cookie\fR +can be used instead. +.IP By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd. The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS protocol is not designed to handle dropped packets due to policy, and @@ -1019,6 +1042,12 @@ validate the zone. Default is no. Zone signers must produce zones that allow this feature to work, but sometimes they do not, and turning this option off avoids that validation failure. .TP +.B harden\-unknown\-additional: \fI<yes or no> +Harden against unknown records in the authority section and additional +section. Default is no. If no, such records are copied from the upstream +and presented to the client together with the answer. If yes, it could +hamper future protocol developments that want to add records. +.TP .B use\-caps\-for\-id: \fI<yes or no> Use 0x20\-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to @@ -1391,10 +1420,10 @@ address space are not validated. This is usually required whenever Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, -inform_redirect, always_transparent, always_refuse, always_nxdomain, always_null, noview, -and are explained below. After that the default settings are listed. Use -local\-data: to enter data into the local zone. Answers for local zones -are authoritative DNS answers. By default the zones are class IN. +inform_redirect, always_transparent, block_a, always_refuse, always_nxdomain, +always_null, noview, and are explained below. After that the default settings +are listed. Use local\-data: to enter data into the local zone. Answers for +local zones are authoritative DNS answers. By default the zones are class IN. .IP If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for @@ -1469,6 +1498,12 @@ Ie. answer queries with fixed data and also log the machines that ask. \h'5'\fIalways_transparent\fR Like transparent, but ignores local data and resolves normally. .TP 10 +\h'5'\fIblock_a\fR +Like transparent, but ignores local data and resolves normally all query +types excluding A. For A queries it unconditionally returns NODATA. +Useful in cases when there is a need to explicitly force all apps to use +IPv6 protocol and avoid any queries to IPv4. +.TP 10 \h'5'\fIalways_refuse\fR Like refuse, but ignores local data and refuses the query. .TP 10 @@ -1785,11 +1820,27 @@ A value of 0 will disable ratelimiting for domain names that end in this name. .TP 5 .B ip\-ratelimit: \fI<number or 0> Enable global ratelimiting of queries accepted per IP address. -If 0, the default, it is disabled. This option is experimental at this time. +This option is experimental at this time. The ratelimit is in queries per second that are allowed. More queries are completely dropped and will not receive a reply, SERVFAIL or otherwise. IP ratelimiting happens before looking in the cache. This may be useful for mitigating amplification attacks. +Default is 0 (disabled). +.TP 5 +.B ip\-ratelimit\-cookie: \fI<number or 0> +Enable global ratelimiting of queries accepted per IP address with a valid DNS +Cookie. +This option is experimental at this time. +The ratelimit is in queries per second that are allowed. +More queries are completely dropped and will not receive a reply, SERVFAIL or +otherwise. +IP ratelimiting happens before looking in the cache. +This option could be useful in combination with \fIallow_cookie\fR in an +attempt to mitigate other amplification attacks than UDP reflections (e.g., +attacks targeting Unbound itself) which are already handled with DNS Cookies. +If used, the value is suggested to be higher than \fBip\-ratelimit\fR e.g., +tenfold. +Default is 0 (disabled). .TP 5 .B ip\-ratelimit\-size: \fI<memory size> Give the size of the data structure in which the current ongoing rates are @@ -1858,6 +1909,18 @@ Set the number of servers that should be used for fast server selection. Only use the fastest specified number of servers with the fast\-server\-permil option, that turns this on or off. The default is to use the fastest 3 servers. .TP 5 +.B answer\-cookie: \fI<yes or no> +If enabled, Unbound will answer to requests containing DNS Cookies as +specified in RFC 7873 and RFC 9018. +Default is no. +.TP 5 +.B cookie\-secret: \fI<128 bit hex string> +Server's secret for DNS Cookie generation. +Useful to explicitly set for servers in an anycast deployment that need to +share the secret in order to verify each other's Server Cookies. +An example hex string would be "000102030405060708090a0b0c0d0e0f". +Default is a 128 bits random secret generated at startup time. +.TP 5 .B edns\-client\-string: \fI<IP netblock> <string> Include an EDNS0 option containing configured ascii string in queries with destination address matching the configured IP netblock. This configuration @@ -2091,13 +2154,32 @@ useful when you want immediate changes to be visible. Authority zones are configured with \fBauth\-zone:\fR, and each one must have a \fBname:\fR. There can be multiple ones, by listing multiple auth\-zone clauses, each with a different name, pertaining to that part of the namespace. The authority zone with the name closest to the name looked up is used. -Authority zones are processed after \fBlocal\-zones\fR and before -cache (\fBfor\-downstream:\fR \fIyes\fR), and when used in this manner -make Unbound respond like an authority server. Authority zones are also -processed after cache, just before going to the network to fetch -information for recursion (\fBfor\-upstream:\fR \fIyes\fR), and when used -in this manner provide a local copy of an authority server that speeds up -lookups of that data. +Authority zones can be processed on two distinct, non-exclusive, configurable +stages. +.LP +With \fBfor\-downstream:\fR \fIyes\fR (default), authority zones are processed +after \fBlocal\-zones\fR and before cache. +When used in this manner, Unbound responds like an authority server with no +further processing other than returning an answer from the zone contents. +A notable example, in this case, is CNAME records which are returned verbatim +to downstream clients without further resolution. +.LP +With \fBfor\-upstream:\fR \fIyes\fR (default), authority zones are processed +after the cache lookup, just before going to the network to fetch +information for recursion. +When used in this manner they provide a local copy of an authority server +that speeds up lookups for that data during resolving. +.LP +If both options are enabled (default), client queries for an authority zone are +answered authoritatively from Unbound, while internal queries that require data +from the authority zone consult the local zone data instead of going to the +network. +.LP +An interesting configuration is \fBfor\-downstream:\fR \fIno\fR, +\fBfor\-upstream:\fR \fIyes\fR that allows for hyperlocal behavior where both +client and internal queries consult the local zone data while resolving. +In this case, the aforementioned CNAME example will result in a thoroughly +resolved answer. .LP Authority zones can be read from zonefile. And can be kept updated via AXFR and IXFR. After update the zonefile is rewritten. The update mechanism @@ -2291,6 +2373,21 @@ List domain for which the AAAA records are ignored and the A record is used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. +.SS "NAT64 Operation" +.LP +NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only +servers. It is controlled by two options in the \fBserver:\fR section: +.TP +.B do\-nat64: \fI<yes or no>\fR +Use NAT64 to reach IPv4-only servers. +Consider also enabling \fBprefer\-ip6\fR to prefer native IPv6 connections to +nameservers. +Default no. +.TP +.B nat64\-prefix: \fI<IPv6 prefix>\fR +Use a specific NAT64 prefix to reach IPv4-only servers. Defaults to using +the prefix configured in \fBdns64\-prefix\fR, which in turn defaults to +64:ff9b::/96. The prefix length must be one of /32, /40, /48, /56, /64 or /96. .SS "DNSCrypt Options" .LP The @@ -2586,6 +2683,16 @@ This option defaults to "127.0.0.1". The TCP port number of the Redis server. This option defaults to 6379. .TP +.B redis-server-path: \fI<unix socket path>\fR +The unix socket path to connect to the redis server. Off by default, and it +can be set to "" to turn this off. Unix sockets may have better throughput +than the IP address option. +.TP +.B redis-server-password: \fI"<password>"\fR +The Redis AUTH password to use for the redis server. +Only relevant if Redis is configured for client password authorisation. +Off by default, and it can be set to "" to turn this off. +.TP .B redis-timeout: \fI<msec>\fR The period until when Unbound waits for a response from the Redis sever. If this timeout expires Unbound closes the connection, treats it as diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index 458a89702269..13fd669b5d52 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -352,7 +352,7 @@ update_cache(struct module_qstate *qstate, int id) ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : query_info_hash(&qstate->qinfo, qstate->query_flags); /* Step 1, general qinfo lookup */ - struct lruhash_entry *lru_entry = slabhash_lookup(subnet_msg_cache, h, + struct lruhash_entry* lru_entry = slabhash_lookup(subnet_msg_cache, h, &qstate->qinfo, 1); int need_to_insert = (lru_entry == NULL); if (!lru_entry) { @@ -396,7 +396,7 @@ update_cache(struct module_qstate *qstate, int id) log_err("subnetcache: cache insertion failed"); return; } - + /* store RRsets */ for(i=0; i<rep->rrset_count; i++) { rep->ref[i].key = rep->rrsets[i]; @@ -421,7 +421,7 @@ update_cache(struct module_qstate *qstate, int id) /** Lookup in cache and reply true iff reply is sent. */ static int -lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) +lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq, int prefetch) { struct lruhash_entry *e; struct module_env *env = qstate->env; @@ -473,6 +473,10 @@ lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) INET6_SIZE); sq->ecs_client_out.subnet_validdata = 1; } + + if (prefetch && *qstate->env->now >= ((struct reply_info *)node->elem)->prefetch_ttl) { + qstate->need_refetch = 1; + } return 1; } @@ -509,7 +513,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) * module_finished */ return module_finished; } - + /* We have not asked for subnet data */ if (!sq->subnet_sent) { if (s_in->subnet_validdata) @@ -518,7 +522,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) cp_edns_bad_response(c_out, c_in); return module_finished; } - + /* subnet sent but nothing came back */ if (!s_in->subnet_validdata) { /* The authority indicated no support for edns subnet. As a @@ -535,11 +539,11 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) cp_edns_bad_response(c_out, c_in); return module_finished; } - + /* Being here means we have asked for and got a subnet specific * answer. Also, the answer from the authority is not yet cached * anywhere. */ - + /* can we accept response? */ if(s_out->subnet_addr_fam != s_in->subnet_addr_fam || s_out->subnet_source_mask != s_in->subnet_source_mask || @@ -779,6 +783,11 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, &qstate->mesh_info->reply_list->query_reply.client_addr, &sq->ecs_client_in, qstate->env->cfg); } + else if(qstate->client_addr.ss_family != AF_UNSPEC) { + subnet_option_from_ss( + &qstate->client_addr, + &sq->ecs_client_in, qstate->env->cfg); + } if(sq->ecs_client_in.subnet_validdata == 0) { /* No clients are interested in result or we could not @@ -802,7 +811,9 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, if(!sq->started_no_cache_lookup && !qstate->blacklist) { lock_rw_wrlock(&sne->biglock); - if(lookup_and_reply(qstate, id, sq)) { + if(qstate->mesh_info->reply_list && + lookup_and_reply(qstate, id, sq, + qstate->env->cfg->prefetch)) { sne->num_msg_cache++; lock_rw_unlock(&sne->biglock); verbose(VERB_QUERY, "subnetcache: answered from cache"); diff --git a/iterator/iter_delegpt.c b/iterator/iter_delegpt.c index fd07aaa13355..c8b9a3ffe29d 100644 --- a/iterator/iter_delegpt.c +++ b/iterator/iter_delegpt.c @@ -321,6 +321,45 @@ void delegpt_log(enum verbosity_value v, struct delegpt* dp) } } +int +delegpt_addr_on_result_list(struct delegpt* dp, struct delegpt_addr* find) +{ + struct delegpt_addr* a = dp->result_list; + while(a) { + if(a == find) + return 1; + a = a->next_result; + } + return 0; +} + +void +delegpt_usable_list_remove_addr(struct delegpt* dp, struct delegpt_addr* del) +{ + struct delegpt_addr* usa = dp->usable_list, *prev = NULL; + while(usa) { + if(usa == del) { + /* snip off the usable list */ + if(prev) + prev->next_usable = usa->next_usable; + else dp->usable_list = usa->next_usable; + return; + } + prev = usa; + usa = usa->next_usable; + } +} + +void +delegpt_add_to_result_list(struct delegpt* dp, struct delegpt_addr* a) +{ + if(delegpt_addr_on_result_list(dp, a)) + return; + delegpt_usable_list_remove_addr(dp, a); + a->next_result = dp->result_list; + dp->result_list = a; +} + void delegpt_add_unused_targets(struct delegpt* dp) { diff --git a/iterator/iter_delegpt.h b/iterator/iter_delegpt.h index 586597a69a1f..49f6f6b8130f 100644 --- a/iterator/iter_delegpt.h +++ b/iterator/iter_delegpt.h @@ -457,4 +457,29 @@ int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, /** get memory in use by dp */ size_t delegpt_get_mem(struct delegpt* dp); +/** + * See if the addr is on the result list. + * @param dp: delegation point. + * @param find: the pointer is searched for on the result list. + * @return 1 if found, 0 if not found. + */ +int delegpt_addr_on_result_list(struct delegpt* dp, struct delegpt_addr* find); + +/** + * Remove the addr from the usable list. + * @param dp: the delegation point. + * @param del: the addr to remove from the list, the pointer is searched for. + */ +void delegpt_usable_list_remove_addr(struct delegpt* dp, + struct delegpt_addr* del); + +/** + * Add the delegpt_addr back to the result list, if it is not already on + * the result list. Also removes it from the usable list. + * @param dp: delegation point. + * @param a: addr to add, nothing happens if it is already on the result list. + * It is removed from the usable list. + */ +void delegpt_add_to_result_list(struct delegpt* dp, struct delegpt_addr* a); + #endif /* ITERATOR_ITER_DELEGPT_H */ diff --git a/iterator/iter_resptype.c b/iterator/iter_resptype.c index c2b824a0f9b8..e85595b843d3 100644 --- a/iterator/iter_resptype.c +++ b/iterator/iter_resptype.c @@ -284,6 +284,13 @@ response_type_from_server(int rdset, /* If we've gotten this far, this is NOERROR/NODATA (which could * be an entirely empty message) */ + /* but ignore entirely empty messages, noerror/nodata has a soa + * negative ttl value in the authority section, this makes it try + * again at another authority. And turns it from a 5 second empty + * message into a 5 second servfail response. */ + if(msg->rep->an_numrrsets == 0 && msg->rep->ns_numrrsets == 0 && + msg->rep->ar_numrrsets == 0) + return RESPONSE_TYPE_THROWAWAY; /* check if recursive answer; saying it has empty cache */ if( (msg->rep->flags&BIT_RA) && !(msg->rep->flags&BIT_AA) && !rdset) return RESPONSE_TYPE_REC_LAME; diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index f093c1bf999a..d1fedcd0f908 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -346,6 +346,26 @@ soa_in_auth(struct msg_parse* msg) return 0; } +/** Check if type is allowed in the authority section */ +static int +type_allowed_in_authority_section(uint16_t tp) +{ + if(tp == LDNS_RR_TYPE_SOA || tp == LDNS_RR_TYPE_NS || + tp == LDNS_RR_TYPE_DS || tp == LDNS_RR_TYPE_NSEC || + tp == LDNS_RR_TYPE_NSEC3) + return 1; + return 0; +} + +/** Check if type is allowed in the additional section */ +static int +type_allowed_in_additional_section(uint16_t tp) +{ + if(tp == LDNS_RR_TYPE_A || tp == LDNS_RR_TYPE_AAAA) + return 1; + return 0; +} + /** * This routine normalizes a response. This includes removing "irrelevant" * records from the answer and additional sections and (re)synthesizing @@ -355,11 +375,13 @@ soa_in_auth(struct msg_parse* msg) * @param msg: msg to normalize. * @param qinfo: original query. * @param region: where to allocate synthesized CNAMEs. + * @param env: module env with config options. * @return 0 on error. */ static int scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, - struct query_info* qinfo, struct regional* region) + struct query_info* qinfo, struct regional* region, + struct module_env* env) { uint8_t* sname = qinfo->qname; size_t snamelen = qinfo->qname_len; @@ -511,6 +533,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, /* Mark additional names from AUTHORITY */ while(rrset && rrset->section == LDNS_SECTION_AUTHORITY) { + /* protect internals of recursor by making sure to del these */ if(rrset->type==LDNS_RR_TYPE_DNAME || rrset->type==LDNS_RR_TYPE_CNAME || rrset->type==LDNS_RR_TYPE_A || @@ -519,6 +542,13 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "RRset:", pkt, msg, prev, &rrset); continue; } + /* Allowed list of types in the authority section */ + if(env->cfg->harden_unknown_additional && + !type_allowed_in_authority_section(rrset->type)) { + remove_rrset("normalize: removing irrelevant " + "RRset:", pkt, msg, prev, &rrset); + continue; + } /* only one NS set allowed in authority section */ if(rrset->type==LDNS_RR_TYPE_NS) { /* NS set must be pertinent to the query */ @@ -576,7 +606,6 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, * found in ANSWER and AUTHORITY. */ /* These records have not been marked OK previously */ while(rrset && rrset->section == LDNS_SECTION_ADDITIONAL) { - /* FIXME: what about other types? */ if(rrset->type==LDNS_RR_TYPE_A || rrset->type==LDNS_RR_TYPE_AAAA) { @@ -589,6 +618,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, continue; } } + /* protect internals of recursor by making sure to del these */ if(rrset->type==LDNS_RR_TYPE_DNAME || rrset->type==LDNS_RR_TYPE_CNAME || rrset->type==LDNS_RR_TYPE_NS) { @@ -596,6 +626,13 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, "RRset:", pkt, msg, prev, &rrset); continue; } + /* Allowed list of types in the additional section */ + if(env->cfg->harden_unknown_additional && + !type_allowed_in_additional_section(rrset->type)) { + remove_rrset("normalize: removing irrelevant " + "RRset:", pkt, msg, prev, &rrset); + continue; + } prev = rrset; rrset = rrset->rrset_all_next; } @@ -846,7 +883,7 @@ scrub_message(sldns_buffer* pkt, struct msg_parse* msg, } /* normalize the response, this cleans up the additional. */ - if(!scrub_normalize(pkt, msg, qinfo, region)) + if(!scrub_normalize(pkt, msg, qinfo, region, env)) return 0; /* delete all out-of-zone information */ if(!scrub_sanitize(pkt, msg, qinfo, zonename, env, ie)) diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index b2a2309ab4b1..10a8ec3eb08f 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -71,6 +71,11 @@ /** time when nameserver glue is said to be 'recent' */ #define SUSPICION_RECENT_EXPIRY 86400 +/** if NAT64 is enabled and no NAT64 prefix is configured, first fall back to + * DNS64 prefix. If that is not configured, fall back to this default value. + */ +static const char DEFAULT_NAT64_PREFIX[] = "64:ff9b::/96"; + /** fillup fetch policy array */ static void fetch_fill(struct iter_env* ie, const char* str) @@ -142,6 +147,7 @@ caps_white_apply_cfg(rbtree_type* ntree, struct config_file* cfg) int iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) { + const char *nat64_prefix; int i; /* target fetch policy */ if(!read_fetch_policy(iter_env, cfg->target_fetch_policy)) @@ -172,8 +178,32 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) } } + + nat64_prefix = cfg->nat64_prefix; + if(!nat64_prefix) + nat64_prefix = cfg->dns64_prefix; + if(!nat64_prefix) + nat64_prefix = DEFAULT_NAT64_PREFIX; + if(!netblockstrtoaddr(nat64_prefix, 0, &iter_env->nat64_prefix_addr, + &iter_env->nat64_prefix_addrlen, + &iter_env->nat64_prefix_net)) { + log_err("cannot parse nat64-prefix netblock: %s", nat64_prefix); + return 0; + } + if(!addr_is_ip6(&iter_env->nat64_prefix_addr, + iter_env->nat64_prefix_addrlen)) { + log_err("nat64-prefix is not IPv6: %s", cfg->nat64_prefix); + return 0; + } + if(!prefixnet_is_nat64(iter_env->nat64_prefix_net)) { + log_err("nat64-prefix length it not 32, 40, 48, 56, 64 or 96: %s", + nat64_prefix); + return 0; + } + iter_env->supports_ipv6 = cfg->do_ip6; iter_env->supports_ipv4 = cfg->do_ip4; + iter_env->use_nat64 = cfg->do_nat64; iter_env->outbound_msg_retry = cfg->outbound_msg_retry; iter_env->max_sent_count = cfg->max_sent_count; iter_env->max_query_restarts = cfg->max_query_restarts; @@ -240,7 +270,8 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, if(!iter_env->supports_ipv6 && addr_is_ip6(&a->addr, a->addrlen)) { return -1; /* there is no ip6 available */ } - if(!iter_env->supports_ipv4 && !addr_is_ip6(&a->addr, a->addrlen)) { + if(!iter_env->supports_ipv4 && !iter_env->use_nat64 && + !addr_is_ip6(&a->addr, a->addrlen)) { return -1; /* there is no ip4 available */ } /* check lameness - need zone , class info */ @@ -747,10 +778,15 @@ iter_mark_pside_cycle_targets(struct module_qstate* qstate, struct delegpt* dp) int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp, int supports_ipv4, int supports_ipv6) + struct delegpt* dp, int supports_ipv4, int supports_ipv6, + int use_nat64) { struct delegpt_ns* ns; struct delegpt_addr* a; + + if(supports_ipv6 && use_nat64) + supports_ipv4 = 1; + /* check: * o RD qflag is on. * o no addresses are provided. @@ -1310,8 +1346,7 @@ void iter_dec_attempts(struct delegpt* dp, int d, int outbound_msg_retry) for(a=dp->target_list; a; a = a->next_target) { if(a->attempts >= outbound_msg_retry) { /* add back to result list */ - a->next_result = dp->result_list; - dp->result_list = a; + delegpt_add_to_result_list(dp, a); } if(a->attempts > d) a->attempts -= d; diff --git a/iterator/iter_utils.h b/iterator/iter_utils.h index 850be96a6e16..fa860fa682fc 100644 --- a/iterator/iter_utils.h +++ b/iterator/iter_utils.h @@ -189,10 +189,13 @@ void iter_mark_pside_cycle_targets(struct module_qstate* qstate, * if not, then the IPv4 addresses are useless. * @param supports_ipv6: if we support ipv6 for lookups to the target. * if not, then the IPv6 addresses are useless. + * @param use_nat64: if we support NAT64 for lookups to the target. + * if yes, IPv4 addresses are useful even if we don't support IPv4. * @return true if dp is useless. */ -int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp, int supports_ipv4, int supports_ipv6); +int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, + struct delegpt* dp, int supports_ipv4, int supports_ipv6, + int use_nat64); /** * See if qname has DNSSEC needs. This is true if there is a trust anchor above diff --git a/iterator/iterator.c b/iterator/iterator.c index 33095b2b5c45..1548dfcaee62 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -255,7 +255,7 @@ error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) log_err("out of memory adding missing"); } delegpt_mark_neg(dpns, qstate->qinfo.qtype); - if((dpns->got4 == 2 || !ie->supports_ipv4) && + if((dpns->got4 == 2 || (!ie->supports_ipv4 && !ie->use_nat64)) && (dpns->got6 == 2 || !ie->supports_ipv6)) { dpns->resolved = 1; /* mark as failed */ target_count_increase_nx(super_iq, 1); @@ -302,81 +302,65 @@ error_response(struct module_qstate* qstate, int id, int rcode) static int error_response_cache(struct module_qstate* qstate, int id, int rcode) { - if(!qstate->no_cache_store) { - /* store in cache */ - struct reply_info err; - if(qstate->prefetch_leeway > NORR_TTL) { - verbose(VERB_ALGO, "error response for prefetch in cache"); - /* attempt to adjust the cache entry prefetch */ - if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo, - NORR_TTL, qstate->query_flags)) - return error_response(qstate, id, rcode); - /* if that fails (not in cache), fall through to store err */ + struct reply_info err; + struct msgreply_entry* msg; + if(qstate->no_cache_store) { + return error_response(qstate, id, rcode); + } + if(qstate->prefetch_leeway > NORR_TTL) { + verbose(VERB_ALGO, "error response for prefetch in cache"); + /* attempt to adjust the cache entry prefetch */ + if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo, + NORR_TTL, qstate->query_flags)) + return error_response(qstate, id, rcode); + /* if that fails (not in cache), fall through to store err */ + } + if((msg=msg_cache_lookup(qstate->env, + qstate->qinfo.qname, qstate->qinfo.qname_len, + qstate->qinfo.qtype, qstate->qinfo.qclass, + qstate->query_flags, 0, + qstate->env->cfg->serve_expired_ttl_reset)) != NULL) { + struct reply_info* rep = (struct reply_info*)msg->entry.data; + if(qstate->env->cfg->serve_expired && + qstate->env->cfg->serve_expired_ttl_reset && rep && + *qstate->env->now + qstate->env->cfg->serve_expired_ttl + > rep->serve_expired_ttl) { + verbose(VERB_ALGO, "reset serve-expired-ttl for " + "response in cache"); + rep->serve_expired_ttl = *qstate->env->now + + qstate->env->cfg->serve_expired_ttl; } - if(qstate->env->cfg->serve_expired) { - /* if serving expired contents, and such content is - * already available, don't overwrite this servfail */ - struct msgreply_entry* msg; - if((msg=msg_cache_lookup(qstate->env, - qstate->qinfo.qname, qstate->qinfo.qname_len, - qstate->qinfo.qtype, qstate->qinfo.qclass, - qstate->query_flags, 0, - qstate->env->cfg->serve_expired_ttl_reset)) - != NULL) { - if(qstate->env->cfg->serve_expired_ttl_reset) { - struct reply_info* rep = - (struct reply_info*)msg->entry.data; - if(rep && *qstate->env->now + - qstate->env->cfg->serve_expired_ttl > - rep->serve_expired_ttl) { - rep->serve_expired_ttl = - *qstate->env->now + - qstate->env->cfg->serve_expired_ttl; - } - } - lock_rw_unlock(&msg->entry.lock); - return error_response(qstate, id, rcode); - } - /* serving expired contents, but nothing is cached - * at all, so the servfail cache entry is useful - * (stops waste of time on this servfail NORR_TTL) */ - } else { - /* don't overwrite existing (non-expired) data in - * cache with a servfail */ - struct msgreply_entry* msg; - if((msg=msg_cache_lookup(qstate->env, - qstate->qinfo.qname, qstate->qinfo.qname_len, - qstate->qinfo.qtype, qstate->qinfo.qclass, - qstate->query_flags, *qstate->env->now, 0)) - != NULL) { - struct reply_info* rep = (struct reply_info*) - msg->entry.data; - if(FLAGS_GET_RCODE(rep->flags) == - LDNS_RCODE_NOERROR || - FLAGS_GET_RCODE(rep->flags) == - LDNS_RCODE_NXDOMAIN) { - /* we have a good entry, - * don't overwrite */ - lock_rw_unlock(&msg->entry.lock); - return error_response(qstate, id, rcode); - } - lock_rw_unlock(&msg->entry.lock); - } - + if(rep && (FLAGS_GET_RCODE(rep->flags) == + LDNS_RCODE_NOERROR || + FLAGS_GET_RCODE(rep->flags) == + LDNS_RCODE_NXDOMAIN || + FLAGS_GET_RCODE(rep->flags) == + LDNS_RCODE_YXDOMAIN) && + (qstate->env->cfg->serve_expired || + *qstate->env->now <= rep->ttl)) { + /* we have a good entry, don't overwrite */ + lock_rw_unlock(&msg->entry.lock); + return error_response(qstate, id, rcode); } - memset(&err, 0, sizeof(err)); - err.flags = (uint16_t)(BIT_QR | BIT_RA); - FLAGS_SET_RCODE(err.flags, rcode); - err.qdcount = 1; - err.ttl = NORR_TTL; - err.prefetch_ttl = PREFETCH_TTL_CALC(err.ttl); - err.serve_expired_ttl = NORR_TTL; - /* do not waste time trying to validate this servfail */ - err.security = sec_status_indeterminate; - verbose(VERB_ALGO, "store error response in message cache"); - iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, - qstate->query_flags, qstate->qstarttime); - } + lock_rw_unlock(&msg->entry.lock); + /* nothing interesting is cached (already error response or + * expired good record when we don't serve expired), so this + * servfail cache entry is useful (stops waste of time on this + * servfail NORR_TTL) */ + } + /* store in cache */ + memset(&err, 0, sizeof(err)); + err.flags = (uint16_t)(BIT_QR | BIT_RA); + FLAGS_SET_RCODE(err.flags, rcode); + err.qdcount = 1; + err.ttl = NORR_TTL; + err.prefetch_ttl = PREFETCH_TTL_CALC(err.ttl); + err.serve_expired_ttl = NORR_TTL; + /* do not waste time trying to validate this servfail */ + err.security = sec_status_indeterminate; + verbose(VERB_ALGO, "store error response in message cache"); + iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, + qstate->query_flags, qstate->qstarttime); return error_response(qstate, id, rcode); } @@ -590,6 +574,54 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, return 1; } +/** fill fail address for later recovery */ +static void +fill_fail_addr(struct iter_qstate* iq, struct sockaddr_storage* addr, + socklen_t addrlen) +{ + if(addrlen == 0) { + iq->fail_addr_type = 0; + return; + } + if(((struct sockaddr_in*)addr)->sin_family == AF_INET) { + iq->fail_addr_type = 4; + memcpy(&iq->fail_addr.in, + &((struct sockaddr_in*)addr)->sin_addr, + sizeof(iq->fail_addr.in)); + } +#ifdef AF_INET6 + else if(((struct sockaddr_in*)addr)->sin_family == AF_INET6) { + iq->fail_addr_type = 6; + memcpy(&iq->fail_addr.in6, + &((struct sockaddr_in6*)addr)->sin6_addr, + sizeof(iq->fail_addr.in6)); + } +#endif + else { + iq->fail_addr_type = 0; + } +} + +/** print fail addr to string */ +static void +print_fail_addr(struct iter_qstate* iq, char* buf, size_t len) +{ + if(iq->fail_addr_type == 4) { + if(inet_ntop(AF_INET, &iq->fail_addr.in, buf, + (socklen_t)len) == 0) + (void)strlcpy(buf, "(inet_ntop error)", len); + } +#ifdef AF_INET6 + else if(iq->fail_addr_type == 6) { + if(inet_ntop(AF_INET6, &iq->fail_addr.in6, buf, + (socklen_t)len) == 0) + (void)strlcpy(buf, "(inet_ntop error)", len); + } +#endif + else + (void)strlcpy(buf, "", len); +} + /** add response specific error information for log servfail */ static void errinf_reply(struct module_qstate* qstate, struct iter_qstate* iq) @@ -597,16 +629,14 @@ errinf_reply(struct module_qstate* qstate, struct iter_qstate* iq) if(qstate->env->cfg->val_log_level < 2 && !qstate->env->cfg->log_servfail) return; if((qstate->reply && qstate->reply->remote_addrlen != 0) || - (iq->fail_reply && iq->fail_reply->remote_addrlen != 0)) { + (iq->fail_addr_type != 0)) { char from[256], frm[512]; if(qstate->reply && qstate->reply->remote_addrlen != 0) addr_to_str(&qstate->reply->remote_addr, qstate->reply->remote_addrlen, from, sizeof(from)); else - addr_to_str(&iq->fail_reply->remote_addr, - iq->fail_reply->remote_addrlen, from, - sizeof(from)); + print_fail_addr(iq, from, sizeof(from)); snprintf(frm, sizeof(frm), "from %s", from); errinf(qstate, frm); } @@ -1137,7 +1167,7 @@ generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq, * Generate a NS check request to obtain authoritative information * on an NS rrset. * - * @param qstate: the qtstate that triggered the need to prime. + * @param qstate: the qstate that triggered the need to prime. * @param iq: iterator query state. * @param id: module id. */ @@ -1451,6 +1481,19 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "malloc failure for forward zone"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } + if((qstate->query_flags&BIT_RD)==0) { + /* If the server accepts RD=0 queries and forwards + * with RD=1, then if the server is listed as an NS + * entry, it starts query loops. Stop that loop by + * disallowing the query. The RD=0 was previously used + * to check the cache with allow_snoop. For stubs, + * the iterator pass would have primed the stub and + * then cached information can be used for further + * queries. */ + verbose(VERB_ALGO, "cannot forward RD=0 query, to stop query loops"); + errinf(qstate, "cannot forward RD=0 query"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } iq->refetch_glue = 0; iq->minimisation_state = DONOT_MINIMISE_STATE; /* the request has been forwarded. @@ -1560,18 +1603,19 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, /* see if this dp not useless. * It is useless if: - * o all NS items are required glue. + * o all NS items are required glue. * or the query is for NS item that is required glue. * o no addresses are provided. * o RD qflag is on. * Instead, go up one level, and try to get even further - * If the root was useless, use safety belt information. + * If the root was useless, use safety belt information. * Only check cache returns, because replies for servers * could be useless but lead to loops (bumping into the * same server reply) if useless-checked. */ - if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags, - iq->dp, ie->supports_ipv4, ie->supports_ipv6)) { + if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags, + iq->dp, ie->supports_ipv4, ie->supports_ipv6, + ie->use_nat64)) { struct delegpt* retdp = NULL; if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, iq->qchase.qclass, &retdp)) { if(retdp) { @@ -1932,7 +1976,7 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, break; } /* Send the A request. */ - if(ie->supports_ipv4 && + if((ie->supports_ipv4 || ie->use_nat64) && ((ns->lame && !ns->done_pside4) || (!ns->lame && !ns->got4))) { if(!generate_target_query(qstate, iq, id, @@ -2085,14 +2129,14 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, /* if this nameserver is at a delegation point, but that * delegation point is a stub and we cannot go higher, skip*/ if( ((ie->supports_ipv6 && !ns->done_pside6) || - (ie->supports_ipv4 && !ns->done_pside4)) && + ((ie->supports_ipv4 || ie->use_nat64) && !ns->done_pside4)) && !can_have_last_resort(qstate->env, ns->name, ns->namelen, iq->qchase.qclass, NULL)) { log_nametypeclass(VERB_ALGO, "cannot pside lookup ns " "because it is also a stub/forward,", ns->name, LDNS_RR_TYPE_NS, iq->qchase.qclass); if(ie->supports_ipv6) ns->done_pside6 = 1; - if(ie->supports_ipv4) ns->done_pside4 = 1; + if(ie->supports_ipv4 || ie->use_nat64) ns->done_pside4 = 1; continue; } /* query for parent-side A and AAAA for nameservers */ @@ -2117,7 +2161,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, return 0; } } - if(ie->supports_ipv4 && !ns->done_pside4) { + if((ie->supports_ipv4 || ie->use_nat64) && !ns->done_pside4) { /* Send the A request. */ if(!generate_parentside_target_query(qstate, iq, id, ns->name, ns->namelen, @@ -2259,6 +2303,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, int tf_policy; struct delegpt_addr* target; struct outbound_entry* outq; + struct sockaddr_storage real_addr; + socklen_t real_addrlen; int auth_fallback = 0; uint8_t* qout_orig = NULL; size_t qout_orig_len = 0; @@ -2384,7 +2430,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } if(!ie->supports_ipv6) delegpt_no_ipv6(iq->dp); - if(!ie->supports_ipv4) + if(!ie->supports_ipv4 && !ie->use_nat64) delegpt_no_ipv4(iq->dp); delegpt_log(VERB_ALGO, iq->dp); @@ -2805,12 +2851,24 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* We have a valid target. */ if(verbosity >= VERB_QUERY) { log_query_info(VERB_QUERY, "sending query:", &iq->qinfo_out); - log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name, + log_name_addr(VERB_QUERY, "sending to target:", iq->dp->name, &target->addr, target->addrlen); verbose(VERB_ALGO, "dnssec status: %s%s", iq->dnssec_expected?"expected": "not expected", iq->dnssec_lame_query?" but lame_query anyway": ""); } + + real_addr = target->addr; + real_addrlen = target->addrlen; + + if(ie->use_nat64 && target->addr.ss_family == AF_INET) { + addr_to_nat64(&target->addr, &ie->nat64_prefix_addr, + ie->nat64_prefix_addrlen, ie->nat64_prefix_net, + &real_addr, &real_addrlen); + log_name_addr(VERB_QUERY, "applied NAT64:", + iq->dp->name, &real_addr, real_addrlen); + } + fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query)); outq = (*qstate->env->send_query)(&iq->qinfo_out, iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), @@ -2821,7 +2879,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, !qstate->blacklist&&(!iter_qname_indicates_dnssec(qstate->env, &iq->qinfo_out)||target->attempts==1)?0:BIT_CD), iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted( - ie, iq), sq_check_ratelimit, &target->addr, target->addrlen, + ie, iq), sq_check_ratelimit, &real_addr, real_addrlen, iq->dp->name, iq->dp->namelen, (iq->dp->tcp_upstream || qstate->env->cfg->tcp_upstream), (iq->dp->ssl_upstream || qstate->env->cfg->ssl_upstream), @@ -2838,7 +2896,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } log_addr(VERB_QUERY, "error sending query to auth server", - &target->addr, target->addrlen); + &real_addr, real_addrlen); if(qstate->env->cfg->qname_minimisation) iq->minimisation_state = SKIP_MINIMISE_STATE; return next_state(iq, QUERYTARGETS_STATE); @@ -2882,7 +2940,7 @@ static int processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, struct iter_env* ie, int id) { - int dnsseclame = 0; + int dnsseclame = 0, origtypecname = 0; enum response_type type; iq->num_current_queries--; @@ -2965,6 +3023,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, /* YXDOMAIN is a permanent error, no need to retry */ type = RESPONSE_TYPE_ANSWER; } + if(type == RESPONSE_TYPE_CNAME) + origtypecname = 1; if(type == RESPONSE_TYPE_CNAME && iq->response->rep->an_numrrsets >= 1 && ntohs(iq->response->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DNAME) { uint8_t* sname = NULL; @@ -3050,11 +3110,14 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iq->minimisation_state = DONOT_MINIMISE_STATE; } if(FLAGS_GET_RCODE(iq->response->rep->flags) == - LDNS_RCODE_NXDOMAIN) { + LDNS_RCODE_NXDOMAIN && !origtypecname) { /* Stop resolving when NXDOMAIN is DNSSEC * signed. Based on assumption that nameservers * serving signed zones do not return NXDOMAIN * for empty-non-terminals. */ + /* If this response is actually a CNAME type, + * the nxdomain rcode may not be for the qname, + * and so it is not the final response. */ if(iq->dnssec_expected) return final_state(iq); /* Make subrequest to validate intermediate @@ -3182,7 +3245,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, (*qstate->env->detach_subs)(qstate); iq->num_target_queries = 0; iq->response = NULL; - iq->fail_reply = NULL; + iq->fail_addr_type = 0; verbose(VERB_ALGO, "cleared outbound list for next round"); return next_state(iq, QUERYTARGETS_STATE); } else if(type == RESPONSE_TYPE_CNAME) { @@ -3564,7 +3627,7 @@ processTargetResponse(struct module_qstate* qstate, int id, } else { verbose(VERB_ALGO, "iterator TargetResponse failed"); delegpt_mark_neg(dpns, qstate->qinfo.qtype); - if((dpns->got4 == 2 || !ie->supports_ipv4) && + if((dpns->got4 == 2 || (!ie->supports_ipv4 && !ie->use_nat64)) && (dpns->got6 == 2 || !ie->supports_ipv6)) { dpns->resolved = 1; /* fail the target */ /* do not count cached answers */ @@ -3809,6 +3872,9 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, /* make sure QR flag is on */ iq->response->rep->flags |= BIT_QR; + /* explicitly set the EDE string to NULL */ + iq->response->rep->reason_bogus_str = NULL; + /* we have finished processing this query */ qstate->ext_state[id] = module_finished; @@ -3987,7 +4053,8 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, } /* parse message */ - iq->fail_reply = qstate->reply; + fill_fail_addr(iq, &qstate->reply->remote_addr, + qstate->reply->remote_addrlen); prs = (struct msg_parse*)regional_alloc(qstate->env->scratch, sizeof(struct msg_parse)); if(!prs) { diff --git a/iterator/iterator.h b/iterator/iterator.h index 89038dc8a7e6..fad7f03e63de 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@ -103,7 +103,7 @@ extern int BLACKLIST_PENALTY; #define RTT_BAND 400 /** - * Global state for the iterator. + * Global state for the iterator. */ struct iter_env { /** A flag to indicate whether or not we have an IPv6 route */ @@ -112,6 +112,18 @@ struct iter_env { /** A flag to indicate whether or not we have an IPv4 route */ int supports_ipv4; + /** A flag to locally apply NAT64 to make IPv4 addrs into IPv6 */ + int use_nat64; + + /** NAT64 prefix address, cf. dns64_env->prefix_addr */ + struct sockaddr_storage nat64_prefix_addr; + + /** sizeof(sockaddr_in6) */ + socklen_t nat64_prefix_addrlen; + + /** CIDR mask length of NAT64 prefix */ + int nat64_prefix_net; + /** A set of inetaddrs that should never be queried. */ struct iter_donotq* donotq; @@ -439,7 +451,14 @@ struct iter_qstate { /** true if there have been parse failures of reply packets */ int parse_failures; /** a failure printout address for last received answer */ - struct comm_reply* fail_reply; + union { + struct in_addr in; +#ifdef AF_INET6 + struct in6_addr in6; +#endif + } fail_addr; + /** which fail_addr, 0 is nothing, 4 or 6 */ + int fail_addr_type; }; /** diff --git a/libunbound/libworker.c b/libunbound/libworker.c index b9ef02217a2f..104244937bf0 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -168,14 +168,12 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) hints_delete(w->env->hints); w->env->hints = NULL; } - if(cfg->ssl_upstream || (cfg->tls_cert_bundle && cfg->tls_cert_bundle[0]) || cfg->tls_win_cert) { - w->sslctx = connect_sslctx_create(NULL, NULL, - cfg->tls_cert_bundle, cfg->tls_win_cert); - if(!w->sslctx) { - /* to make the setup fail after unlock */ - hints_delete(w->env->hints); - w->env->hints = NULL; - } + w->sslctx = connect_sslctx_create(NULL, NULL, + cfg->tls_cert_bundle, cfg->tls_win_cert); + if(!w->sslctx) { + /* to make the setup fail after unlock */ + hints_delete(w->env->hints); + w->env->hints = NULL; } if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); @@ -605,6 +603,8 @@ setup_qinfo_edns(struct libworker* w, struct ctx_query* q, edns->opt_list_out = NULL; edns->opt_list_inplace_cb_out = NULL; edns->padding_block_size = 0; + edns->cookie_present = 0; + edns->cookie_valid = 0; if(sldns_buffer_capacity(w->back->udp_buff) < 65535) edns->udp_size = (uint16_t)sldns_buffer_capacity( w->back->udp_buff); diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i index c9549bf9008d..0cdb3d7e59d6 100644 --- a/libunbound/python/libunbound.i +++ b/libunbound/python/libunbound.i @@ -36,6 +36,9 @@ %begin %{ /* store state of warning output, restored at later pop */ #pragma GCC diagnostic push +/* ignore warnings for pragma below, where for older GCC it can produce a + warning if the cast-function-type warning is absent. */ +#pragma GCC diagnostic ignored "-Wpragmas" /* ignore gcc8 METH_NOARGS function cast warnings for swig function pointers */ #pragma GCC diagnostic ignored "-Wcast-function-type" %} diff --git a/libunbound/unbound-event.h b/libunbound/unbound-event.h index 5fa74df78186..5ca81908a904 100644 --- a/libunbound/unbound-event.h +++ b/libunbound/unbound-event.h @@ -52,8 +52,8 @@ * unbound was compiled with, otherwise it wouldn't work, the event and * event_base structures would be different. */ -#ifndef _UB_UNBOUND_EVENT_H -#define _UB_UNBOUND_EVENT_H +#ifndef UB_UNBOUND_EVENT_H +#define UB_UNBOUND_EVENT_H #ifdef __cplusplus extern "C" { @@ -262,4 +262,4 @@ int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype, } #endif -#endif /* _UB_UNBOUND_H */ +#endif /* UB_UNBOUND_EVENT_H */ diff --git a/libunbound/unbound.h b/libunbound/unbound.h index c779d183e385..bb8e8acf033c 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -36,7 +36,7 @@ /** * \file * - * This file contains functions to resolve DNS queries and + * This file contains functions to resolve DNS queries and * validate the answers. Synchronously and asynchronously. * * Several ways to use this interface from an application wishing @@ -65,7 +65,7 @@ * ... or process() calls my_callback() with results. * * ... if the application has nothing more to do, wait for answer - * ub_wait(ctx); + * ub_wait(ctx); * * Application threaded. Blocking. * Blocking, same as above. The current thread does the work. @@ -83,7 +83,7 @@ * CRYPTO_set_id_callback and CRYPTO_set_locking_callback. * * If no threading is compiled in, the above async example uses fork(2) to - * create a process to perform the work. The forked process exits when the + * create a process to perform the work. The forked process exits when the * calling process exits, or ctx_delete() is called. * Otherwise, for asynchronous with threading, a worker thread is created. * @@ -94,8 +94,8 @@ * The second calls another worker thread (or process) to perform the work. * And no buffers need to be set up, but a context-switch happens. */ -#ifndef _UB_UNBOUND_H -#define _UB_UNBOUND_H +#ifndef UB_UNBOUND_H +#define UB_UNBOUND_H #ifdef __cplusplus extern "C" { @@ -128,10 +128,10 @@ struct ub_result { /** the class asked for */ int qclass; - /** - * a list of network order DNS rdata items, terminated with a + /** + * a list of network order DNS rdata items, terminated with a * NULL pointer, so that data[0] is the first result entry, - * data[1] the second, and the last entry is NULL. + * data[1] the second, and the last entry is NULL. * If there was no data, data[0] is NULL. */ char** data; @@ -139,8 +139,8 @@ struct ub_result { /** the length in bytes of the data items, len[i] for data[i] */ int* len; - /** - * canonical name for the result (the final cname). + /** + * canonical name for the result (the final cname). * zero terminated string. * May be NULL if no canonical name exists. */ @@ -165,9 +165,9 @@ struct ub_result { */ int havedata; - /** + /** * If there was no data, and the domain did not exist, this is true. - * If it is false, and there was no data, then the domain name + * If it is false, and there was no data, then the domain name * is purported to exist, but the requested data type is not available. */ int nxdomain; @@ -182,19 +182,19 @@ struct ub_result { */ int secure; - /** - * If the result was not secure (secure==0), and this result is due + /** + * If the result was not secure (secure==0), and this result is due * to a security failure, bogus is true. * This means the data has been actively tampered with, signatures - * failed, expected signatures were not present, timestamps on + * failed, expected signatures were not present, timestamps on * signatures were out of date and so on. * - * If !secure and !bogus, this can happen if the data is not secure - * because security is disabled for that domain name. + * If !secure and !bogus, this can happen if the data is not secure + * because security is disabled for that domain name. * This means the data is from a domain where data is not signed. */ int bogus; - + /** * If the result is bogus this contains a string (zero terminated) * that describes the failure. There may be other errors as well @@ -222,7 +222,7 @@ struct ub_result { * The readable function definition looks like: * void my_callback(void* my_arg, int err, struct ub_result* result); * It is called with - * void* my_arg: your pointer to a (struct of) data of your choice, + * void* my_arg: your pointer to a (struct of) data of your choice, * or NULL. * int err: if 0 all is OK, otherwise an error occurred and no results * are forthcoming. @@ -301,8 +301,8 @@ int ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val); * This is a power-users interface that lets you specify all sorts * of options. * @param str: the string is malloced and returned here. NULL on error. - * The caller must free() the string. In cases with multiple - * entries (auto-trust-anchor-file), a newline delimited list is + * The caller must free() the string. In cases with multiple + * entries (auto-trust-anchor-file), a newline delimited list is * returned in the string. * @return 0 if OK else an error code (malloc failure, syntax error). */ @@ -321,10 +321,10 @@ int ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str); int ub_ctx_config(struct ub_ctx* ctx, const char* fname); /** - * Set machine to forward DNS queries to, the caching resolver to use. - * IP4 or IP6 address. Forwards all DNS requests to that machine, which - * is expected to run a recursive resolver. If the proxy is not - * DNSSEC-capable, validation may fail. Can be called several times, in + * Set machine to forward DNS queries to, the caching resolver to use. + * IP4 or IP6 address. Forwards all DNS requests to that machine, which + * is expected to run a recursive resolver. If the proxy is not + * DNSSEC-capable, validation may fail. Can be called several times, in * that case the addresses are used as backup servers. * * To read the list of nameservers from /etc/resolv.conf (from DHCP or so), @@ -389,7 +389,7 @@ int ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname); /** * Read list of hosts from the filename given. - * Usually "/etc/hosts". + * Usually "/etc/hosts". * These addresses are not flagged as DNSSEC secure when queried for. * * @param ctx: context. @@ -403,7 +403,7 @@ int ub_ctx_hosts(struct ub_ctx* ctx, const char* fname); /** * Add a trust anchor to the given context. * The trust anchor is a string, on one line, that holds a valid DNSKEY or - * DS RR. + * DS RR. * @param ctx: context. * At this time it is only possible to add trusted keys before the * first resolve is done. @@ -465,7 +465,7 @@ int ub_ctx_debugout(struct ub_ctx* ctx, void* out); * Set debug verbosity for the context * Output is directed to stderr. * @param ctx: context. - * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed, + * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed, * and 3 is lots. * @return 0 if OK, else error. */ @@ -474,10 +474,10 @@ int ub_ctx_debuglevel(struct ub_ctx* ctx, int d); /** * Set a context behaviour for asynchronous action. * @param ctx: context. - * @param dothread: if true, enables threading and a call to resolve_async() + * @param dothread: if true, enables threading and a call to resolve_async() * creates a thread to handle work in the background. * If false, a process is forked to handle work in the background. - * Changes to this setting after async() calls have been made have + * Changes to this setting after async() calls have been made have * no effect (delete and re-create the context to change). * @return 0 if OK, else error. */ @@ -495,7 +495,7 @@ int ub_poll(struct ub_ctx* ctx); /** * Wait for a context to finish with results. Calls ub_process() after - * the wait for you. After the wait, there are no more outstanding + * the wait for you. After the wait, there are no more outstanding * asynchronous queries. * @param ctx: context. * @return: 0 if OK, else error. @@ -530,11 +530,11 @@ int ub_process(struct ub_ctx* ctx); * @param rrtype: type of RR in host order, 1 is A (address). * @param rrclass: class of RR in host order, 1 is IN (for internet). * @param result: the result data is returned in a newly allocated result - * structure. May be NULL on return, return value is set to an error + * structure. May be NULL on return, return value is set to an error * in that case (out of memory). * @return 0 if OK, else error. */ -int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, +int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, struct ub_result** result); /** @@ -561,11 +561,11 @@ int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, * If an error happens during processing, your callback will be called * with error set to a nonzero value (and result==NULL). * @param async_id: if you pass a non-NULL value, an identifier number is - * returned for the query as it is in progress. It can be used to + * returned for the query as it is in progress. It can be used to * cancel the query. * @return 0 if OK, else error. */ -int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, +int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, void* mydata, ub_callback_type callback, int* async_id); /** @@ -589,7 +589,7 @@ int ub_cancel(struct ub_ctx* ctx, int async_id); */ void ub_resolve_free(struct ub_result* result); -/** +/** * Convert error value to a human readable string. * @param err: error code from one of the libunbound functions. * The error codes are from the type enum ub_ctx_err. @@ -605,7 +605,7 @@ const char* ub_strerror(int err); int ub_ctx_print_local_zones(struct ub_ctx* ctx); /** - * Add a new zone with the zonetype to the local authority info of the + * Add a new zone with the zonetype to the local authority info of the * library. * @param ctx: context. Is finalized by the routine. * @param zone_name: name of the zone in text, "example.com" @@ -613,7 +613,7 @@ int ub_ctx_print_local_zones(struct ub_ctx* ctx); * @param zone_type: type of the zone (like for unbound.conf) in text. * @return 0 if OK, else error. */ -int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, +int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, const char *zone_type); /** @@ -649,7 +649,7 @@ int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data); */ const char* ub_version(void); -/** +/** * Some global statistics that are not in struct stats_info, * this struct is shared on a shm segment (shm-key in unbound.conf) */ @@ -695,13 +695,22 @@ struct ub_server_stats { long long num_queries; /** number of queries that have been dropped/ratelimited by ip. */ long long num_queries_ip_ratelimited; + /** number of queries with a valid DNS Cookie. */ + long long num_queries_cookie_valid; + /** number of queries with only the client part of the DNS Cookie. */ + long long num_queries_cookie_client; + /** number of queries with invalid DNS Cookie. */ + long long num_queries_cookie_invalid; /** number of queries that had a cache-miss. */ long long num_queries_missed_cache; /** number of prefetch queries - cachehits with prefetch */ long long num_queries_prefetch; - + /** number of queries which are too late to process */ + long long num_queries_timed_out; + /** the longest wait time in the queue */ + long long max_query_time_us; /** - * Sum of the querylistsize of the worker for + * Sum of the querylistsize of the worker for * every query that missed cache. To calculate average. */ long long sum_query_list_size; @@ -773,12 +782,12 @@ struct ub_server_stats { long long tcp_accept_usage; /** expired answers served from cache */ long long ans_expired; - /** histogram data exported to array + /** histogram data exported to array * if the array is the same size, no data is lost, and * if all histograms are same size (is so by default) then * adding up works well. */ long long hist[UB_STATS_BUCKET_NUM]; - + /** number of message cache entries */ long long msg_cache_count; /** number of rrset cache entries */ @@ -788,6 +797,11 @@ struct ub_server_stats { /** number of key cache entries */ long long key_cache_count; + /** maximum number of collisions in the msg cache */ + long long msg_cache_max_collisions; + /** maximum number of collisions in the rrset cache */ + long long rrset_cache_max_collisions; + /** number of queries that used dnscrypt */ long long num_query_dnscrypt_crypted; /** number of queries that queried dnscrypt certificates */ @@ -819,6 +833,8 @@ struct ub_server_stats { /** number of queries answered from edns-subnet specific data, and * the answer was from the edns-subnet cache. */ long long num_query_subnet_cache; + /** number of queries served from cachedb */ + long long num_query_cachedb; /** number of bytes in the stream wait buffers */ long long mem_stream_wait; /** number of bytes in the HTTP2 query buffers */ @@ -831,7 +847,7 @@ struct ub_server_stats { long long rpz_action[UB_STATS_RPZ_ACTION_NUM]; }; -/** +/** * Statistics to send over the control pipe when asked * This struct is made to be memcopied, sent in binary. * shm mapped with (number+1) at num_threads+1, with first as total @@ -860,4 +876,4 @@ struct ub_stats_info { } #endif -#endif /* _UB_UNBOUND_H */ +#endif /* UB_UNBOUND_H */ diff --git a/pythonmod/examples/inplace_callbacks.py b/pythonmod/examples/inplace_callbacks.py index 2682fbd02dc0..e1caaecc74e7 100644 --- a/pythonmod/examples/inplace_callbacks.py +++ b/pythonmod/examples/inplace_callbacks.py @@ -34,6 +34,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ''' + +import os + #Try: # - dig @localhost nlnetlabs.nl +ednsopt=65002: # This query *could* be answered from cache. If so, unbound will reply @@ -242,6 +245,36 @@ def inplace_query_callback(qinfo, flags, qstate, addr, zone, region, **kwargs): return True +def inplace_query_response_callback(qstate, response, **kwargs): + """ + Function that will be registered as an inplace callback function. + It will be called after receiving a reply from a backend server. + + :param qstate: module qstate. opt_lists are available here; + :param response: struct dns_msg. The reply received from the backend server; + :param **kwargs: Dictionary that may contain parameters added in a future + release. + """ + log_dns_msg( + "python: incoming reply from {}{}".format(qstate.reply.addr, os.linesep), + response.qinfo, response.rep + ) + return True + + +def inplace_edns_back_parsed_call(qstate, **kwargs): + """ + Function that will be registered as an inplace callback function. + It will be called after EDNS is parsed on a reply from a backend server.. + + :param qstate: module qstate. opt_lists are available here; + :param **kwargs: Dictionary that may contain parameters added in a future + release. + """ + log_info("python: edns parsed") + return True + + def init_standard(id, env): """ New version of the init function. @@ -281,6 +314,16 @@ def init_standard(id, env): if not register_inplace_cb_query(inplace_query_callback, env, id): return False + # Register the inplace_edns_back_parsed_call function as an inplace callback + # for when a reply is received from a backend server. + if not register_inplace_cb_query_response(inplace_query_response_callback, env, id): + return False + + # Register the inplace_edns_back_parsed_call function as an inplace callback + # for when EDNS is parsed on a reply from a backend server. + if not register_inplace_cb_edns_back_parsed_call(inplace_edns_back_parsed_call, env, id): + return False + return True diff --git a/pythonmod/interface.i b/pythonmod/interface.i index df8514b4793b..a436389e1184 100644 --- a/pythonmod/interface.i +++ b/pythonmod/interface.i @@ -1378,7 +1378,7 @@ struct delegpt* dns_cache_find_delegation(struct module_env* env, struct regional* region, struct dns_msg** msg, uint32_t timenow, int noexpiredabove, uint8_t* expiretop, size_t expiretoplen); int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags, - struct delegpt* dp, int supports_ipv4, int supports_ipv6); + struct delegpt* dp, int supports_ipv4, int supports_ipv6, int use_nat64); struct iter_hints_stub* hints_lookup_stub(struct iter_hints* hints, uint8_t* qname, uint16_t qclass, struct delegpt* dp); @@ -1409,7 +1409,8 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n if(!dp) return NULL; if(iter_dp_is_useless(&qinfo, BIT_RD, dp, - qstate->env->cfg->do_ip4, qstate->env->cfg->do_ip6)) { + qstate->env->cfg->do_ip4, qstate->env->cfg->do_ip6, + qstate->env->cfg->do_nat64)) { if (dname_is_root((uint8_t*)nm)) return NULL; nm = (char*)dp->name; @@ -1550,13 +1551,15 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, struct comm_reply* repinfo, struct regional* region, struct timeval* start_time, int id, void* python_callback) { - PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; - PyObject *py_rep, *py_repinfo, *py_region; + PyObject *func = NULL, *py_edns = NULL, *py_qstate = NULL; + PyObject *py_opt_list_out = NULL, *py_qinfo = NULL; + PyObject *py_rep = NULL, *py_repinfo = NULL, *py_region = NULL; PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL; int res = 0; double py_start_time = ((double)start_time->tv_sec) + ((double)start_time->tv_usec) / 1.0e6; PyGILState_STATE gstate = PyGILState_Ensure(); + func = (PyObject *) python_callback; py_edns = SWIG_NewPointerObj((void*) edns, SWIGTYPE_p_edns_data, 0); py_qstate = SWIG_NewPointerObj((void*) qstate, @@ -1567,20 +1570,24 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, py_rep = SWIG_NewPointerObj((void*) rep, SWIGTYPE_p_reply_info, 0); py_repinfo = SWIG_NewPointerObj((void*) repinfo, SWIGTYPE_p_comm_reply, 0); py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); - if(py_qinfo && py_qstate && py_rep && py_edns && py_opt_list_out - && py_region && py_repinfo) { - py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, - rcode, py_edns, py_opt_list_out, py_region); - py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", - py_start_time); - if(py_args && py_kwargs) { - result = PyObject_Call(func, py_args, py_kwargs); - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic"); - } - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic"); + if(!(py_qinfo && py_qstate && py_rep && py_edns && py_opt_list_out + && py_region && py_repinfo)) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_reply_generic"); + goto out; + } + py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, + rcode, py_edns, py_opt_list_out, py_region); + py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", + py_start_time); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_reply_generic"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); } +out: Py_XDECREF(py_edns); Py_XDECREF(py_qstate); Py_XDECREF(py_opt_list_out); @@ -1590,9 +1597,6 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, Py_XDECREF(py_region); Py_XDECREF(py_args); Py_XDECREF(py_kwargs); - if (result) { - res = PyInt_AsLong(result); - } Py_XDECREF(result); PyGILState_Release(gstate); return res; @@ -1640,29 +1644,34 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, int res = 0; PyObject *func = python_callback; PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL; + PyObject *py_qinfo = NULL; + PyObject *py_qstate = NULL; + PyObject *py_addr = NULL; + PyObject *py_zone = NULL; + PyObject *py_region = NULL; PyGILState_STATE gstate = PyGILState_Ensure(); - PyObject *py_qinfo = SWIG_NewPointerObj((void*) qinfo, SWIGTYPE_p_query_info, 0); - PyObject *py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); - PyObject *py_addr = SWIG_NewPointerObj((void *) addr, SWIGTYPE_p_sockaddr_storage, 0); - PyObject *py_zone = PyBytes_FromStringAndSize((const char *)zone, zonelen); - PyObject *py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); - if(py_qinfo && py_qstate && py_addr && py_zone && py_region) { - py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region); - py_kwargs = Py_BuildValue("{}"); - if(py_args && py_kwargs) { - result = PyObject_Call(func, py_args, py_kwargs); - if (result) { - res = PyInt_AsLong(result); - } - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_query_generic"); - } - } else { - log_err("pythonmod: malloc failure in python_inplace_cb_query_generic"); + py_qinfo = SWIG_NewPointerObj((void*) qinfo, SWIGTYPE_p_query_info, 0); + py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); + py_addr = SWIG_NewPointerObj((void *) addr, SWIGTYPE_p_sockaddr_storage, 0); + py_zone = PyBytes_FromStringAndSize((const char *)zone, zonelen); + py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); + if(!(py_qinfo && py_qstate && py_addr && py_zone && py_region)) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_query_generic"); + goto out; } - + py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region); + py_kwargs = Py_BuildValue("{}"); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_query_generic"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } +out: Py_XDECREF(py_qinfo); Py_XDECREF(py_qstate); Py_XDECREF(py_addr); @@ -1686,6 +1695,105 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, if (ret) Py_INCREF(py_cb); return ret; } + + int python_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* python_callback) + { + int res = 0; + PyObject *func = python_callback; + PyObject *py_qstate = NULL; + PyObject *py_response = NULL; + PyObject *py_args = NULL; + PyObject *py_kwargs = NULL; + PyObject *result = NULL; + + PyGILState_STATE gstate = PyGILState_Ensure(); + + py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); + py_response = SWIG_NewPointerObj((void*) response, SWIGTYPE_p_dns_msg, 0); + if(!(py_qstate && py_response)) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_query_response"); + goto out; + } + py_args = Py_BuildValue("(OO)", py_qstate, py_response); + py_kwargs = Py_BuildValue("{}"); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_query_response"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } +out: + Py_XDECREF(py_qstate); + Py_XDECREF(py_response); + + Py_XDECREF(py_args); + Py_XDECREF(py_kwargs); + Py_XDECREF(result); + + PyGILState_Release(gstate); + + return res; + } + + static int register_inplace_cb_query_response(PyObject* py_cb, + struct module_env* env, int id) + { + int ret = inplace_cb_register(python_inplace_cb_query_response, + inplace_cb_query_response, (void*) py_cb, env, id); + if (ret) Py_INCREF(py_cb); + return ret; + } + + int python_inplace_cb_edns_back_parsed_call(struct module_qstate* qstate, + int id, void* python_callback) + { + int res = 0; + PyObject *func = python_callback; + PyObject *py_qstate = NULL; + PyObject *py_args = NULL; + PyObject *py_kwargs = NULL; + PyObject *result = NULL; + + PyGILState_STATE gstate = PyGILState_Ensure(); + + py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); + if(!py_qstate) { + log_err("pythonmod: swig pointer failure in python_inplace_cb_edns_back_parsed_call"); + goto out; + } + py_args = Py_BuildValue("(O)", py_qstate); + py_kwargs = Py_BuildValue("{}"); + if(!(py_args && py_kwargs)) { + log_err("pythonmod: BuildValue failure in python_inplace_cb_edns_back_parsed_call"); + goto out; + } + result = PyObject_Call(func, py_args, py_kwargs); + if (result) { + res = PyInt_AsLong(result); + } +out: + Py_XDECREF(py_qstate); + + Py_XDECREF(py_args); + Py_XDECREF(py_kwargs); + Py_XDECREF(result); + + PyGILState_Release(gstate); + + return res; + } + + static int register_inplace_cb_edns_back_parsed_call(PyObject* py_cb, + struct module_env* env, int id) + { + int ret = inplace_cb_register(python_inplace_cb_edns_back_parsed_call, + inplace_cb_edns_back_parsed, (void*) py_cb, env, id); + if (ret) Py_INCREF(py_cb); + return ret; + } %} /* C declarations */ int inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, @@ -1702,3 +1810,7 @@ static int register_inplace_cb_reply_servfail(PyObject* py_cb, struct module_env* env, int id); static int register_inplace_cb_query(PyObject *py_cb, struct module_env* env, int id); +static int register_inplace_cb_query_response(PyObject *py_cb, + struct module_env* env, int id); +static int register_inplace_cb_edns_back_parsed_call(PyObject *py_cb, + struct module_env* env, int id); diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c index 7c7da548994a..628308612ac0 100644 --- a/pythonmod/pythonmod.c +++ b/pythonmod/pythonmod.c @@ -252,13 +252,24 @@ cleanup: Py_XDECREF(exc_tb); } +/* we only want to unwind Python once at exit */ +static void +pythonmod_atexit(void) +{ + log_assert(py_mod_count == 0); + log_assert(mainthr != NULL); + + PyEval_RestoreThread(mainthr); + Py_Finalize(); +} + int pythonmod_init(struct module_env* env, int id) { int py_mod_idx = py_mod_count++; /* Initialize module */ FILE* script_py = NULL; - PyObject* py_init_arg, *res; + PyObject* py_init_arg = NULL, *res = NULL; PyGILState_STATE gil; int init_standard = 1, i = 0; #if PY_MAJOR_VERSION < 3 @@ -292,24 +303,67 @@ int pythonmod_init(struct module_env* env, int id) /* Initialize Python libraries */ if (py_mod_count==1 && !Py_IsInitialized()) { +#if PY_VERSION_HEX >= 0x03080000 + PyStatus status; + PyPreConfig preconfig; + PyConfig config; +#endif #if PY_MAJOR_VERSION >= 3 wchar_t progname[8]; mbstowcs(progname, "unbound", 8); #else char *progname = "unbound"; #endif +#if PY_VERSION_HEX < 0x03080000 Py_SetProgramName(progname); +#else + /* Python must be preinitialized, before the PyImport_AppendInittab + * call. */ + PyPreConfig_InitPythonConfig(&preconfig); + status = Py_PreInitialize(&preconfig); + if(PyStatus_Exception(status)) { + log_err("python exception in Py_PreInitialize: %s%s%s", + (status.func?status.func:""), (status.func?": ":""), + (status.err_msg?status.err_msg:"")); + return 0; + } +#endif Py_NoSiteFlag = 1; #if PY_MAJOR_VERSION >= 3 PyImport_AppendInittab(SWIG_name, (void*)SWIG_init); #endif +#if PY_VERSION_HEX < 0x03080000 Py_Initialize(); +#else + PyConfig_InitPythonConfig(&config); + status = PyConfig_SetString(&config, &config.program_name, progname); + if(PyStatus_Exception(status)) { + log_err("python exception in PyConfig_SetString(.. program_name ..): %s%s%s", + (status.func?status.func:""), (status.func?": ":""), + (status.err_msg?status.err_msg:"")); + PyConfig_Clear(&config); + return 0; + } + config.site_import = 0; + status = Py_InitializeFromConfig(&config); + if(PyStatus_Exception(status)) { + log_err("python exception in Py_InitializeFromConfig: %s%s%s", + (status.func?status.func:""), (status.func?": ":""), + (status.err_msg?status.err_msg:"")); + PyConfig_Clear(&config); + return 0; + } + PyConfig_Clear(&config); +#endif #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION <= 6) /* initthreads only for python 3.6 and older */ PyEval_InitThreads(); #endif SWIG_init(); mainthr = PyEval_SaveThread(); + + /* register callback to unwind Python at exit */ + atexit(pythonmod_atexit); } gil = PyGILState_Ensure(); @@ -317,6 +371,7 @@ int pythonmod_init(struct module_env* env, int id) if (py_mod_count==1) { /* Initialize Python */ if(PyRun_SimpleString("import sys \n") < 0 ) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); goto python_init_fail; } PyRun_SimpleString("sys.path.append('.') \n"); @@ -328,24 +383,17 @@ int pythonmod_init(struct module_env* env, int id) env->cfg->directory); PyRun_SimpleString(wdir); } - /* Check if sysconfig is there and use that instead of distutils; - * distutils.sysconfig is deprecated in Python 3.10. */ - if(PyRun_SimpleString("import sysconfig \n") < 0) { - log_info("pythonmod: module sysconfig not available; " - "falling back to distutils.sysconfig."); - if(PyRun_SimpleString("import distutils.sysconfig \n") < 0 - || PyRun_SimpleString("sys.path.append(" - "distutils.sysconfig.get_python_lib(1,0)) \n") < 0) { - goto python_init_fail; - } - } else { - if(PyRun_SimpleString("sys.path.append(" - "sysconfig.get_path('platlib')) \n") < 0) { - goto python_init_fail; - } + if(PyRun_SimpleString("import site\n") < 0) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + goto python_init_fail; + } + if(PyRun_SimpleString("sys.path.extend(site.getsitepackages())\n") < 0) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + goto python_init_fail; } if(PyRun_SimpleString("from unboundmodule import *\n") < 0) { + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); goto python_init_fail; } } @@ -362,18 +410,22 @@ int pythonmod_init(struct module_env* env, int id) if (script_py == NULL) { log_err("pythonmod: can't open file %s for reading", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } /* Load file */ pe->module = PyImport_AddModule("__main__"); + Py_XINCREF(pe->module); pe->dict = PyModule_GetDict(pe->module); + Py_XINCREF(pe->dict); pe->data = PyDict_New(); - Py_XINCREF(pe->data); - PyModule_AddObject(pe->module, "mod_env", pe->data); - - /* TODO: deallocation of pe->... if an error occurs */ + Py_XINCREF(pe->data); /* reference will be stolen below */ + if(PyModule_AddObject(pe->module, "mod_env", pe->data) < 0) { + log_err("pythonmod: could not add mod_env object"); + Py_XDECREF(pe->data); /* 2 times, here and on python_init_fail; */ + /* on failure the reference is not stolen */ + goto python_init_fail; + } if (PyRun_SimpleFile(script_py, pe->fname) < 0) { #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) @@ -404,18 +456,30 @@ int pythonmod_init(struct module_env* env, int id) fstr = malloc(flen+1); if(!fstr) { log_err("malloc failure to print parse error"); - PyGILState_Release(gil); + +/* close the file */ +#if PY_MAJOR_VERSION < 3 + Py_XDECREF(PyFileObject); +#else fclose(script_py); - return 0; +#endif + + goto python_init_fail; } fseek(script_py, 0, SEEK_SET); if(fread(fstr, flen, 1, script_py) < 1) { log_err("file read failed to print parse error: %s: %s", pe->fname, strerror(errno)); - PyGILState_Release(gil); - fclose(script_py); free(fstr); - return 0; + +/* close the file */ +#if PY_MAJOR_VERSION < 3 + Py_XDECREF(PyFileObject); +#else + fclose(script_py); +#endif + + goto python_init_fail; } fstr[flen] = 0; /* we compile the string, but do not run it, to stop side-effects */ @@ -423,17 +487,26 @@ int pythonmod_init(struct module_env* env, int id) * that we are expecting */ (void)Py_CompileString(fstr, pe->fname, Py_file_input); #endif + log_py_err(); - PyGILState_Release(gil); + +/* close the file */ +#if PY_MAJOR_VERSION < 3 + Py_XDECREF(PyFileObject); +#else fclose(script_py); +#endif + #if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) /* no cleanup needed for python before 3.9 */ #else /* cleanup for python 3.9 and newer */ free(fstr); #endif - return 0; + goto python_init_fail; } + +/* close the file */ #if PY_MAJOR_VERSION < 3 Py_XDECREF(PyFileObject); #else @@ -446,28 +519,28 @@ int pythonmod_init(struct module_env* env, int id) if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) { log_err("pythonmod: function init is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } } + Py_XINCREF(pe->func_init); if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) { log_err("pythonmod: function deinit is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } + Py_XINCREF(pe->func_deinit); if ((pe->func_operate = PyDict_GetItemString(pe->dict, "operate")) == NULL) { log_err("pythonmod: function operate is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } + Py_XINCREF(pe->func_operate); if ((pe->func_inform = PyDict_GetItemString(pe->dict, "inform_super")) == NULL) { log_err("pythonmod: function inform_super is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } + Py_XINCREF(pe->func_inform); if (init_standard) { @@ -483,26 +556,31 @@ int pythonmod_init(struct module_env* env, int id) { log_err("pythonmod: Exception occurred in function init"); log_py_err(); - Py_XDECREF(res); - Py_XDECREF(py_init_arg); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } Py_XDECREF(res); Py_XDECREF(py_init_arg); PyGILState_Release(gil); - return 1; python_init_fail: - log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + Py_XDECREF(pe->module); + Py_XDECREF(pe->dict); + Py_XDECREF(pe->data); + Py_XDECREF(pe->func_init); + Py_XDECREF(pe->func_deinit); + Py_XDECREF(pe->func_operate); + Py_XDECREF(pe->func_inform); + Py_XDECREF(res); + Py_XDECREF(py_init_arg); PyGILState_Release(gil); return 0; } void pythonmod_deinit(struct module_env* env, int id) { + int cbtype; struct pythonmod_env* pe = env->modinfo[id]; if(pe == NULL) return; @@ -522,18 +600,24 @@ void pythonmod_deinit(struct module_env* env, int id) /* Free result if any */ Py_XDECREF(res); /* Free shared data if any */ + Py_XDECREF(pe->module); + Py_XDECREF(pe->dict); Py_XDECREF(pe->data); + Py_XDECREF(pe->func_init); + Py_XDECREF(pe->func_deinit); + Py_XDECREF(pe->func_inform); + Py_XDECREF(pe->func_operate); PyGILState_Release(gil); - if(--py_mod_count==0) { - PyEval_RestoreThread(mainthr); - Py_Finalize(); - mainthr = NULL; - } + py_mod_count--; } pe->fname = NULL; free(pe); + /* iterate over all possible callback types and clean up each in turn */ + for (cbtype = 0; cbtype < inplace_cb_types_total; cbtype++) + inplace_cb_delete(env, cbtype, id); + /* Module is deallocated in Python */ env->modinfo[id] = NULL; } diff --git a/pythonmod/pythonmod.h b/pythonmod/pythonmod.h index 26d74e09f42b..86b1778c66fe 100644 --- a/pythonmod/pythonmod.h +++ b/pythonmod/pythonmod.h @@ -82,4 +82,12 @@ int python_inplace_cb_query_generic( uint8_t* zone, size_t zonelen, struct regional* region, int id, void* python_callback); +/** Declared here for fptr_wlist access. The definition is in interface.i. */ +int python_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* python_callback); + +/** Declared here for fptr_wlist access. The definition is in interface.i. */ +int python_inplace_cb_edns_back_parsed_call(struct module_qstate* qstate, + int id, void* python_callback); + #endif /* PYTHONMOD_H */ diff --git a/services/authzone.c b/services/authzone.c index 3898767c7e05..cd3ef8dbbf3d 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1306,8 +1306,8 @@ az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, auth_data_delete(node); } if(z->rpz) { - rpz_remove_rr(z->rpz, z->namelen, dname, dname_len, rr_type, - rr_class, rdata, rdatalen); + rpz_remove_rr(z->rpz, z->name, z->namelen, dname, dname_len, + rr_type, rr_class, rdata, rdatalen); } return 1; } @@ -5420,6 +5420,8 @@ xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env) edns.opt_list_out = NULL; edns.opt_list_inplace_cb_out = NULL; edns.padding_block_size = 0; + edns.cookie_present = 0; + edns.cookie_valid = 0; if(sldns_buffer_capacity(buf) < 65535) edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); else edns.udp_size = 65535; @@ -6613,6 +6615,8 @@ xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env) edns.opt_list_out = NULL; edns.opt_list_inplace_cb_out = NULL; edns.padding_block_size = 0; + edns.cookie_present = 0; + edns.cookie_valid = 0; if(sldns_buffer_capacity(buf) < 65535) edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); else edns.udp_size = 65535; @@ -7510,7 +7514,7 @@ static void add_rrlist_rrsigs_into_data(struct packed_rrset_data* data, size_t j; if(!rrlist[i]) continue; - if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD && + if(rrlist[i]->type == LDNS_RR_TYPE_ZONEMD && query_dname_compare(z->name, node->name)==0) { /* omit RRSIGs over type ZONEMD at apex */ continue; diff --git a/services/cache/dns.c b/services/cache/dns.c index 6fc9919ef4c0..9b4ad5888721 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -132,31 +132,6 @@ msg_cache_remove(struct module_env* env, uint8_t* qname, size_t qnamelen, slabhash_remove(env->msg_cache, h, &k); } -/** remove servfail msg cache entry */ -static void -msg_del_servfail(struct module_env* env, struct query_info* qinfo, - uint32_t flags) -{ - struct msgreply_entry* e; - /* see if the entry is servfail, and then remove it, so that - * lookups move from the cacheresponse stage to the recursionresponse - * stage */ - e = msg_cache_lookup(env, qinfo->qname, qinfo->qname_len, - qinfo->qtype, qinfo->qclass, flags, 0, 0); - if(!e) return; - /* we don't check for the ttl here, also expired servfail entries - * are removed. If the user uses serve-expired, they would still be - * used to answer from cache */ - if(FLAGS_GET_RCODE(((struct reply_info*)e->entry.data)->flags) - != LDNS_RCODE_SERVFAIL) { - lock_rw_unlock(&e->entry.lock); - return; - } - lock_rw_unlock(&e->entry.lock); - msg_cache_remove(env, qinfo->qname, qinfo->qname_len, qinfo->qtype, - qinfo->qclass, flags); -} - void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside, @@ -182,13 +157,20 @@ dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, /* we do not store the message, but we did store the RRs, * which could be useful for delegation information */ verbose(VERB_ALGO, "TTL 0: dropped msg from cache"); - free(rep); - /* if the message is SERVFAIL in cache, remove that SERVFAIL, + reply_info_delete(rep, NULL); + /* if the message is in the cache, remove that msg, * so that the TTL 0 response can be returned for future - * responses (i.e. don't get answered by the servfail from + * responses (i.e. don't get answered from * cache, but instead go to recursion to get this TTL0 - * response). */ - msg_del_servfail(env, qinfo, flags); + * response). + * Possible messages that could be in the cache: + * - SERVFAIL + * - NXDOMAIN + * - NODATA + * - an older record that is expired + * - an older record that did not yet expire */ + msg_cache_remove(env, qinfo->qname, qinfo->qname_len, + qinfo->qtype, qinfo->qclass, flags); return; } @@ -610,6 +592,7 @@ gen_dns_msg(struct regional* region, struct query_info* q, size_t num) if(!msg->rep) return NULL; msg->rep->reason_bogus = LDNS_EDE_NONE; + msg->rep->reason_bogus_str = NULL; if(num > RR_COUNT_MAX) return NULL; /* integer overflow protection */ msg->rep->rrsets = (struct ub_packed_rrset_key**) @@ -672,6 +655,10 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, msg->rep->rrset_count = r->rrset_count; msg->rep->authoritative = r->authoritative; msg->rep->reason_bogus = r->reason_bogus; + if(r->reason_bogus_str) { + msg->rep->reason_bogus_str = regional_strdup(region, r->reason_bogus_str); + } + if(!rrset_array_lock(r->ref, r->rrset_count, now_control)) { return NULL; } @@ -1075,7 +1062,6 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, /* ttl must be relative ;i.e. 0..86400 not time(0)+86400. * the env->now is added to message and RRsets in this routine. */ /* the leeway is used to invalidate other rrsets earlier */ - if(is_referral) { /* store rrsets */ struct rrset_ref ref; @@ -1092,7 +1078,7 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, ((ntohs(ref.key->rk.type)==LDNS_RR_TYPE_NS && !pside) ? qstarttime:*env->now + leeway)); } - free(rep); + reply_info_delete(rep, NULL); return 1; } else { /* store msg, and rrsets */ diff --git a/services/cache/infra.c b/services/cache/infra.c index 537cb949cf88..31462d13ae0a 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -67,6 +67,11 @@ int infra_dp_ratelimit = 0; * in queries per second. */ int infra_ip_ratelimit = 0; +/** ratelimit value for client ip addresses, + * in queries per second. + * For clients with a valid DNS Cookie. */ +int infra_ip_ratelimit_cookie = 0; + size_t infra_sizefunc(void* k, void* ATTR_UNUSED(d)) { @@ -1051,9 +1056,50 @@ infra_get_mem(struct infra_cache* infra) return s; } +/* Returns 1 if the limit has not been exceeded, 0 otherwise. */ +static int +check_ip_ratelimit(struct sockaddr_storage* addr, socklen_t addrlen, + struct sldns_buffer* buffer, int premax, int max, int has_cookie) +{ + int limit; + + if(has_cookie) limit = infra_ip_ratelimit_cookie; + else limit = infra_ip_ratelimit; + + /* Disabled */ + if(limit == 0) return 1; + + if(premax <= limit && max > limit) { + char client_ip[128], qnm[LDNS_MAX_DOMAINLEN+1+12+12]; + addr_to_str(addr, addrlen, client_ip, sizeof(client_ip)); + qnm[0]=0; + if(sldns_buffer_limit(buffer)>LDNS_HEADER_SIZE && + LDNS_QDCOUNT(sldns_buffer_begin(buffer))!=0) { + (void)sldns_wire2str_rrquestion_buf( + sldns_buffer_at(buffer, LDNS_HEADER_SIZE), + sldns_buffer_limit(buffer)-LDNS_HEADER_SIZE, + qnm, sizeof(qnm)); + if(strlen(qnm)>0 && qnm[strlen(qnm)-1]=='\n') + qnm[strlen(qnm)-1] = 0; /*remove newline*/ + if(strchr(qnm, '\t')) + *strchr(qnm, '\t') = ' '; + if(strchr(qnm, '\t')) + *strchr(qnm, '\t') = ' '; + verbose(VERB_OPS, "ip_ratelimit exceeded %s %d%s %s", + client_ip, limit, + has_cookie?"(cookie)":"", qnm); + } else { + verbose(VERB_OPS, "ip_ratelimit exceeded %s %d%s (no query name)", + client_ip, limit, + has_cookie?"(cookie)":""); + } + } + return (max <= limit); +} + int infra_ip_ratelimit_inc(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, time_t timenow, - int backoff, struct sldns_buffer* buffer) + int has_cookie, int backoff, struct sldns_buffer* buffer) { int max; struct lruhash_entry* entry; @@ -1070,31 +1116,8 @@ int infra_ip_ratelimit_inc(struct infra_cache* infra, (*cur)++; max = infra_rate_max(entry->data, timenow, backoff); lock_rw_unlock(&entry->lock); - - if(premax <= infra_ip_ratelimit && max > infra_ip_ratelimit) { - char client_ip[128], qnm[LDNS_MAX_DOMAINLEN+1+12+12]; - addr_to_str(addr, addrlen, client_ip, sizeof(client_ip)); - qnm[0]=0; - if(sldns_buffer_limit(buffer)>LDNS_HEADER_SIZE && - LDNS_QDCOUNT(sldns_buffer_begin(buffer))!=0) { - (void)sldns_wire2str_rrquestion_buf( - sldns_buffer_at(buffer, LDNS_HEADER_SIZE), - sldns_buffer_limit(buffer)-LDNS_HEADER_SIZE, - qnm, sizeof(qnm)); - if(strlen(qnm)>0 && qnm[strlen(qnm)-1]=='\n') - qnm[strlen(qnm)-1] = 0; /*remove newline*/ - if(strchr(qnm, '\t')) - *strchr(qnm, '\t') = ' '; - if(strchr(qnm, '\t')) - *strchr(qnm, '\t') = ' '; - verbose(VERB_OPS, "ip_ratelimit exceeded %s %d %s", - client_ip, infra_ip_ratelimit, qnm); - } else { - verbose(VERB_OPS, "ip_ratelimit exceeded %s %d (no query name)", - client_ip, infra_ip_ratelimit); - } - } - return (max <= infra_ip_ratelimit); + return check_ip_ratelimit(addr, addrlen, buffer, premax, max, + has_cookie); } /* create */ diff --git a/services/cache/infra.h b/services/cache/infra.h index faf7fd2f30e1..525073bf35bb 100644 --- a/services/cache/infra.h +++ b/services/cache/infra.h @@ -153,6 +153,8 @@ struct rate_key { /** ip ratelimit, 0 is off */ extern int infra_ip_ratelimit; +/** ip ratelimit for DNS Cookie clients, 0 is off */ +extern int infra_ip_ratelimit_cookie; /** * key for ip_ratelimit lookups, a source IP. @@ -419,13 +421,14 @@ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, * @param addr: client address * @param addrlen: client address length * @param timenow: what time it is now. + * @param has_cookie: if the request came with a DNS Cookie. * @param backoff: if backoff is enabled. * @param buffer: with query for logging. * @return 1 if it could be incremented. 0 if the increment overshot the * ratelimit and the query should be dropped. */ int infra_ip_ratelimit_inc(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, time_t timenow, - int backoff, struct sldns_buffer* buffer); + int has_cookie, int backoff, struct sldns_buffer* buffer); /** * Get memory used by the infra cache. diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 95606aff5d4e..60f9b41e5f6c 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -79,9 +79,11 @@ #ifdef HAVE_NET_IF_H #include <net/if.h> #endif - +#ifdef HAVE_LINUX_NET_TSTAMP_H +#include <linux/net_tstamp.h> +#endif /** number of queued TCP connections for listen() */ -#define TCP_BACKLOG 256 +#define TCP_BACKLOG 256 #ifndef THREADS_DISABLED /** lock on the counter of stream buffer memory */ @@ -187,7 +189,7 @@ systemd_get_activated(int family, int socktype, int listen, log_err("systemd sd_listen_fds(): %s", strerror(-r)); return -1; } - + for(i = 0; i < r; i++) { if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) { s = SD_LISTEN_FDS_START + i; @@ -253,7 +255,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } #else - if(WSAGetLastError() == WSAEAFNOSUPPORT || + if(WSAGetLastError() == WSAEAFNOSUPPORT || WSAGetLastError() == WSAEPROTONOSUPPORT) { *noproto = 1; return -1; @@ -270,7 +272,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #endif if(listen) { #ifdef SO_REUSEADDR - if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", sock_strerror(errno)); @@ -368,9 +370,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t slen = (socklen_t)sizeof(got); # ifdef SO_RCVBUFFORCE /* Linux specific: try to use root permission to override - * system limits on rcvbuf. The limit is stored in + * system limits on rcvbuf. The limit is stored in * /proc/sys/net/core/rmem_max or sysctl net.core.rmem_max */ - if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, + if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { if(errno != EPERM) { log_err("setsockopt(..., SO_RCVBUFFORCE, " @@ -381,7 +383,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } # endif /* SO_RCVBUFFORCE */ - if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, + if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { log_err("setsockopt(..., SO_RCVBUF, " "...) failed: %s", sock_strerror(errno)); @@ -392,7 +394,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, } /* check if we got the right thing or if system * reduced to some system max. Warn if so */ - if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got, + if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got, &slen) >= 0 && got < rcv/2) { log_warn("so-rcvbuf %u was not granted. " "Got %u. To fix: start with " @@ -413,9 +415,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t slen = (socklen_t)sizeof(got); # ifdef SO_SNDBUFFORCE /* Linux specific: try to use root permission to override - * system limits on sndbuf. The limit is stored in + * system limits on sndbuf. The limit is stored in * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */ - if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, + if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { if(errno != EPERM) { log_err("setsockopt(..., SO_SNDBUFFORCE, " @@ -426,7 +428,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } # endif /* SO_SNDBUFFORCE */ - if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, + if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { log_err("setsockopt(..., SO_SNDBUF, " "...) failed: %s", sock_strerror(errno)); @@ -437,7 +439,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, } /* check if we got the right thing or if system * reduced to some system max. Warn if so */ - if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got, + if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got, &slen) >= 0 && got < snd/2) { log_warn("so-sndbuf %u was not granted. " "Got %u. To fix: start with " @@ -469,7 +471,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, # endif ) { int val=(v6only==2)?0:1; - if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, + if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&val, (socklen_t)sizeof(val)) < 0) { log_err("setsockopt(..., IPV6_V6ONLY" ", ...) failed: %s", sock_strerror(errno)); @@ -576,7 +578,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int action; # if defined(IP_PMTUDISC_OMIT) action = IP_PMTUDISC_OMIT; - if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, + if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, &action, (socklen_t)sizeof(action)) < 0) { if (errno != EINVAL) { @@ -609,7 +611,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, /* the IP_DONTFRAG option if defined in the 11.0 OSX headers, * but does not work on that version, so we exclude it */ int off = 0; - if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, + if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, &off, (socklen_t)sizeof(off)) < 0) { log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s", strerror(errno)); @@ -647,7 +649,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if(WSAGetLastError() != WSAEADDRINUSE && WSAGetLastError() != WSAEADDRNOTAVAIL && !(WSAGetLastError() == WSAEACCES && verbosity < 4 && !listen)) { - log_err_addr("can't bind socket", + log_err_addr("can't bind socket", wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr, addrlen); } @@ -749,7 +751,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, } #endif #ifdef SO_REUSEADDR - if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", sock_strerror(errno)); @@ -793,7 +795,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, && !got_fd_from_systemd # endif ) { - if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, + if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&on, (socklen_t)sizeof(on)) < 0) { log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", sock_strerror(errno)); @@ -845,7 +847,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, addr->ai_addrlen); } #else - log_err_addr("can't bind socket", + log_err_addr("can't bind socket", wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr->ai_addr, addr->ai_addrlen); @@ -873,7 +875,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, /* 5 is recommended on linux */ qlen = 5; #endif - if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, + if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen))) == -1 ) { #ifdef ENOPROTOOPT /* squelch ENOPROTOOPT: freebsd server mode with kernel support @@ -999,7 +1001,7 @@ err: * Create socket from getaddrinfo results */ static int -make_sock(int stype, const char* ifname, const char* port, +make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, int use_systemd, int dscp, struct unbound_socket* ub_sock) @@ -1015,10 +1017,10 @@ make_sock(int stype, const char* ifname, const char* port, return -1; } #endif - log_err("node %s:%s getaddrinfo: %s %s", + log_err("node %s:%s getaddrinfo: %s %s", ifname?ifname:"default", port, gai_strerror(r), #ifdef EAI_SYSTEM - r==EAI_SYSTEM?(char*)strerror(errno):"" + (r==EAI_SYSTEM?(char*)strerror(errno):"") #else "" #endif @@ -1055,7 +1057,7 @@ make_sock(int stype, const char* ifname, const char* port, /** make socket and first see if ifname contains port override info */ static int -make_sock_port(int stype, const char* ifname, const char* port, +make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, int use_systemd, int dscp, struct unbound_socket* ub_sock) @@ -1114,9 +1116,28 @@ port_insert(struct listen_port** list, int s, enum listen_type ftype, return 1; } +/** set fd to receive software timestamps */ +static int +set_recvtimestamp(int s) +{ +#ifdef HAVE_LINUX_NET_TSTAMP_H + int opt = SOF_TIMESTAMPING_RX_SOFTWARE | SOF_TIMESTAMPING_SOFTWARE; + if (setsockopt(s, SOL_SOCKET, SO_TIMESTAMPNS, (void*)&opt, (socklen_t)sizeof(opt)) < 0) { + log_err("setsockopt(..., SO_TIMESTAMPNS, ...) failed: %s", + strerror(errno)); + return 0; + } + return 1; +#else + log_err("packets timestamping is not supported on this platform"); + (void)s; + return 0; +#endif +} + /** set fd to receive source address packet info */ static int -set_recvpktinfo(int s, int family) +set_recvpktinfo(int s, int family) { #if defined(IPV6_RECVPKTINFO) || defined(IPV6_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)) || defined(IP_PKTINFO) int on = 1; @@ -1214,6 +1235,9 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, * @param use_systemd: if true, fetch sockets from systemd. * @param dnscrypt_port: dnscrypt service port number * @param dscp: DSCP to use. + * @param sock_queue_timeout: the sock_queue_timeout from config. Seconds to + * wait to discard if UDP packets have waited for long in the socket + * buffer. * @return: returns false on error. */ static int @@ -1223,7 +1247,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, struct config_strlist* tls_additional_port, int https_port, struct config_strlist* proxy_protocol_port, int* reuseport, int transparent, int tcp_mss, int freebind, - int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp) + int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp, + int sock_queue_timeout) { int s, noip6=0; int is_https = if_is_https(ifname, port, https_port); @@ -1252,7 +1277,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); @@ -1263,15 +1289,20 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, /* getting source addr packet info is highly non-portable */ if(!set_recvpktinfo(s, hints->ai_family)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } + if (sock_queue_timeout && !set_recvtimestamp(s)) { + log_warn("socket timestamping is not available"); + } if(!port_insert(list, s, is_dnscrypt ?listen_type_udpancil_dnscrypt:listen_type_udpancil, is_pp2, ub_sock)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } @@ -1283,7 +1314,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); @@ -1291,11 +1323,15 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } return 0; } + if (sock_queue_timeout && !set_recvtimestamp(s)) { + log_warn("socket timestamping is not available"); + } if(!port_insert(list, s, is_dnscrypt ?listen_type_udp_dnscrypt:listen_type_udp, is_pp2, ub_sock)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } @@ -1318,7 +1354,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); if(noip6) { /*log_warn("IPv6 protocol not available");*/ @@ -1330,7 +1367,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, verbose(VERB_ALGO, "setup TCP for SSL service"); if(!port_insert(list, s, port_type, is_pp2, ub_sock)) { sock_close(s); - freeaddrinfo(ub_sock->addr); + if(ub_sock->addr) + freeaddrinfo(ub_sock->addr); free(ub_sock); return 0; } @@ -1338,7 +1376,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, return 1; } -/** +/** * Add items to commpoint list in front. * @param c: commpoint to add. * @param front: listen struct. @@ -1389,7 +1427,7 @@ void listen_desetup_locks(void) } } -struct listen_dnsport* +struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ports, size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, int harden_large_queries, uint32_t http_max_streams, @@ -1525,10 +1563,10 @@ listen_list_delete(struct listen_list* list) } } -void +void listen_delete(struct listen_dnsport* front) { - if(!front) + if(!front) return; listen_list_delete(front->cps); #ifdef USE_DNSCRYPT @@ -1802,7 +1840,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1819,7 +1857,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1838,7 +1876,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1854,7 +1892,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1872,7 +1910,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1888,7 +1926,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, reuseport, cfg->ip_transparent, cfg->tcp_mss, cfg->ip_freebind, cfg->http_nodelay, cfg->use_systemd, - cfg->dnscrypt_port, cfg->ip_dscp)) { + cfg->dnscrypt_port, cfg->ip_dscp, cfg->sock_queue_timeout)) { listening_ports_free(list); return NULL; } @@ -1908,7 +1946,8 @@ void listening_ports_free(struct listen_port* list) } /* rc_ports don't have ub_socket */ if(list->socket) { - freeaddrinfo(list->socket->addr); + if(list->socket->addr) + freeaddrinfo(list->socket->addr); free(list->socket); } free(list); @@ -1919,8 +1958,8 @@ void listening_ports_free(struct listen_port* list) size_t listen_get_mem(struct listen_dnsport* listen) { struct listen_list* p; - size_t s = sizeof(*listen) + sizeof(*listen->base) + - sizeof(*listen->udp_buff) + + size_t s = sizeof(*listen) + sizeof(*listen->base) + + sizeof(*listen->udp_buff) + sldns_buffer_capacity(listen->udp_buff); #ifdef USE_DNSCRYPT s += sizeof(*listen->dnscrypt_udp_buff); @@ -2001,7 +2040,7 @@ void tcp_req_info_clear(struct tcp_req_info* req) } req->open_req_list = NULL; req->num_open_req = 0; - + /* free pending writable result packets */ item = req->done_req_list; while(item) { @@ -2060,7 +2099,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) wr = 1; if(!req->read_is_closed) rd = 1; - + if(wr) { req->cp->tcp_is_reading = 0; comm_point_stop_listening(req->cp); @@ -2196,7 +2235,7 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req) } req->in_worker_handle = 0; /* it should be waiting in the mesh for recursion. - * If mesh failed to add a new entry and called commpoint_drop_reply. + * If mesh failed to add a new entry and called commpoint_drop_reply. * Then the mesh state has been cleared. */ if(req->is_drop) { /* the reply has been dropped, stream has been closed. */ @@ -2256,7 +2295,7 @@ tcp_req_info_add_result(struct tcp_req_info* req, uint8_t* buf, size_t len) last = req->done_req_list; while(last && last->next) last = last->next; - + /* create new element */ item = (struct tcp_req_done_item*)malloc(sizeof(*item)); if(!item) { @@ -2615,7 +2654,7 @@ static int http2_query_read_done(struct http2_session* h2_session, "buffer already assigned to stream"); return -1; } - + /* the c->buffer might be used by mesh_send_reply and no be cleard * need to be cleared before use */ sldns_buffer_clear(h2_session->c->buffer); diff --git a/services/localzone.c b/services/localzone.c index 3536b7aaa91b..44da22d785d9 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1308,6 +1308,7 @@ local_encode(struct query_info* qinfo, struct module_env* env, else rep.ns_numrrsets = 1; rep.rrset_count = 1; rep.rrsets = &rrset; + rep.reason_bogus = LDNS_EDE_NONE; udpsize = edns->udp_size; edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@ -1603,7 +1604,7 @@ local_zone_does_not_cover(struct local_zone* z, struct query_info* qinfo, struct local_data key; struct local_data* ld = NULL; struct local_rrset* lr = NULL; - if(z->type == local_zone_always_transparent) + if(z->type == local_zone_always_transparent || z->type == local_zone_block_a) return 1; if(z->type != local_zone_transparent && z->type != local_zone_typetransparent @@ -1680,6 +1681,16 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, || lz_type == local_zone_always_transparent) { /* no NODATA or NXDOMAINS for this zone type */ return 0; + } else if(lz_type == local_zone_block_a) { + /* Return NODATA for all A queries */ + if(qinfo->qtype == LDNS_RR_TYPE_A) { + local_error_encode(qinfo, env, edns, repinfo, buf, temp, + LDNS_RCODE_NOERROR, (LDNS_RCODE_NOERROR|BIT_AA), + LDNS_EDE_NONE, NULL); + return 1; + } + + return 0; } else if(lz_type == local_zone_always_null) { /* 0.0.0.0 or ::0 or noerror/nodata for this zone type, * used for blocklists. */ @@ -1846,7 +1857,8 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, if(z && (lzt == local_zone_transparent || lzt == local_zone_typetransparent || lzt == local_zone_inform || - lzt == local_zone_always_transparent) && + lzt == local_zone_always_transparent || + lzt == local_zone_block_a) && local_zone_does_not_cover(z, qinfo, labs)) { lock_rw_unlock(&z->lock); z = NULL; @@ -1894,6 +1906,7 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, if(lzt != local_zone_always_refuse && lzt != local_zone_always_transparent + && lzt != local_zone_block_a && lzt != local_zone_always_nxdomain && lzt != local_zone_always_nodata && lzt != local_zone_always_deny @@ -1924,6 +1937,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_inform_deny: return "inform_deny"; case local_zone_inform_redirect: return "inform_redirect"; case local_zone_always_transparent: return "always_transparent"; + case local_zone_block_a: return "block_a"; case local_zone_always_refuse: return "always_refuse"; case local_zone_always_nxdomain: return "always_nxdomain"; case local_zone_always_nodata: return "always_nodata"; @@ -1958,6 +1972,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_inform_redirect; else if(strcmp(type, "always_transparent") == 0) *t = local_zone_always_transparent; + else if(strcmp(type, "block_a") == 0) + *t = local_zone_block_a; else if(strcmp(type, "always_refuse") == 0) *t = local_zone_always_refuse; else if(strcmp(type, "always_nxdomain") == 0) diff --git a/services/localzone.h b/services/localzone.h index 19534f7509ed..4456893ee112 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -88,6 +88,8 @@ enum localzone_type { local_zone_inform_redirect, /** resolve normally, even when there is local data */ local_zone_always_transparent, + /** resolve normally, even when there is local data but return NODATA for A queries */ + local_zone_block_a, /** answer with error, even when there is local data */ local_zone_always_refuse, /** answer with nxdomain, even when there is local data */ diff --git a/services/mesh.c b/services/mesh.c index 9007b6e08c32..52d14a2d1f54 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -63,82 +63,13 @@ #include "util/data/dname.h" #include "respip/respip.h" #include "services/listen_dnsport.h" +#include "util/timeval_func.h" #ifdef CLIENT_SUBNET #include "edns-subnet/subnetmod.h" #include "edns-subnet/edns-subnet.h" #endif -/** subtract timers and the values do not overflow or become negative */ -static void -timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start) -{ -#ifndef S_SPLINT_S - time_t end_usec = end->tv_usec; - d->tv_sec = end->tv_sec - start->tv_sec; - if(end_usec < start->tv_usec) { - end_usec += 1000000; - d->tv_sec--; - } - d->tv_usec = end_usec - start->tv_usec; -#endif -} - -/** add timers and the values do not overflow or become negative */ -static void -timeval_add(struct timeval* d, const struct timeval* add) -{ -#ifndef S_SPLINT_S - d->tv_sec += add->tv_sec; - d->tv_usec += add->tv_usec; - if(d->tv_usec >= 1000000 ) { - d->tv_usec -= 1000000; - d->tv_sec++; - } -#endif -} - -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d <= 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - if(leftover <= 0) - leftover = 0; - avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; - if(avg->tv_sec < 0) - avg->tv_sec = 0; - if(avg->tv_usec < 0) - avg->tv_usec = 0; -#endif -} - -/** histogram compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - /** * Compare two response-ip client info entries for the purpose of mesh state * compare. It returns 0 if ci_a and ci_b are considered equal; otherwise @@ -249,7 +180,7 @@ mesh_state_ref_compare(const void* ap, const void* bp) return mesh_state_compare(a->s, b->s); } -struct mesh_area* +struct mesh_area* mesh_create(struct module_stack* stack, struct module_env* env) { struct mesh_area* mesh = calloc(1, sizeof(struct mesh_area)); @@ -275,6 +206,7 @@ mesh_create(struct module_stack* stack, struct module_env* env) mesh->stats_jostled = 0; mesh->stats_dropped = 0; mesh->ans_expired = 0; + mesh->ans_cachedb = 0; mesh->max_reply_states = env->cfg->num_queries_per_thread; mesh->max_forever_states = (mesh->max_reply_states+1)/2; #ifndef S_SPLINT_S @@ -298,7 +230,7 @@ mesh_delete_helper(rbnode_type* n) * traversal and rbtree rebalancing do not work together */ } -void +void mesh_delete(struct mesh_area* mesh) { if(!mesh) @@ -341,7 +273,7 @@ int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf) if(m && m->reply_list && m->list_select == mesh_jostle_list) { /* how old is it? */ struct timeval age; - timeval_subtract(&age, mesh->env->now_tv, + timeval_subtract(&age, mesh->env->now_tv, &m->reply_list->start_time); if(timeval_smaller(&mesh->jostle_max, &age)) { /* its a goner */ @@ -517,6 +449,8 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, comm_point_send_reply(rep); return; } + /* set detached (it is now) */ + mesh->num_detached_states++; if(unique) mesh_state_make_unique(s); s->s.rpz_passthru = rpz_passthru; @@ -525,13 +459,14 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in, s->s.region); if(!s->s.edns_opts_front_in) { - log_err("mesh_state_create: out of memory; SERVFAIL"); + log_err("edns_opt_copy_region: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list_inplace_cb_out = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); comm_point_send_reply(rep); + mesh_state_delete(&s->s); return; } } @@ -543,8 +478,6 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, #endif rbtree_insert(&mesh->all, &s->node); log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; added = 1; } if(!s->reply_list && !s->cb_list) { @@ -585,11 +518,11 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, /* move to either the forever or the jostle_list */ if(mesh->num_forever_states < mesh->max_forever_states) { mesh->num_forever_states ++; - mesh_list_insert(s, &mesh->forever_first, + mesh_list_insert(s, &mesh->forever_first, &mesh->forever_last); s->list_select = mesh_forever_list; } else { - mesh_list_insert(s, &mesh->jostle_first, + mesh_list_insert(s, &mesh->jostle_first, &mesh->jostle_last); s->list_select = mesh_jostle_list; } @@ -610,9 +543,9 @@ servfail_mem: return; } -int +int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, + uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, uint16_t qid, mesh_cb_func_type cb, void* cb_arg, int rpz_passthru) { struct mesh_state* s = NULL; @@ -637,6 +570,8 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, if(!s) { return 0; } + /* set detached (it is now) */ + mesh->num_detached_states++; if(unique) mesh_state_make_unique(s); s->s.rpz_passthru = rpz_passthru; @@ -644,6 +579,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list_in, s->s.region); if(!s->s.edns_opts_front_in) { + mesh_state_delete(&s->s); return 0; } } @@ -654,8 +590,6 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, #endif rbtree_insert(&mesh->all, &s->node); log_assert(n != NULL); - /* set detached (it is now) */ - mesh->num_detached_states++; added = 1; } if(!s->reply_list && !s->cb_list) { @@ -672,6 +606,8 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, } /* add serve expired timer if not already there */ if(timeout && !mesh_serve_expired_init(s, timeout)) { + if(added) + mesh_state_delete(&s->s); return 0; } /* update statistics */ @@ -773,7 +709,7 @@ static void mesh_schedule_prefetch(struct mesh_area* mesh, * attached its own ECS data. */ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int run, - int rpz_passthru, struct comm_reply* rep, struct edns_option* edns_list) + int rpz_passthru, struct sockaddr_storage* addr, struct edns_option* edns_list) { struct mesh_state* s = NULL; struct edns_option* opt = NULL; @@ -803,20 +739,10 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, return; } } else { - /* Fake the ECS data from the client's IP */ - struct ecs_data ecs; - memset(&ecs, 0, sizeof(ecs)); - subnet_option_from_ss(&rep->client_addr, &ecs, mesh->env->cfg); - if(ecs.subnet_validdata == 0) { - log_err("prefetch_subnet subnet_option_from_ss: invalid data"); - return; - } - subnet_ecs_opt_list_append(&ecs, &s->s.edns_opts_front_in, - &s->s, s->s.region); - if(!s->s.edns_opts_front_in) { - log_err("prefetch_subnet subnet_ecs_opt_list_append: out of memory"); - return; - } + /* Store the client's address. Later in the subnet module, + * it is decided whether to include an ECS option or not. + */ + s->s.client_addr = *addr; } #ifdef UNBOUND_DEBUG n = @@ -863,14 +789,14 @@ static void mesh_schedule_prefetch_subnet(struct mesh_area* mesh, void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int rpz_passthru, - struct comm_reply* rep, struct edns_option* opt_list) + struct sockaddr_storage* addr, struct edns_option* opt_list) { + (void)addr; (void)opt_list; - (void)rep; #ifdef CLIENT_SUBNET - if(rep) + if(addr) mesh_schedule_prefetch_subnet(mesh, qinfo, qflags, leeway, 1, - rpz_passthru, rep, opt_list); + rpz_passthru, addr, opt_list); else #endif mesh_schedule_prefetch(mesh, qinfo, qflags, leeway, 1, @@ -900,7 +826,7 @@ mesh_state_create(struct module_env* env, struct query_info* qinfo, int i; if(!region) return NULL; - mstate = (struct mesh_state*)regional_alloc(region, + mstate = (struct mesh_state*)regional_alloc(region, sizeof(struct mesh_state)); if(!mstate) { alloc_reg_release(env->alloc, region); @@ -970,19 +896,13 @@ mesh_state_create(struct module_env* env, struct query_info* qinfo, return mstate; } -int -mesh_state_is_unique(struct mesh_state* mstate) -{ - return mstate->unique != NULL; -} - void mesh_state_make_unique(struct mesh_state* mstate) { mstate->unique = mstate; } -void +void mesh_state_cleanup(struct mesh_state* mstate) { struct mesh_area* mesh; @@ -1028,7 +948,7 @@ mesh_state_cleanup(struct mesh_state* mstate) alloc_reg_release(mstate->s.env->alloc, mstate->s.region); } -void +void mesh_state_delete(struct module_qstate* qstate) { struct mesh_area* mesh; @@ -1041,10 +961,10 @@ mesh_state_delete(struct module_qstate* qstate) mesh_detach_subs(&mstate->s); if(mstate->list_select == mesh_forever_list) { mesh->num_forever_states --; - mesh_list_remove(mstate, &mesh->forever_first, + mesh_list_remove(mstate, &mesh->forever_first, &mesh->forever_last); } else if(mstate->list_select == mesh_jostle_list) { - mesh_list_remove(mstate, &mesh->jostle_first, + mesh_list_remove(mstate, &mesh->jostle_first, &mesh->jostle_last); } if(!mstate->reply_list && !mstate->cb_list @@ -1116,7 +1036,7 @@ void mesh_detach_subs(struct module_qstate* qstate) if(!ref->s->reply_list && !ref->s->cb_list && ref->s->super_set.count == 0) { mesh->num_detached_states++; - log_assert(mesh->num_detached_states + + log_assert(mesh->num_detached_states + mesh->num_reply_states <= mesh->all.count); } } @@ -1181,7 +1101,7 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, if(!mesh_state_attachment(qstate->mesh_info, sub)) return 0; /* if it was a duplicate attachment, the count was not zero before */ - if(!sub->reply_list && !sub->cb_list && was_detached && + if(!sub->reply_list && !sub->cb_list && was_detached && sub->super_set.count == 1) { /* it used to be detached, before this one got added */ log_assert(mesh->num_detached_states > 0); @@ -1251,7 +1171,7 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; - if(!rcode && (rep->security == sec_status_bogus || + if(!rcode && rep && (rep->security == sec_status_bogus || rep->security == sec_status_secure_sentinel_fail)) { if(!(reason = errinf_to_str_bogus(&m->s))) rcode = LDNS_RCODE_SERVFAIL; @@ -1280,10 +1200,10 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region, start_time) || - !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, - r->qflags, r->buf, 0, 1, - m->s.env->scratch, udp_size, &r->edns, - (int)(r->edns.bits & EDNS_DO), secure)) + !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, + r->qflags, r->buf, 0, 1, + m->s.env->scratch, udp_size, &r->edns, + (int)(r->edns.bits & EDNS_DO), secure)) { fptr_ok(fptr_whitelist_mesh_cb(r->cb)); (*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf, @@ -1291,7 +1211,8 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, } else { fptr_ok(fptr_whitelist_mesh_cb(r->cb)); (*r->cb)(r->cb_arg, LDNS_RCODE_NOERROR, r->buf, - rep->security, reason, was_ratelimited); + (rep?rep->security:sec_status_unchecked), + reason, was_ratelimited); } } free(reason); @@ -1311,10 +1232,36 @@ mesh_is_rpz_respip_tcponly_action(struct mesh_state const* m) } static inline int -mesh_is_udp(struct mesh_reply const* r) { +mesh_is_udp(struct mesh_reply const* r) +{ return r->query_reply.c->type == comm_udp; } +static inline void +mesh_find_and_attach_ede_and_reason(struct mesh_state* m, + struct reply_info* rep, struct mesh_reply* r) +{ + /* OLD note: + * During validation the EDE code can be received via two + * code paths. One code path fills the reply_info EDE, and + * the other fills it in the errinf_strlist. These paths + * intersect at some points, but where is opaque due to + * the complexity of the validator. At the time of writing + * we make the choice to prefer the EDE from errinf_strlist + * but a compelling reason to do otherwise is just as valid + * NEW note: + * The compelling reason is that with caching support, the value + * in the reply_info is cached. + * The reason members of the reply_info struct should be + * updated as they are already cached. No reason to + * try and find the EDE information in errinf anymore. + */ + if(rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&r->edns.opt_list_out, + m->s.region, rep->reason_bogus, rep->reason_bogus_str); + } +} + /** * Send reply to mesh reply entry * @param m: mesh state to send it for. @@ -1346,7 +1293,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, /* examine security status */ if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || - m->s.env->cfg->ignore_cd) && rep && + m->s.env->cfg->ignore_cd) && rep && (rep->security <= sec_status_bogus || rep->security == sec_status_secure_sentinel_fail)) { rcode = LDNS_RCODE_SERVFAIL; @@ -1401,40 +1348,17 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list_inplace_cb_out = NULL; - } else { + } else { if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list_inplace_cb_out = NULL; } - /* Send along EDE BOGUS EDNS0 option when answer is bogus */ - if(m->s.env->cfg->ede && rcode == LDNS_RCODE_SERVFAIL && - m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || - m->s.env->cfg->ignore_cd) && rep && - (rep->security <= sec_status_bogus || - rep->security == sec_status_secure_sentinel_fail)) { - char *reason = m->s.env->cfg->val_log_level >= 2 - ? errinf_to_str_bogus(&m->s) : NULL; - - /* During validation the EDE code can be received via two - * code paths. One code path fills the reply_info EDE, and - * the other fills it in the errinf_strlist. These paths - * intersect at some points, but where is opaque due to - * the complexity of the validator. At the time of writing - * we make the choice to prefer the EDE from errinf_strlist - * but a compelling reason to do otherwise is just as valid - */ - sldns_ede_code reason_bogus = errinf_to_reason_bogus(&m->s); - if ((reason_bogus == LDNS_EDE_DNSSEC_BOGUS && - rep->reason_bogus != LDNS_EDE_NONE) || - reason_bogus == LDNS_EDE_NONE) { - reason_bogus = rep->reason_bogus; - } - - if(reason_bogus != LDNS_EDE_NONE) { - edns_opt_list_append_ede(&r->edns.opt_list_out, - m->s.region, reason_bogus, reason); - } - free(reason); + /* Send along EDE EDNS0 option when SERVFAILing; usually + * DNSSEC validation failures */ + /* Since we are SERVFAILing here, CD bit and rep->security + * is already handled. */ + if(m->s.env->cfg->ede && rep) { + mesh_find_and_attach_ede_and_reason(m, rep, r); } error_encode(r_buffer, rcode, &m->s.qinfo, r->qid, r->qflags, &r->edns); @@ -1449,12 +1373,22 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, r->edns.bits &= EDNS_DO; m->s.qinfo.qname = r->qname; m->s.qinfo.local_alias = r->local_alias; + + /* Attach EDE without SERVFAIL if the validation failed. + * Need to explicitly check for rep->security otherwise failed + * validation paths may attach to a secure answer. */ + if(m->s.env->cfg->ede && rep && + (rep->security <= sec_status_bogus || + rep->security == sec_status_secure_sentinel_fail)) { + mesh_find_and_attach_ede_and_reason(m, rep, r); + } + if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region, &r->start_time) || - !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, + !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r_buffer, 0, 1, m->s.env->scratch, udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO), - secure)) + secure)) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time)) @@ -1503,6 +1437,7 @@ void mesh_query_done(struct mesh_state* mstate) struct reply_info* rep = (mstate->s.return_msg? mstate->s.return_msg->rep:NULL); struct timeval tv = {0, 0}; + int i = 0; /* No need for the serve expired timer anymore; we are going to reply. */ if(mstate->s.serve_expired_data) { comm_timer_delete(mstate->s.serve_expired_data->timer); @@ -1522,6 +1457,7 @@ void mesh_query_done(struct mesh_state* mstate) } } for(r = mstate->reply_list; r; r = r->next) { + i++; tv = r->start_time; /* if a response-ip address block has been stored the @@ -1533,16 +1469,6 @@ void mesh_query_done(struct mesh_state* mstate) mstate->s.qinfo.qclass, r->local_alias, &r->query_reply.client_addr, r->query_reply.client_addrlen); - if(mstate->s.env->cfg->stat_extended && - mstate->s.respip_action_info->rpz_used) { - if(mstate->s.respip_action_info->rpz_disabled) - mstate->s.env->mesh->rpz_action[RPZ_DISABLED_ACTION]++; - if(mstate->s.respip_action_info->rpz_cname_override) - mstate->s.env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++; - else - mstate->s.env->mesh->rpz_action[respip_action_to_rpz_action( - mstate->s.respip_action_info->action)]++; - } } /* if this query is determined to be dropped during the @@ -1573,6 +1499,27 @@ void mesh_query_done(struct mesh_state* mstate) prev_buffer = r_buffer; } } + /* Account for each reply sent. */ + if(i > 0 && mstate->s.respip_action_info && + mstate->s.respip_action_info->addrinfo && + mstate->s.env->cfg->stat_extended && + mstate->s.respip_action_info->rpz_used) { + if(mstate->s.respip_action_info->rpz_disabled) + mstate->s.env->mesh->rpz_action[RPZ_DISABLED_ACTION] += i; + if(mstate->s.respip_action_info->rpz_cname_override) + mstate->s.env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION] += i; + else + mstate->s.env->mesh->rpz_action[respip_action_to_rpz_action( + mstate->s.respip_action_info->action)] += i; + } + if(!mstate->s.is_drop && i > 0) { + if(mstate->s.env->cfg->stat_extended + && mstate->s.is_cachedb_answer) { + mstate->s.env->mesh->ans_cachedb += i; + } + } + + /* Mesh area accounting */ if(mstate->reply_list) { mstate->reply_list = NULL; if(!mstate->reply_list && !mstate->cb_list) { @@ -1585,6 +1532,7 @@ void mesh_query_done(struct mesh_state* mstate) mstate->s.env->mesh->num_detached_states++; } mstate->replies_sent = 1; + while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be * changed, eg. by adds from the callback routine */ @@ -1611,7 +1559,7 @@ void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate) /* callback the function to inform super of result */ fptr_ok(fptr_whitelist_mod_inform_super( mesh->mods.mod[ref->s->s.curmod]->inform_super)); - (*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s, + (*mesh->mods.mod[ref->s->s.curmod]->inform_super)(&mstate->s, ref->s->s.curmod, &ref->s->s); /* copy state that is always relevant to super */ copy_state_to_super(&mstate->s, ref->s->s.curmod, &ref->s->s); @@ -1635,7 +1583,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, * desire aggregation).*/ key.unique = NULL; key.s.client_info = cinfo; - + result = (struct mesh_state*)rbtree_search(&mesh->all, &key); return result; } @@ -1644,7 +1592,7 @@ int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns, sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg, uint16_t qid, uint16_t qflags) { - struct mesh_cb* r = regional_alloc(s->s.region, + struct mesh_cb* r = regional_alloc(s->s.region, sizeof(struct mesh_cb)); if(!r) return 0; @@ -1776,7 +1724,7 @@ mesh_copy_qinfo(struct mesh_state* mstate, struct query_info** qinfop, * Handles module finished. * @param mesh: the mesh area. * @param mstate: currently active mesh state. - * Deleted if finished, calls _done and _supers to + * Deleted if finished, calls _done and _supers to * send replies to clients and inform other mesh states. * This in turn may create additional runnable mesh states. * @param s: state at which the current module exited. @@ -1810,7 +1758,7 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, } if(s == module_restart_next) { int curmod = mstate->s.curmod; - for(; mstate->s.curmod < mesh->mods.num; + for(; mstate->s.curmod < mesh->mods.num; mstate->s.curmod++) { fptr_ok(fptr_whitelist_mod_clear( mesh->mods.mod[mstate->s.curmod]->clear)); @@ -1842,9 +1790,21 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, if(s == module_finished) { if(mstate->s.curmod == 0) { struct query_info* qinfo = NULL; + struct edns_option* opt_list = NULL; + struct sockaddr_storage addr; uint16_t qflags; int rpz_p = 0; +#ifdef CLIENT_SUBNET + struct edns_option* ecs; + if(mstate->s.need_refetch && mstate->reply_list && + modstack_find(&mesh->mods, "subnetcache") != -1 && + mstate->s.env->unique_mesh) { + addr = mstate->reply_list->query_reply.client_addr; + } else +#endif + memset(&addr, 0, sizeof(addr)); + mesh_query_done(mstate); mesh_walk_supers(mesh, mstate); @@ -1854,13 +1814,28 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, * we need to make a copy of the query info here. */ if(mstate->s.need_refetch) { mesh_copy_qinfo(mstate, &qinfo, &qflags); +#ifdef CLIENT_SUBNET + /* Make also a copy of the ecs option if any */ + if((ecs = edns_opt_list_find( + mstate->s.edns_opts_front_in, + mstate->s.env->cfg->client_subnet_opcode)) != NULL) { + (void)edns_opt_list_append(&opt_list, + ecs->opt_code, ecs->opt_len, + ecs->opt_data, + mstate->s.env->scratch); + } +#endif rpz_p = mstate->s.rpz_passthru; } - mesh_state_delete(&mstate->s); if(qinfo) { - mesh_schedule_prefetch(mesh, qinfo, qflags, - 0, 1, rpz_p); + mesh_state_delete(&mstate->s); + mesh_new_prefetch(mesh, qinfo, qflags, 0, + rpz_p, + addr.ss_family!=AF_UNSPEC?&addr:NULL, + opt_list); + } else { + mesh_state_delete(&mstate->s); } return 0; } @@ -1888,7 +1863,7 @@ void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate, mstate->s.reply = NULL; regional_free_all(mstate->s.env->scratch); s = mstate->s.ext_state[mstate->s.curmod]; - verbose(VERB_ALGO, "mesh_run: %s module exit state is %s", + verbose(VERB_ALGO, "mesh_run: %s module exit state is %s", mesh->mods.mod[mstate->s.curmod]->name, strextstate(s)); e = NULL; if(mesh_continue(mesh, mstate, s, &ev)) @@ -1908,14 +1883,14 @@ void mesh_run(struct mesh_area* mesh, struct mesh_state* mstate, } } -void +void mesh_log_list(struct mesh_area* mesh) { char buf[30]; struct mesh_state* m; int num = 0; RBTREE_FOR(m, struct mesh_state*, &mesh->all) { - snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s", + snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s", num++, (m->s.is_priming)?"p":"", /* prime */ (m->s.is_valrec)?"v":"", /* prime */ (m->s.query_flags&BIT_RD)?"RD":"", @@ -1924,18 +1899,18 @@ mesh_log_list(struct mesh_area* mesh) (m->sub_set.count!=0)?"c":"", /* children */ m->s.curmod, (m->reply_list)?"rep":"", /*hasreply*/ (m->cb_list)?"cb":"" /* callbacks */ - ); + ); log_query_info(VERB_ALGO, buf, &m->s.qinfo); } } -void +void mesh_stats(struct mesh_area* mesh, const char* str) { verbose(VERB_DETAIL, "%s %u recursion states (%u with reply, " "%u detached), %u waiting replies, %u recursion replies " - "sent, %d replies dropped, %d states jostled out", - str, (unsigned)mesh->all.count, + "sent, %d replies dropped, %d states jostled out", + str, (unsigned)mesh->all.count, (unsigned)mesh->num_reply_states, (unsigned)mesh->num_detached_states, (unsigned)mesh->num_reply_addrs, @@ -1944,7 +1919,7 @@ mesh_stats(struct mesh_area* mesh, const char* str) (unsigned)mesh->stats_jostled); if(mesh->replies_sent > 0) { struct timeval avg; - timeval_divide(&avg, &mesh->replies_sum_wait, + timeval_divide(&avg, &mesh->replies_sum_wait, mesh->replies_sent); log_info("average recursion processing time " ARG_LL "d.%6.6d sec", @@ -1954,7 +1929,7 @@ mesh_stats(struct mesh_area* mesh, const char* str) } } -void +void mesh_stats_clear(struct mesh_area* mesh) { if(!mesh) @@ -1968,12 +1943,13 @@ mesh_stats_clear(struct mesh_area* mesh) mesh->ans_secure = 0; mesh->ans_bogus = 0; mesh->ans_expired = 0; + mesh->ans_cachedb = 0; memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*UB_STATS_RCODE_NUM); memset(&mesh->rpz_action[0], 0, sizeof(size_t)*UB_STATS_RPZ_ACTION_NUM); mesh->ans_nodata = 0; } -size_t +size_t mesh_get_mem(struct mesh_area* mesh) { struct mesh_state* m; @@ -1987,7 +1963,7 @@ mesh_get_mem(struct mesh_area* mesh) return s; } -int +int mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, uint16_t flags, int prime, int valrec) { @@ -2104,6 +2080,7 @@ mesh_serve_expired_callback(void* arg) struct timeval tv = {0, 0}; int must_validate = (!(qstate->query_flags&BIT_CD) || qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate; + int i = 0; if(!qstate->serve_expired_data) return; verbose(VERB_ALGO, "Serve expired: Trying to reply with expired data"); comm_timer_delete(qstate->serve_expired_data->timer); @@ -2175,6 +2152,7 @@ mesh_serve_expired_callback(void* arg) log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep); for(r = mstate->reply_list; r; r = r->next) { + i++; tv = r->start_time; /* If address info is returned, it means the action should be an @@ -2184,16 +2162,6 @@ mesh_serve_expired_callback(void* arg) qstate->qinfo.qtype, qstate->qinfo.qclass, r->local_alias, &r->query_reply.client_addr, r->query_reply.client_addrlen); - - if(qstate->env->cfg->stat_extended && actinfo.rpz_used) { - if(actinfo.rpz_disabled) - qstate->env->mesh->rpz_action[RPZ_DISABLED_ACTION]++; - if(actinfo.rpz_cname_override) - qstate->env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION]++; - else - qstate->env->mesh->rpz_action[ - respip_action_to_rpz_action(actinfo.action)]++; - } } /* Add EDE Stale Answer (RCF8914). Ignore global ede as this is @@ -2213,11 +2181,23 @@ mesh_serve_expired_callback(void* arg) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); prev = r; prev_buffer = r_buffer; - - /* Account for each reply sent. */ - mesh->ans_expired++; - } + /* Account for each reply sent. */ + if(i > 0) { + mesh->ans_expired += i; + if(actinfo.addrinfo && qstate->env->cfg->stat_extended && + actinfo.rpz_used) { + if(actinfo.rpz_disabled) + qstate->env->mesh->rpz_action[RPZ_DISABLED_ACTION] += i; + if(actinfo.rpz_cname_override) + qstate->env->mesh->rpz_action[RPZ_CNAME_OVERRIDE_ACTION] += i; + else + qstate->env->mesh->rpz_action[ + respip_action_to_rpz_action(actinfo.action)] += i; + } + } + + /* Mesh area accounting */ if(mstate->reply_list) { mstate->reply_list = NULL; if(!mstate->reply_list && !mstate->cb_list) { @@ -2228,6 +2208,7 @@ mesh_serve_expired_callback(void* arg) } } } + while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be * changed, eg. by adds from the callback routine */ diff --git a/services/mesh.h b/services/mesh.h index 25121a67b3a5..d926cfc9dec3 100644 --- a/services/mesh.h +++ b/services/mesh.h @@ -114,6 +114,8 @@ struct mesh_area { size_t stats_dropped; /** stats, number of expired replies sent */ size_t ans_expired; + /** stats, number of cached replies from cachedb */ + size_t ans_cachedb; /** number of replies sent */ size_t replies_sent; /** sum of waiting times for the replies */ @@ -335,13 +337,13 @@ int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, * @param leeway: TTL leeway what to expire earlier for this update. * @param rpz_passthru: if true, the rpz passthru was previously found and * further rpz processing is stopped. - * @param rep: comm_reply for the client; to be used when subnet is enabled. + * @param addr: sockaddr_storage for the client; to be used with subnet. * @param opt_list: edns opt_list from the client; to be used when subnet is * enabled. */ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway, int rpz_passthru, - struct comm_reply* rep, struct edns_option* opt_list); + struct sockaddr_storage* addr, struct edns_option* opt_list); /** * Handle new event from the wire. A serviced query has returned. @@ -479,14 +481,6 @@ struct mesh_state* mesh_state_create(struct module_env* env, uint16_t qflags, int prime, int valrec); /** - * Check if the mesh state is unique. - * A unique mesh state uses it's unique member to point to itself, else NULL. - * @param mstate: mesh state to check. - * @return true if the mesh state is unique, false otherwise. - */ -int mesh_state_is_unique(struct mesh_state* mstate); - -/** * Make a mesh state unique. * A unique mesh state uses it's unique member to point to itself. * @param mstate: mesh state to check. diff --git a/services/modstack.c b/services/modstack.c index da8e623c16da..a90d7178c410 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -120,12 +120,16 @@ modstack_config(struct module_stack* stack, const char* module_conf) stack->mod[i] = module_factory(&module_conf); if(!stack->mod[i]) { char md[256]; + char * s = md; snprintf(md, sizeof(md), "%s", module_conf); - if(strchr(md, ' ')) *(strchr(md, ' ')) = 0; - if(strchr(md, '\t')) *(strchr(md, '\t')) = 0; + /* Leading spaces are present on errors. */ + while (*s && isspace((unsigned char)*s)) + s++; + if(strchr(s, ' ')) *(strchr(s, ' ')) = 0; + if(strchr(s, '\t')) *(strchr(s, '\t')) = 0; log_err("Unknown value in module-config, module: '%s'." " This module is not present (not compiled in)," - " See the list of linked modules with unbound -V", md); + " See the list of linked modules with unbound -V", s); return 0; } } diff --git a/services/outside_network.c b/services/outside_network.c index a4529ade52e0..2a219cbc6e92 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -551,8 +551,27 @@ reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr, log_assert(&key_p != ((struct reuse_tcp*)result)->pending); } /* not found, return null */ + + /* It is possible that we search for something before the first element + * in the tree. Replace a null pointer with the first element. + */ + if (!result) { + verbose(VERB_CLIENT, "reuse_tcp_find: taking first"); + result = rbtree_first(&outnet->tcp_reuse); + } + if(!result || result == RBTREE_NULL) return NULL; + + /* It is possible that we got the previous address, but that the + * address we are looking for is in the tree. If the address we got + * is less than the address we are looking, then take the next entry. + */ + if (reuse_cmp_addrportssl(result->key, &key_p.reuse) < 0) { + verbose(VERB_CLIENT, "reuse_tcp_find: key too low"); + result = rbtree_next(result); + } + verbose(VERB_CLIENT, "reuse_tcp_find check inexact match"); /* inexact match, find one of possibly several connections to the * same destination address, with the correct port, ssl, and @@ -620,6 +639,15 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) log_assert(w->addrlen > 0); pend->c->tcp_do_toggle_rw = 0; pend->c->tcp_do_close = 0; + + /* Consistency check, if we have ssl_upstream but no sslctx, then + * log an error and return failure. + */ + if (w->ssl_upstream && !w->outnet->sslctx) { + log_err("SSL upstream requested but no SSL context"); + return 0; + } + /* open socket */ s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp); diff --git a/services/rpz.c b/services/rpz.c index e876f3f94834..6ce83cb66a35 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1188,6 +1188,22 @@ rpz_find_zone(struct local_zones* zones, uint8_t* qname, size_t qname_len, uint1 return z; } +/** Find entry for RR type in the list of rrsets for the clientip. */ +static struct local_rrset* +rpz_find_synthesized_rrset(uint16_t qtype, + struct clientip_synthesized_rr* data) +{ + struct local_rrset* cursor = data->data; + while( cursor != NULL) { + struct packed_rrset_key* packed_rrset = &cursor->rrset->rk; + if(htons(qtype) == packed_rrset->type) { + return cursor; + } + cursor = cursor->next; + } + return NULL; +} + /** * Remove RR from RPZ's local-data * @param z: local-zone for RPZ, holding write lock @@ -1270,15 +1286,15 @@ rpz_rrset_delete_rr(struct resp_addr* raddr, uint16_t rr_type, uint8_t* rdata, } -/** Remove RR from RPZ's local-zone */ +/** Remove RR from rpz localzones structure */ static void -rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, - enum rpz_action a, uint16_t rr_type, uint16_t rr_class, - uint8_t* rdatawl, size_t rdatalen) +rpz_remove_local_zones_trigger(struct local_zones* zones, uint8_t* dname, + size_t dnamelen, enum rpz_action a, uint16_t rr_type, + uint16_t rr_class, uint8_t* rdatawl, size_t rdatalen) { struct local_zone* z; int delete_zone = 1; - z = rpz_find_zone(r->local_zones, dname, dnamelen, rr_class, + z = rpz_find_zone(zones, dname, dnamelen, rr_class, 1 /* only exact */, 1 /* wr lock */, 1 /* keep lock*/); if(!z) { verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, " @@ -1290,15 +1306,24 @@ rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, dnamelen, rr_type, rdatawl, rdatalen); else if(a != localzone_type_to_rpz_action(z->type)) { lock_rw_unlock(&z->lock); - lock_rw_unlock(&r->local_zones->lock); + lock_rw_unlock(&zones->lock); return; } lock_rw_unlock(&z->lock); if(delete_zone) { - local_zones_del_zone(r->local_zones, z); + local_zones_del_zone(zones, z); } - lock_rw_unlock(&r->local_zones->lock); - return; + lock_rw_unlock(&zones->lock); +} + +/** Remove RR from RPZ's local-zone */ +static void +rpz_remove_qname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint16_t rr_class, + uint8_t* rdatawl, size_t rdatalen) +{ + rpz_remove_local_zones_trigger(r->local_zones, dname, dnamelen, + a, rr_type, rr_class, rdatawl, rdatalen); } static void @@ -1335,15 +1360,159 @@ rpz_remove_response_ip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, lock_rw_unlock(&r->respip_set->lock); } +/** find and remove type from list of local_rrset entries*/ +static void +del_local_rrset_from_list(struct local_rrset** list_head, uint16_t dtype) +{ + struct local_rrset* prev=NULL, *p=*list_head; + while(p && ntohs(p->rrset->rk.type) != dtype) { + prev = p; + p = p->next; + } + if(!p) + return; /* rrset type not found */ + /* unlink it */ + if(prev) prev->next = p->next; + else *list_head = p->next; + /* no memory recycling for zone deletions ... */ +} + +/** Delete client-ip trigger RR from its RRset and perhaps also the rrset + * from the linked list. Returns if the local data is empty and the node can + * be deleted too, or not. */ +static int rpz_remove_clientip_rr(struct clientip_synthesized_rr* node, + uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct local_rrset* rrset; + struct packed_rrset_data* d; + size_t index; + rrset = rpz_find_synthesized_rrset(rr_type, node); + if(rrset == NULL) + return 0; /* type not found, ignore */ + d = (struct packed_rrset_data*)rrset->rrset->entry.data; + if(!packed_rrset_find_rr(d, rdatawl, rdatalen, &index)) + return 0; /* RR not found, ignore */ + if(d->count == 1) { + /* regional alloc'd */ + /* delete the type entry from the list */ + del_local_rrset_from_list(&node->data, rr_type); + /* if the list is empty, the node can be removed too */ + if(node->data == NULL) + return 1; + } else if (d->count > 1) { + if(!local_rrset_remove_rr(d, index)) + return 0; + } + return 0; +} + +/** remove trigger RR from clientip_syntheized set tree. */ +static void +rpz_clientip_remove_trigger_rr(struct clientip_synthesized_rrset* set, + struct sockaddr_storage* addr, socklen_t addrlen, int net, + enum rpz_action a, uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct clientip_synthesized_rr* node; + int delete_node = 1; + + lock_rw_wrlock(&set->lock); + node = (struct clientip_synthesized_rr*)addr_tree_find(&set->entries, + addr, addrlen, net); + if(node == NULL) { + /* netblock not found */ + verbose(VERB_ALGO, "rpz: cannot remove RR from IXFR, " + "RPZ address, netblock not found"); + lock_rw_unlock(&set->lock); + return; + } + lock_rw_wrlock(&node->lock); + if(a == RPZ_LOCAL_DATA_ACTION) { + /* remove RR, signal whether entry can be removed */ + delete_node = rpz_remove_clientip_rr(node, rr_type, rdatawl, + rdatalen); + } else if(a != node->action) { + /* ignore the RR with different action specification */ + delete_node = 0; + } + if(delete_node) { + rbtree_delete(&set->entries, node->node.node.key); + } + lock_rw_unlock(&set->lock); + lock_rw_unlock(&node->lock); + if(delete_node) { + lock_rw_destroy(&node->lock); + } +} + +/** Remove clientip trigger RR from RPZ. */ +static void +rpz_remove_clientip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + int net, af; + if(a == RPZ_INVALID_ACTION) + return; + if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af)) + return; + rpz_clientip_remove_trigger_rr(r->client_set, &addr, addrlen, net, + a, rr_type, rdatawl, rdatalen); +} + +/** Remove nsip trigger RR from RPZ. */ +static void +rpz_remove_nsip_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + int net, af; + if(a == RPZ_INVALID_ACTION) + return; + if(!netblockdnametoaddr(dname, dnamelen, &addr, &addrlen, &net, &af)) + return; + rpz_clientip_remove_trigger_rr(r->ns_set, &addr, addrlen, net, + a, rr_type, rdatawl, rdatalen); +} + +/** Remove nsdname trigger RR from RPZ. */ +static void +rpz_remove_nsdname_trigger(struct rpz* r, uint8_t* dname, size_t dnamelen, + enum rpz_action a, uint16_t rr_type, uint16_t rr_class, + uint8_t* rdatawl, size_t rdatalen) +{ + uint8_t* dname_stripped = NULL; + size_t dnamelen_stripped = 0; + if(a == RPZ_INVALID_ACTION) + return; + if(!rpz_strip_nsdname_suffix(dname, dnamelen, &dname_stripped, + &dnamelen_stripped)) + return; + rpz_remove_local_zones_trigger(r->nsdname_zones, dname_stripped, + dnamelen_stripped, a, rr_type, rr_class, rdatawl, rdatalen); + free(dname_stripped); +} + void -rpz_remove_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, size_t dnamelen, - uint16_t rr_type, uint16_t rr_class, uint8_t* rdatawl, size_t rdatalen) +rpz_remove_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname, + size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint8_t* rdatawl, + size_t rdatalen) { size_t policydnamelen; enum rpz_trigger t; enum rpz_action a; uint8_t* policydname; + if(rpz_type_ignored(rr_type)) { + /* this rpz action is not valid, eg. this is the SOA or NS RR */ + return; + } + if(!dname_subdomain_c(dname, azname)) { + /* not subdomain of the RPZ zone. */ + return; + } + if(!(policydname = calloc(1, LDNS_MAX_DOMAINLEN + 1))) return; @@ -1358,13 +1527,28 @@ rpz_remove_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, size_t dnamelen, return; } t = rpz_dname_to_trigger(policydname, policydnamelen); + if(t == RPZ_INVALID_TRIGGER) { + /* skipping invalid trigger */ + free(policydname); + return; + } if(t == RPZ_QNAME_TRIGGER) { rpz_remove_qname_trigger(r, policydname, policydnamelen, a, rr_type, rr_class, rdatawl, rdatalen); } else if(t == RPZ_RESPONSE_IP_TRIGGER) { rpz_remove_response_ip_trigger(r, policydname, policydnamelen, a, rr_type, rdatawl, rdatalen); + } else if(t == RPZ_CLIENT_IP_TRIGGER) { + rpz_remove_clientip_trigger(r, policydname, policydnamelen, a, + rr_type, rdatawl, rdatalen); + } else if(t == RPZ_NSIP_TRIGGER) { + rpz_remove_nsip_trigger(r, policydname, policydnamelen, a, + rr_type, rdatawl, rdatalen); + } else if(t == RPZ_NSDNAME_TRIGGER) { + rpz_remove_nsdname_trigger(r, policydname, policydnamelen, a, + rr_type, rr_class, rdatawl, rdatalen); } + /* else it was an unsupported trigger, also skipped. */ free(policydname); } @@ -1563,21 +1747,6 @@ rpz_local_encode(struct module_env* env, struct query_info* qinfo, return 1; } -static struct local_rrset* -rpz_find_synthesized_rrset(uint16_t qtype, - struct clientip_synthesized_rr* data) -{ - struct local_rrset* cursor = data->data; - while( cursor != NULL) { - struct packed_rrset_key* packed_rrset = &cursor->rrset->rk; - if(htons(qtype) == packed_rrset->type) { - return cursor; - } - cursor = cursor->next; - } - return NULL; -} - /** allocate SOA record ubrrsetkey in region */ static struct ub_packed_rrset_key* make_soa_ubrrset(struct auth_zone* auth_zone, struct auth_rrset* soa, @@ -1713,7 +1882,8 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms, 0, /* ns */ 0, /* ar */ 0, /* total */ - sec_status_insecure); + sec_status_insecure, + LDNS_EDE_NONE); if(msg->rep) msg->rep->authoritative = 1; if(!rpz_add_soa(msg->rep, ms, az)) @@ -1742,7 +1912,8 @@ rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms, 0, /* ns */ 0, /* ar */ 0, /* total */ - sec_status_insecure); + sec_status_insecure, + LDNS_EDE_NONE); if(msg->rep) msg->rep->authoritative = 1; if(!rpz_add_soa(msg->rep, ms, az)) @@ -1772,7 +1943,8 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs 0, /* ns */ 0, /* ar */ 1, /* total */ - sec_status_insecure); + sec_status_insecure, + LDNS_EDE_NONE); if(new_reply_info == NULL) { log_err("out of memory"); return NULL; diff --git a/services/rpz.h b/services/rpz.h index 53781197aeec..e6d8bf566e16 100644 --- a/services/rpz.h +++ b/services/rpz.h @@ -84,10 +84,11 @@ enum rpz_action { RPZ_CNAME_OVERRIDE_ACTION, /* RPZ CNAME action override*/ }; -struct clientip_synthesized_rrset{ +struct clientip_synthesized_rrset { struct regional* region; struct rbtree_type entries; - lock_rw_type lock; /* lock on the respip tree */ + /** lock on the entries tree */ + lock_rw_type lock; }; struct clientip_synthesized_rr { @@ -95,10 +96,6 @@ struct clientip_synthesized_rr { struct addr_tree_node node; /** lock on the node item */ lock_rw_type lock; - /** tag bitlist */ - uint8_t* taglist; - /** length of the taglist (in bytes) */ - size_t taglen; /** action for this address span */ enum rpz_action action; /** "local data" for this node */ @@ -152,6 +149,7 @@ int rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dna /** * Delete policy matching RR, used for IXFR. * @param r: the rpz to add the policy to. + * @param azname: dname of the auth-zone * @param aznamelen: the length of the auth-zone name * @param dname: dname of the RR * @param dnamelen: length of the dname @@ -160,9 +158,9 @@ int rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dna * @param rdatawl: rdata of the RR, prepended with the rdata size * @param rdatalen: length if the RR, including the prepended rdata size */ -void rpz_remove_rr(struct rpz* r, size_t aznamelen, uint8_t* dname, - size_t dnamelen, uint16_t rr_type, uint16_t rr_class, uint8_t* rdatawl, - size_t rdatalen); +void rpz_remove_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, + uint8_t* dname, size_t dnamelen, uint16_t rr_type, uint16_t rr_class, + uint8_t* rdatawl, size_t rdatalen); /** * Walk over the RPZ zones to find and apply a QNAME trigger policy. diff --git a/sldns/rrdef.c b/sldns/rrdef.c index 322eff096c03..e81ebb1fc434 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -702,7 +702,11 @@ sldns_get_rr_type_by_name(const char *name) /* TYPEXX representation */ if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) { - return atoi(name + 4); + unsigned int a = atoi(name + 4); + if (a > LDNS_RR_TYPE_LAST) { + return (enum sldns_enum_rr_type)0; + } + return a; } /* Normal types */ @@ -740,7 +744,11 @@ sldns_get_rr_class_by_name(const char *name) /* CLASSXX representation */ if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) { - return atoi(name + 5); + unsigned int a = atoi(name + 5); + if (a > LDNS_RR_CLASS_LAST) { + return (enum sldns_enum_rr_class)0; + } + return a; } /* Normal types */ diff --git a/sldns/rrdef.h b/sldns/rrdef.h index 98fb257dc8cd..f277fd67ab5a 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -433,10 +433,12 @@ enum sldns_enum_edns_option LDNS_EDNS_DHU = 6, /* RFC6975 */ LDNS_EDNS_N3U = 7, /* RFC6975 */ LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */ + LDNS_EDNS_COOKIE = 10, /* RFC7873 */ LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ LDNS_EDNS_PADDING = 12, /* RFC7830 */ LDNS_EDNS_EDE = 15, /* RFC8914 */ - LDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */ + LDNS_EDNS_CLIENT_TAG = 16, /* draft-bellis-dnsop-edns-tags-01 */ + LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST = 65534 }; typedef enum sldns_enum_edns_option sldns_edns_option; @@ -482,6 +484,9 @@ typedef enum sldns_enum_ede_code sldns_ede_code; #define LDNS_TSIG_ERROR_BADNAME 20 #define LDNS_TSIG_ERROR_BADALG 21 +/** DNS Cookie extended rcode */ +#define LDNS_EXT_RCODE_BADCOOKIE 23 + /** * Contains all information about resource record types. * diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 303d49ba6689..45e247613745 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -357,7 +357,7 @@ rrinternal_get_delims(sldns_rdf_type rdftype, size_t r_cnt, size_t r_max) break; default : break; } - return "\n\t "; + return "\n\t "; } /* Syntactic sugar for sldns_rr_new_frm_str_internal */ @@ -448,7 +448,7 @@ rrinternal_parse_unknown(sldns_buffer* strbuf, char* token, size_t token_len, sldns_buffer_position(strbuf)); } hex_data_size = (size_t)atoi(token); - if(hex_data_size > LDNS_MAX_RDFLEN || + if(hex_data_size > LDNS_MAX_RDFLEN || *rr_cur_len + hex_data_size > *rr_len) { return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, sldns_buffer_position(strbuf)); @@ -567,7 +567,7 @@ sldns_parse_rdf_token(sldns_buffer* strbuf, char* token, size_t token_len, /* check if not quoted yet, and we have encountered quotes */ if(!*quoted && sldns_rdf_type_maybe_quoted(rdftype) && slen >= 2 && - (token[0] == '"' || token[0] == '\'') && + (token[0] == '"' || token[0] == '\'') && (token[slen-1] == '"' || token[slen-1] == '\'')) { /* move token two smaller (quotes) with endnull */ memmove(token, token+1, slen-2); @@ -698,7 +698,7 @@ static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len) mandatory = svcparams[i]; } - /* 4. verify that all the SvcParamKeys in mandatory are present */ + /* Verify that all the SvcParamKeys in mandatory are present */ if(mandatory) { /* Divide by sizeof(uint16_t)*/ uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t); @@ -785,7 +785,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, token[2]=='\t')) { was_unknown_rr_format = 1; if((status=rrinternal_parse_unknown(strbuf, token, - token_len, rr, rr_len, &rr_cur_len, + token_len, rr, rr_len, &rr_cur_len, pre_data_pos)) != 0) return status; } else if(token_strlen > 0 || quoted) { @@ -844,7 +844,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len, if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) { size_t rdata_len = rr_cur_len - dname_len - 10; uint8_t *rdata = rr+dname_len + 10; - + /* skip 1st rdata field SvcPriority (uint16_t) */ if (rdata_len < sizeof(uint16_t)) return LDNS_WIREPARSE_ERR_OK; @@ -1123,36 +1123,40 @@ sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len) return key_value; } else switch (key_len) { - case sizeof("mandatory")-1: - if (!strncmp(key, "mandatory", sizeof("mandatory")-1)) - return SVCB_KEY_MANDATORY; - if (!strncmp(key, "echconfig", sizeof("echconfig")-1)) - return SVCB_KEY_ECH; /* allow "echconfig" as well as "ech" */ + case 3: + if (!strncmp(key, "ech", key_len)) + return SVCB_KEY_ECH; break; - case sizeof("alpn")-1: - if (!strncmp(key, "alpn", sizeof("alpn")-1)) + case 4: + if (!strncmp(key, "alpn", key_len)) return SVCB_KEY_ALPN; - if (!strncmp(key, "port", sizeof("port")-1)) + if (!strncmp(key, "port", key_len)) return SVCB_KEY_PORT; break; - case sizeof("no-default-alpn")-1: - if (!strncmp( key , "no-default-alpn" - , sizeof("no-default-alpn")-1)) - return SVCB_KEY_NO_DEFAULT_ALPN; + case 7: + if (!strncmp(key, "dohpath", key_len)) + return SVCB_KEY_DOHPATH; break; - case sizeof("ipv4hint")-1: - if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1)) + case 8: + if (!strncmp(key, "ipv4hint", key_len)) return SVCB_KEY_IPV4HINT; - if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1)) + if (!strncmp(key, "ipv6hint", key_len)) return SVCB_KEY_IPV6HINT; break; - case sizeof("ech")-1: - if (!strncmp(key, "ech", sizeof("ech")-1)) - return SVCB_KEY_ECH; + case 9: + if (!strncmp(key, "mandatory", key_len)) + return SVCB_KEY_MANDATORY; + if (!strncmp(key, "echconfig", key_len)) + return SVCB_KEY_ECH; /* allow "echconfig" as well as "ech" */ + break; + + case 15: + if (!strncmp(key, "no-default-alpn", key_len)) + return SVCB_KEY_NO_DEFAULT_ALPN; break; default: @@ -1477,7 +1481,7 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, size_t str_len; size_t dst_len; size_t val_len; - + val_len = strlen(val); if (val_len > sizeof(unescaped_dst)) { @@ -1511,7 +1515,34 @@ sldns_str2wire_svcbparam_alpn_value(const char* val, sldns_write_uint16(rd + 2, dst_len); memcpy(rd + 4, unescaped_dst, dst_len); *rd_len = 4 + dst_len; - + + return LDNS_WIREPARSE_ERR_OK; +} + +static int +sldns_str2wire_svcbparam_dohpath_value(const char* val, + uint8_t* rd, size_t* rd_len) +{ + size_t val_len; + + /* RFC6570#section-2.1 + * "The characters outside of expressions in a URI Template string are + * intended to be copied literally" + * Practically this means we do not have to look for "double escapes" + * like in the alpn value list. + */ + + val_len = strlen(val); + + if (*rd_len < 4 + val_len) { + return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; + } + + sldns_write_uint16(rd, SVCB_KEY_DOHPATH); + sldns_write_uint16(rd + 2, val_len); + memcpy(rd + 4, val, val_len); + *rd_len = 4 + val_len; + return LDNS_WIREPARSE_ERR_OK; } @@ -1535,6 +1566,7 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, case SVCB_KEY_PORT: case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: + case SVCB_KEY_DOHPATH: return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM; #endif default: @@ -1566,6 +1598,8 @@ sldns_str2wire_svcparam_value(const char *key, size_t key_len, return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len); case SVCB_KEY_ALPN: return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len); + case SVCB_KEY_DOHPATH: + return sldns_str2wire_svcbparam_dohpath_value(val, rd, rd_len); default: str_len = strlen(val); if (*rd_len < 4 + str_len) @@ -1593,7 +1627,7 @@ static int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_ /* case: key=value */ if (eq_pos != NULL && eq_pos[1]) { val_in = eq_pos + 1; - + /* unescape characters and "" blocks */ if (*val_in == '"') { val_in++; @@ -1610,11 +1644,11 @@ static int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_ } *val_out = 0; - return sldns_str2wire_svcparam_value(str, eq_pos - str, - unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); + return sldns_str2wire_svcparam_value(str, eq_pos - str, + unescaped_val[0] ? unescaped_val : NULL, rd, rd_len); } /* case: key= */ - else if (eq_pos != NULL && !(eq_pos[1])) { + else if (eq_pos != NULL && !(eq_pos[1])) { return sldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len); } /* case: key */ diff --git a/sldns/str2wire.h b/sldns/str2wire.h index baee4236fe55..5e4d146d3092 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -38,7 +38,8 @@ struct sldns_struct_lookup_table; #define SVCB_KEY_IPV4HINT 4 #define SVCB_KEY_ECH 5 #define SVCB_KEY_IPV6HINT 6 -#define SVCPARAMKEY_COUNT 7 +#define SVCB_KEY_DOHPATH 7 +#define SVCPARAMKEY_COUNT 8 #define MAX_NUMBER_OF_SVCPARAMS 64 @@ -236,6 +237,7 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len); #define LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385 #define LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386 + /** * Get reference to a constant string for the (parse) error. * @param e: error return value diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 74d1b62dfe8d..e6278ff560da 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -159,7 +159,7 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = { "Mandatory SvcParamKey is missing"}, { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY, "Keys in SvcParam mandatory MUST be unique" }, - { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, + { LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, "mandatory MUST not be included as mandatory parameter" }, { LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX, "Could not parse port SvcParamValue" }, @@ -224,7 +224,7 @@ sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data; /* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */ const char *svcparamkey_strs[] = { "mandatory", "alpn", "no-default-alpn", "port", - "ipv4hint", "ech", "ipv6hint" + "ipv4hint", "ech", "ipv6hint", "dohpath" }; char* sldns_wire2str_pkt(uint8_t* data, size_t len) @@ -487,7 +487,7 @@ int sldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, uint8_t* rr = *d; size_t rrlen = *dlen, dname_off, rdlen, ordlen; uint16_t rrtype = 0; - + if(*dlen >= 3 && (*d)[0]==0 && sldns_read_uint16((*d)+1)==LDNS_RR_TYPE_OPT) { /* perform EDNS OPT processing */ @@ -1119,7 +1119,7 @@ static int sldns_wire2str_svcparam_alpn2str(char** s, w += sldns_str_print(s, slen, "%s", ","); } w += sldns_str_print(s, slen, "\""); - + return w; } @@ -1139,7 +1139,7 @@ static int sldns_wire2str_svcparam_ech2str(char** s, (*s) += size; (*slen) -= size; - w += sldns_str_print(s, slen, "\""); + w += sldns_str_print(s, slen, "\""); return w + size; } @@ -1162,7 +1162,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl /* verify that we have data_len data */ if (data_len > *dlen) - return -1; + return -1; written_chars += sldns_print_svcparamkey(s, slen, svcparamkey); if (!data_len) { @@ -1174,6 +1174,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: case SVCB_KEY_MANDATORY: + case SVCB_KEY_DOHPATH: return -1; default: return written_chars; @@ -1201,6 +1202,8 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl case SVCB_KEY_ECH: r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d); break; + case SVCB_KEY_DOHPATH: + /* fallthrough */ default: r = sldns_str_print(s, slen, "=\""); @@ -1222,7 +1225,7 @@ int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* sl } if (r <= 0) return -1; /* wireformat error */ - + written_chars += r; *d += data_len; *dlen -= data_len; @@ -1551,7 +1554,7 @@ int sldns_wire2str_nsec_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) unsigned i, bit, window, block_len; uint16_t t; int w = 0; - + /* check for errors */ while(pl) { if(pl < 2) return -1; diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index 3bc25a10caaf..20a100cec80b 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -1589,8 +1589,7 @@ xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now) /** * Perform XML parsing of the root-anchors file - * Its format description can be read here - * https://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.txt + * Its format description can be found in RFC 7958. * It uses libexpat. * @param xml: BIO with xml data. * @param now: the current time for checking DS validity periods. diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index f850469bab1b..ff80437112e4 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -714,7 +714,7 @@ morechecks(struct config_file* cfg) cfg->chrootdir, cfg); } #endif - /* remove chroot setting so that modules are not stripping pathnames*/ + /* remove chroot setting so that modules are not stripping pathnames */ free(cfg->chrootdir); cfg->chrootdir = NULL; diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 821c490c3e8f..c4f730061966 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -4,22 +4,22 @@ * Copyright (c) 2008, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -59,6 +59,7 @@ #include "util/locks.h" #include "util/net_help.h" #include "util/shm_side/shm_main.h" +#include "util/timeval_func.h" #include "daemon/stats.h" #include "sldns/wire2str.h" #include "sldns/pkthdr.h" @@ -186,31 +187,6 @@ usage(void) #ifdef HAVE_SHMGET /** what to put on statistics lines between var and value, ": " or "=" */ #define SQ "=" -/** divide sum of timers to get average */ -static void -timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) -{ -#ifndef S_SPLINT_S - size_t leftover; - if(d <= 0) { - avg->tv_sec = 0; - avg->tv_usec = 0; - return; - } - avg->tv_sec = sum->tv_sec / d; - avg->tv_usec = sum->tv_usec / d; - /* handle fraction from seconds divide */ - leftover = sum->tv_sec - avg->tv_sec*d; - if(leftover <= 0) - leftover = 0; - avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; - if(avg->tv_sec < 0) - avg->tv_sec = 0; - if(avg->tv_usec < 0) - avg->tv_usec = 0; -#endif -} - /** print unsigned long stats value */ #define PR_UL_NM(str, var) printf("%s."str SQ"%lu\n", nm, (unsigned long)(var)); #define PR_UL(str, var) printf(str SQ"%lu\n", (unsigned long)(var)); @@ -226,12 +202,20 @@ static void pr_stats(const char* nm, struct ub_stats_info* s) { struct timeval sumwait, avg; PR_UL_NM("num.queries", s->svr.num_queries); - PR_UL_NM("num.queries_ip_ratelimited", + PR_UL_NM("num.queries_ip_ratelimited", s->svr.num_queries_ip_ratelimited); + PR_UL_NM("num.queries_cookie_valid", + s->svr.num_queries_cookie_valid); + PR_UL_NM("num.queries_cookie_client", + s->svr.num_queries_cookie_client); + PR_UL_NM("num.queries_cookie_invalid", + s->svr.num_queries_cookie_invalid); PR_UL_NM("num.cachehits", s->svr.num_queries - s->svr.num_queries_missed_cache); PR_UL_NM("num.cachemiss", s->svr.num_queries_missed_cache); PR_UL_NM("num.prefetch", s->svr.num_queries_prefetch); + PR_UL_NM("num.queries_timed_out", s->svr.num_queries_timed_out); + PR_UL_NM("query.queue_time_us.max", s->svr.max_query_time_us); PR_UL_NM("num.expired", s->svr.ans_expired); PR_UL_NM("num.recursivereplies", s->mesh_replies_sent); #ifdef USE_DNSCRYPT @@ -403,6 +387,9 @@ static void print_extended(struct ub_stats_info* s, int inhibit_zero) PR_UL("rrset.cache.count", s->svr.rrset_cache_count); PR_UL("infra.cache.count", s->svr.infra_cache_count); PR_UL("key.cache.count", s->svr.key_cache_count); + /* max collisions */ + PR_UL("msg.cache.max_collisions", s->svr.msg_cache_max_collisions); + PR_UL("rrset.cache.max_collisions", s->svr.rrset_cache_max_collisions); /* applied RPZ actions */ for(i=0; i<UB_STATS_RPZ_ACTION_NUM; i++) { if(i == RPZ_NO_OVERRIDE_ACTION) @@ -426,6 +413,9 @@ static void print_extended(struct ub_stats_info* s, int inhibit_zero) PR_UL("num.query.subnet", s->svr.num_query_subnet); PR_UL("num.query.subnet_cache", s->svr.num_query_subnet_cache); #endif +#ifdef USE_CACHEDB + PR_UL("num.query.cachedb", s->svr.num_query_cachedb); +#endif } /** print statistics out of memory structures */ @@ -989,7 +979,7 @@ int main(int argc, char* argv[]) fatal_exit("could not exec unbound: %s", strerror(ENOSYS)); #else - if(execlp("unbound", "unbound", "-c", cfgfile, + if(execlp("unbound", "unbound", "-c", cfgfile, (char*)NULL) < 0) { fatal_exit("could not exec unbound: %s", strerror(errno)); diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c index d612575f3af2..8bffe46ced55 100644 --- a/smallapp/unbound-host.c +++ b/smallapp/unbound-host.c @@ -482,6 +482,7 @@ int main(int argc, char* argv[]) case '?': case 'h': default: + ub_ctx_delete(ctx); usage(); } } @@ -495,8 +496,10 @@ int main(int argc, char* argv[]) } argc -= optind; argv += optind; - if(argc != 1) + if(argc != 1) { + ub_ctx_delete(ctx); usage(); + } #ifdef HAVE_SSL #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS diff --git a/testcode/dohclient.c b/testcode/dohclient.c index 64af699bc718..de9f39d7d941 100644 --- a/testcode/dohclient.c +++ b/testcode/dohclient.c @@ -226,9 +226,16 @@ make_query(char* qname, char* qtype, char* qclass) printf("cannot parse query name: '%s'\n", qname); exit(1); } - qinfo.qtype = sldns_get_rr_type_by_name(qtype); + if(qinfo.qtype == 0 && strcmp(qtype, "TYPE0") != 0) { + printf("cannot parse query type: '%s'\n", qtype); + exit(1); + } qinfo.qclass = sldns_get_rr_class_by_name(qclass); + if(qinfo.qclass == 0 && strcmp(qclass, "CLASS0") != 0) { + printf("cannot parse query class: '%s'\n", qclass); + exit(1); + } qinfo.local_alias = NULL; qinfo_query_encode(buf, &qinfo); /* flips buffer */ diff --git a/testcode/fake_event.c b/testcode/fake_event.c index efb22a6fb634..2140b212adc3 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -2,24 +2,24 @@ * testcode/fake_event.c - fake event handling that replays existing scenario. * * Copyright (c) 2007, NLnet Labs. All rights reserved. - * + * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -65,6 +65,7 @@ #include "sldns/wire2str.h" #include "sldns/str2wire.h" #include "daemon/remote.h" +#include "util/timeval_func.h" #include <signal.h> struct worker; struct daemon_remote; @@ -95,21 +96,7 @@ struct fake_commpoint { /** Global variable: the scenario. Saved here for when event_init is done. */ static struct replay_scenario* saved_scenario = NULL; -/** add timers and the values do not overflow or become negative */ -static void -timeval_add(struct timeval* d, const struct timeval* add) -{ -#ifndef S_SPLINT_S - d->tv_sec += add->tv_sec; - d->tv_usec += add->tv_usec; - if(d->tv_usec >= 1000000) { - d->tv_usec -= 1000000; - d->tv_sec++; - } -#endif -} - -void +void fake_temp_file(const char* adj, const char* id, char* buf, size_t len) { #ifdef USE_WINSOCK @@ -121,13 +108,13 @@ fake_temp_file(const char* adj, const char* id, char* buf, size_t len) #endif } -void +void fake_event_init(struct replay_scenario* scen) { saved_scenario = scen; } -void +void fake_event_cleanup(void) { replay_scenario_delete(saved_scenario); @@ -172,7 +159,7 @@ repevt_string(enum replay_event_type t) } /** delete a fake pending */ -static void +static void delete_fake_pending(struct fake_pending* pend) { if(!pend) @@ -200,8 +187,8 @@ delete_replay_answer(struct replay_answer* a) /** * return: true if pending query matches the now event. */ -static int -pending_matches_current(struct replay_runtime* runtime, +static int +pending_matches_current(struct replay_runtime* runtime, struct entry** entry, struct fake_pending **pend) { struct fake_pending* p; @@ -233,7 +220,7 @@ pending_matches_current(struct replay_runtime* runtime, * @return: true if a match is found. */ static int -pending_find_match(struct replay_runtime* runtime, struct entry** entry, +pending_find_match(struct replay_runtime* runtime, struct entry** entry, struct fake_pending* pend) { int timenow = runtime->now->time_step; @@ -245,7 +232,7 @@ pending_find_match(struct replay_runtime* runtime, struct entry** entry, (*entry = find_match(p->match, pend->pkt, pend->pkt_len, pend->transport))) { log_info("matched query time %d in range [%d, %d] " - "with entry line %d", timenow, + "with entry line %d", timenow, p->start_step, p->end_step, (*entry)->lineno); if(p->addrlen != 0) log_addr(0, "matched ip", &p->addr, p->addrlen); @@ -266,8 +253,8 @@ pending_find_match(struct replay_runtime* runtime, struct entry** entry, * @param pend: if true, the outgoing message that matches is returned. * @return: true if pending query matches the now event. */ -static int -pending_matches_range(struct replay_runtime* runtime, +static int +pending_matches_range(struct replay_runtime* runtime, struct entry** entry, struct fake_pending** pend) { struct fake_pending* p = runtime->pending_list; @@ -405,9 +392,9 @@ answer_callback_from_entry(struct replay_runtime* runtime, static void answer_check_it(struct replay_runtime* runtime) { - struct replay_answer* ans = runtime->answer_list, + struct replay_answer* ans = runtime->answer_list, *prev = NULL; - log_assert(runtime && runtime->now && + log_assert(runtime && runtime->now && runtime->now->evt_type == repevt_front_reply); while(ans) { enum transport_type tr = transport_tcp; @@ -420,7 +407,7 @@ answer_check_it(struct replay_runtime* runtime) ans->pkt_len, tr)) { log_info("testbound matched event entry from line %d", runtime->now->match->lineno); - log_info("testbound: do STEP %d %s", + log_info("testbound: do STEP %d %s", runtime->now->time_step, repevt_string(runtime->now->evt_type)); if(prev) @@ -474,7 +461,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) log_pkt("query pkt", todo->match->reply_list->reply_pkt, todo->match->reply_list->reply_len); /* call the callback for incoming queries */ - if((*runtime->callback_query)(repinfo.c, runtime->cb_arg, + if((*runtime->callback_query)(repinfo.c, runtime->cb_arg, NETEVENT_NOERROR, &repinfo)) { /* send immediate reply */ comm_point_send_reply(&repinfo); @@ -487,7 +474,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) * Perform callback for fake pending message. */ static void -fake_pending_callback(struct replay_runtime* runtime, +fake_pending_callback(struct replay_runtime* runtime, struct replay_moment* todo, int error) { struct fake_pending* p = runtime->pending_list; @@ -566,7 +553,7 @@ time_passes(struct replay_runtime* runtime, struct replay_moment* mom) timeval_add(&runtime->now_tv, &tv); runtime->now_secs = (time_t)runtime->now_tv.tv_sec; #ifndef S_SPLINT_S - log_info("elapsed %d.%6.6d now %d.%6.6d", + log_info("elapsed %d.%6.6d now %d.%6.6d", (int)tv.tv_sec, (int)tv.tv_usec, (int)runtime->now_tv.tv_sec, (int)runtime->now_tv.tv_usec); #endif @@ -603,7 +590,7 @@ autotrust_check(struct replay_runtime* runtime, struct replay_moment* mom) } strip_end_white(line); expanded = macro_process(runtime->vars, runtime, p->str); - if(!expanded) + if(!expanded) fatal_exit("could not expand macro line %d", lineno); if(verbosity >= 7 && strcmp(p->str, expanded) != 0) log_info("expanded '%s' to '%s'", p->str, expanded); @@ -656,7 +643,7 @@ tempfile_check(struct replay_runtime* runtime, struct replay_moment* mom) } strip_end_white(line); expanded = macro_process(runtime->vars, runtime, p->str); - if(!expanded) + if(!expanded) fatal_exit("could not expand macro line %d", lineno); if(verbosity >= 7 && strcmp(p->str, expanded) != 0) log_info("expanded '%s' to '%s'", p->str, expanded); @@ -746,7 +733,7 @@ do_moment_and_advance(struct replay_runtime* runtime) advance_moment(runtime); return; } - log_info("testbound: do STEP %d %s", runtime->now->time_step, + log_info("testbound: do STEP %d %s", runtime->now->time_step, repevt_string(runtime->now->evt_type)); switch(runtime->now->evt_type) { case repevt_nothing: @@ -761,7 +748,7 @@ do_moment_and_advance(struct replay_runtime* runtime) fake_front_query(runtime, mom); break; case repevt_front_reply: - if(runtime->answer_list) + if(runtime->answer_list) log_err("testbound: There are unmatched answers."); fatal_exit("testbound: query answer not matched"); break; @@ -810,7 +797,7 @@ do_moment_and_advance(struct replay_runtime* runtime) advance_moment(runtime); break; default: - fatal_exit("testbound: unknown event type %d", + fatal_exit("testbound: unknown event type %d", runtime->now->evt_type); } } @@ -831,15 +818,15 @@ run_scenario(struct replay_runtime* runtime) /* else if precoded_range matches pending, do it */ /* else do the current moment */ if(pending_matches_current(runtime, &entry, &pending)) { - log_info("testbound: do STEP %d CHECK_OUT_QUERY", + log_info("testbound: do STEP %d CHECK_OUT_QUERY", runtime->now->time_step); advance_moment(runtime); if(entry->copy_id) - answer_callback_from_entry(runtime, entry, + answer_callback_from_entry(runtime, entry, pending); - } else if(runtime->answer_list && runtime->now && + } else if(runtime->answer_list && runtime->now && runtime->now->evt_type == repevt_front_reply) { - answer_check_it(runtime); + answer_check_it(runtime); advance_moment(runtime); } else if(pending_matches_range(runtime, &entry, &pending)) { answer_callback_from_entry(runtime, entry, pending); @@ -870,7 +857,7 @@ run_scenario(struct replay_runtime* runtime) /*********** Dummy routines ***********/ -struct listen_dnsport* +struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), size_t bufsize, int ATTR_UNUSED(tcp_accept_count), int ATTR_UNUSED(tcp_idle_timeout), @@ -898,7 +885,7 @@ listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), return l; } -void +void listen_delete(struct listen_dnsport* listen) { if(!listen) @@ -907,7 +894,7 @@ listen_delete(struct listen_dnsport* listen) free(listen); } -struct comm_base* +struct comm_base* comm_base_create(int ATTR_UNUSED(sigs)) { /* we return the runtime structure instead. */ @@ -921,7 +908,7 @@ comm_base_create(int ATTR_UNUSED(sigs)) return (struct comm_base*)runtime; } -void +void comm_base_delete(struct comm_base* b) { struct replay_runtime* runtime = (struct replay_runtime*)b; @@ -961,7 +948,7 @@ comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv) *tv = &runtime->now_tv; } -void +void comm_base_dispatch(struct comm_base* b) { struct replay_runtime* runtime = (struct replay_runtime*)b; @@ -971,7 +958,7 @@ comm_base_dispatch(struct comm_base* b) else exit(0); /* OK exit when LIBEVENT_SIGNAL_PROBLEM exists */ } -void +void comm_base_exit(struct comm_base* b) { struct replay_runtime* runtime = (struct replay_runtime*)b; @@ -981,7 +968,7 @@ comm_base_exit(struct comm_base* b) } } -struct comm_signal* +struct comm_signal* comm_signal_create(struct comm_base* base, void (*callback)(int, void*), void* cb_arg) { @@ -991,20 +978,20 @@ comm_signal_create(struct comm_base* base, return calloc(1, sizeof(struct comm_signal)); } -int -comm_signal_bind(struct comm_signal* ATTR_UNUSED(comsig), int +int +comm_signal_bind(struct comm_signal* ATTR_UNUSED(comsig), int ATTR_UNUSED(sig)) { return 1; } -void +void comm_signal_delete(struct comm_signal* comsig) { free(comsig); } -void +void comm_point_send_reply(struct comm_reply* repinfo) { struct replay_answer* ans = (struct replay_answer*)calloc(1, @@ -1028,7 +1015,7 @@ comm_point_send_reply(struct comm_reply* repinfo) log_pkt("reply pkt: ", ans->pkt, ans->pkt_len); } -void +void comm_point_drop_reply(struct comm_reply* repinfo) { log_info("comm_point_drop_reply fake"); @@ -1038,14 +1025,14 @@ comm_point_drop_reply(struct comm_reply* repinfo) } } -struct outside_network* -outside_network_create(struct comm_base* base, size_t bufsize, - size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), - int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), - int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), +struct outside_network* +outside_network_create(struct comm_base* base, size_t bufsize, + size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), + int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), + int ATTR_UNUSED(do_ip6), size_t ATTR_UNUSED(num_tcp), int ATTR_UNUSED(dscp), struct infra_cache* infra, - struct ub_randstate* ATTR_UNUSED(rnd), + struct ub_randstate* ATTR_UNUSED(rnd), int ATTR_UNUSED(use_caps_for_id), int* ATTR_UNUSED(availports), int ATTR_UNUSED(numavailports), size_t ATTR_UNUSED(unwanted_threshold), int ATTR_UNUSED(outgoing_tcp_mss), @@ -1057,7 +1044,7 @@ outside_network_create(struct comm_base* base, size_t bufsize, int ATTR_UNUSED(tcp_auth_query_timeout)) { struct replay_runtime* runtime = (struct replay_runtime*)base; - struct outside_network* outnet = calloc(1, + struct outside_network* outnet = calloc(1, sizeof(struct outside_network)); (void)unwanted_action; if(!outnet) @@ -1072,7 +1059,7 @@ outside_network_create(struct comm_base* base, size_t bufsize, return outnet; } -void +void outside_network_delete(struct outside_network* outnet) { if(!outnet) @@ -1081,12 +1068,12 @@ outside_network_delete(struct outside_network* outnet) free(outnet); } -void +void outside_network_quit_prepare(struct outside_network* ATTR_UNUSED(outnet)) { } -struct pending* +struct pending* pending_udp_query(struct serviced_query* sq, sldns_buffer* packet, int timeout, comm_point_callback_type* callback, void* callback_arg) { @@ -1128,7 +1115,7 @@ pending_udp_query(struct serviced_query* sq, sldns_buffer* packet, repevt_string(runtime->now->evt_type)); advance_moment(runtime); /* still create the pending, because we need it to callback */ - } + } log_info("testbound: created fake pending"); /* add to list */ pend->next = runtime->pending_list; @@ -1178,7 +1165,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, repevt_string(runtime->now->evt_type)); advance_moment(runtime); /* still create the pending, because we need it to callback */ - } + } log_info("testbound: created fake pending"); /* add to list */ pend->next = runtime->pending_list; @@ -1202,10 +1189,10 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, sizeof(struct fake_pending)); char z[256]; log_assert(pend); - log_nametypeclass(VERB_OPS, "pending serviced query", + log_nametypeclass(VERB_OPS, "pending serviced query", qinfo->qname, qinfo->qtype, qinfo->qclass); dname_str(zone, z); - verbose(VERB_OPS, "pending serviced query zone %s flags%s%s%s%s", + verbose(VERB_OPS, "pending serviced query zone %s flags%s%s%s%s", z, (flags&BIT_RD)?" RD":"", (flags&BIT_CD)?" CD":"", (flags&~(BIT_RD|BIT_CD))?" MORE":"", (dnssec)?" DO":""); @@ -1265,6 +1252,8 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, if(dnssec) edns.bits = EDNS_DO; edns.padding_block_size = 0; + edns.cookie_present = 0; + edns.cookie_valid = 0; edns.opt_list_in = NULL; edns.opt_list_out = per_upstream_opt_list; edns.opt_list_inplace_cb_out = NULL; @@ -1301,7 +1290,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, repevt_string(runtime->now->evt_type)); advance_moment(runtime); /* still create the pending, because we need it to callback */ - } + } log_info("testbound: created fake pending"); /* add to list */ pend->next = runtime->pending_list; @@ -1356,7 +1345,7 @@ void listening_ports_free(struct listen_port* list) struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base), int ATTR_UNUSED(fd), size_t ATTR_UNUSED(bufsize), - comm_point_callback_type* ATTR_UNUSED(callback), + comm_point_callback_type* ATTR_UNUSED(callback), void* ATTR_UNUSED(callback_arg)) { struct fake_commpoint* fc = (struct fake_commpoint*)calloc(1, @@ -1368,7 +1357,7 @@ struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base), struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), int ATTR_UNUSED(fd), int ATTR_UNUSED(writing), - comm_point_callback_type* ATTR_UNUSED(callback), + comm_point_callback_type* ATTR_UNUSED(callback), void* ATTR_UNUSED(callback_arg)) { /* no pipe comm possible */ @@ -1379,7 +1368,7 @@ struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), return (struct comm_point*)fc; } -void comm_point_start_listening(struct comm_point* ATTR_UNUSED(c), +void comm_point_start_listening(struct comm_point* ATTR_UNUSED(c), int ATTR_UNUSED(newfd), int ATTR_UNUSED(sec)) { /* no bg write pipe comm possible */ @@ -1424,7 +1413,7 @@ size_t serviced_get_mem(struct serviced_query* ATTR_UNUSED(c)) } /* fake for fptr wlist */ -int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), +int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply *ATTR_UNUSED(reply_info)) { @@ -1432,7 +1421,7 @@ int outnet_udp_cb(struct comm_point* ATTR_UNUSED(c), return 0; } -int outnet_tcp_cb(struct comm_point* ATTR_UNUSED(c), +int outnet_tcp_cb(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply *ATTR_UNUSED(reply_info)) { @@ -1460,67 +1449,67 @@ void outnet_tcptimer(void* ATTR_UNUSED(arg)) log_assert(0); } -void comm_point_udp_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), +void comm_point_udp_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_udp_ancil_callback(int ATTR_UNUSED(fd), +void comm_point_udp_ancil_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_tcp_accept_callback(int ATTR_UNUSED(fd), +void comm_point_tcp_accept_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_tcp_handle_callback(int ATTR_UNUSED(fd), +void comm_point_tcp_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_timer_callback(int ATTR_UNUSED(fd), +void comm_timer_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_signal_callback(int ATTR_UNUSED(fd), +void comm_signal_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_http_handle_callback(int ATTR_UNUSED(fd), +void comm_point_http_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_local_handle_callback(int ATTR_UNUSED(fd), +void comm_point_local_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), +void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), +void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { log_assert(0); } -int serviced_udp_callback(struct comm_point* ATTR_UNUSED(c), +int serviced_udp_callback(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) { @@ -1528,7 +1517,7 @@ int serviced_udp_callback(struct comm_point* ATTR_UNUSED(c), return 0; } -int serviced_tcp_callback(struct comm_point* ATTR_UNUSED(c), +int serviced_tcp_callback(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg), int ATTR_UNUSED(error), struct comm_reply* ATTR_UNUSED(reply_info)) { @@ -1561,7 +1550,7 @@ int reuse_id_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) } /* timers in testbound for autotrust. statistics tested in tdir. */ -struct comm_timer* comm_timer_create(struct comm_base* base, +struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) { struct replay_runtime* runtime = (struct replay_runtime*)base; @@ -1589,7 +1578,7 @@ void comm_timer_set(struct comm_timer* timer, struct timeval* tv) struct fake_timer* t = (struct fake_timer*)timer; t->enabled = 1; t->tv = *tv; - log_info("fake timer set %d.%6.6d", + log_info("fake timer set %d.%6.6d", (int)t->tv.tv_sec, (int)t->tv.tv_usec); timeval_add(&t->tv, &t->runtime->now_tv); } diff --git a/testcode/lock_verify.c b/testcode/lock_verify.c index b0cffe292ae1..0958ff0ba38e 100644 --- a/testcode/lock_verify.c +++ b/testcode/lock_verify.c @@ -177,6 +177,8 @@ static int readup_str(char** str, FILE* in) } buf[len] = 0; *str = strdup(buf); + if(!*str) + fatal_exit("strdup failed: out of memory"); return 1; } diff --git a/testcode/perf.c b/testcode/perf.c index 7fb524e22d94..2be86c4bf597 100644 --- a/testcode/perf.c +++ b/testcode/perf.c @@ -458,9 +458,17 @@ qlist_parse_line(sldns_buffer* buf, char* p) if(strcmp(tp, "IN") == 0 || strcmp(tp, "CH") == 0) { qinfo.qtype = sldns_get_rr_type_by_name(cl); qinfo.qclass = sldns_get_rr_class_by_name(tp); + if((qinfo.qtype == 0 && strcmp(cl, "TYPE0") != 0) || + (qinfo.qclass == 0 && strcmp(tp, "CLASS0") != 0)) { + return 0; + } } else { qinfo.qtype = sldns_get_rr_type_by_name(tp); qinfo.qclass = sldns_get_rr_class_by_name(cl); + if((qinfo.qtype == 0 && strcmp(tp, "TYPE0") != 0) || + (qinfo.qclass == 0 && strcmp(cl, "CLASS0") != 0)) { + return 0; + } } if(fl[0] == '+') rec = 1; else if(fl[0] == '-') rec = 0; diff --git a/testcode/replay.c b/testcode/replay.c index 43101d6acec6..f896a5512c5d 100644 --- a/testcode/replay.c +++ b/testcode/replay.c @@ -2,24 +2,24 @@ * testcode/replay.c - store and use a replay of events for the DNS resolver. * * Copyright (c) 2007, NLnet Labs. All rights reserved. - * + * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -51,6 +51,7 @@ #include "testcode/testpkts.h" #include "testcode/fake_event.h" #include "sldns/str2wire.h" +#include "util/timeval_func.h" /** max length of lines in file */ #define MAX_LINE_LEN 10240 @@ -59,35 +60,19 @@ * Expand a macro * @param store: value storage * @param runtime: replay runtime for other stuff. - * @param text: the macro text, after the ${, Updated to after the } when + * @param text: the macro text, after the ${, Updated to after the } when * done (successfully). * @return expanded text, malloced. NULL on failure. */ -static char* macro_expand(rbtree_type* store, +static char* macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text); -/** compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - -/** parse keyword in string. +/** parse keyword in string. * @param line: if found, the line is advanced to after the keyword. * @param keyword: string. - * @return: true if found, false if not. + * @return: true if found, false if not. */ -static int +static int parse_keyword(char** line, const char* keyword) { size_t len = (size_t)strlen(keyword); @@ -135,8 +120,8 @@ strip_end_white(char* p) } } -/** - * Read a range from file. +/** + * Read a range from file. * @param remain: Rest of line (after RANGE keyword). * @param in: file to read from. * @param name: name to print in errors. @@ -181,7 +166,7 @@ replay_range_read(char* remain, FILE* in, const char* name, strip_end_white(parse); if(!extstrtoaddr(parse, &rng->addr, &rng->addrlen, UNBOUND_DNS_PORT)) { - log_err("Line %d: could not read ADDRESS: %s", + log_err("Line %d: could not read ADDRESS: %s", pstate->lineno, parse); free(rng); return NULL; @@ -255,8 +240,8 @@ read_assign_step(char* remain, struct replay_moment* mom) fatal_exit("out of memory"); } -/** - * Read a replay moment 'STEP' from file. +/** + * Read a replay moment 'STEP' from file. * @param remain: Rest of line (after STEP keyword). * @param in: file to read from. * @param name: name to print in errors. @@ -376,18 +361,18 @@ replay_moment_read(char* remain, FILE* in, const char* name, strip_end_white(remain); if(!extstrtoaddr(remain, &mom->addr, &mom->addrlen, UNBOUND_DNS_PORT)) { - log_err("line %d: could not parse ADDRESS: %s", + log_err("line %d: could not parse ADDRESS: %s", pstate->lineno, remain); free(mom); return NULL; } - } + } if(parse_keyword(&remain, "ELAPSE")) { double sec; errno = 0; sec = strtod(remain, &remain); if(sec == 0. && errno != 0) { - log_err("line %d: could not parse ELAPSE: %s (%s)", + log_err("line %d: could not parse ELAPSE: %s (%s)", pstate->lineno, remain, strerror(errno)); free(mom); return NULL; @@ -397,7 +382,7 @@ replay_moment_read(char* remain, FILE* in, const char* name, mom->elapse.tv_usec = (int)((sec - (double)mom->elapse.tv_sec) *1000000. + 0.5); #endif - } + } if(readentry) { mom->match = read_entry(in, name, pstate, 1); @@ -433,7 +418,7 @@ make_scenario(char* line) return scen; } -struct replay_scenario* +struct replay_scenario* replay_scenario_read(FILE* in, const char* name, int* lineno) { char line[MAX_LINE_LEN]; @@ -451,7 +436,7 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) (*lineno)++; while(isspace((unsigned char)*parse)) parse++; - if(!*parse) + if(!*parse) continue; /* empty line */ if(parse_keyword(&parse, ";")) continue; /* comment */ @@ -462,11 +447,11 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) if(!scen) fatal_exit("%d: could not make scen", *lineno); continue; - } + } if(!scen) fatal_exit("%d: expected SCENARIO", *lineno); if(parse_keyword(&parse, "RANGE_BEGIN")) { - struct replay_range* newr = replay_range_read(parse, + struct replay_range* newr = replay_range_read(parse, in, name, &pstate, line); if(!newr) fatal_exit("%d: bad range", pstate.lineno); @@ -474,12 +459,12 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) newr->next_range = scen->range_list; scen->range_list = newr; } else if(parse_keyword(&parse, "STEP")) { - struct replay_moment* mom = replay_moment_read(parse, + struct replay_moment* mom = replay_moment_read(parse, in, name, &pstate); if(!mom) fatal_exit("%d: bad moment", pstate.lineno); *lineno = pstate.lineno; - if(scen->mom_last && + if(scen->mom_last && scen->mom_last->time_step >= mom->time_step) fatal_exit("%d: time goes backwards", *lineno); if(scen->mom_last) @@ -502,7 +487,7 @@ replay_scenario_read(FILE* in, const char* name, int* lineno) return NULL; } -void +void replay_scenario_delete(struct replay_scenario* scen) { struct replay_moment* mom, *momn; @@ -630,7 +615,7 @@ do_macro_recursion(rbtree_type* store, struct replay_runtime* runtime, { char* after = at+2; char* expand = macro_expand(store, runtime, &after); - if(!expand) + if(!expand) return NULL; /* expansion failed */ if(!do_buf_insert(at, remain, after, expand)) { free(expand); @@ -665,7 +650,7 @@ do_macro_variable(rbtree_type* store, char* buf, size_t remain) } /* terminator, we are working in macro_expand() buffer */ sv = *at; - *at = 0; + *at = 0; v = macro_getvar(store, name); *at = sv; @@ -816,7 +801,7 @@ macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text) time_t res = 0; if(runtime) { struct fake_timer* t = first_timer(runtime); - if(t && (time_t)t->tv.tv_sec >= runtime->now_secs) + if(t && (time_t)t->tv.tv_sec >= runtime->now_secs) res = (time_t)t->tv.tv_sec - runtime->now_secs; } snprintf(buf, sizeof(buf), ARG_LL "d", (long long)res); @@ -855,9 +840,9 @@ macro_expand(rbtree_type* store, struct replay_runtime* runtime, char** text) if(dofunc) { /* post process functions, buf has the argument(s) */ if(strncmp(buf, "ctime", 5) == 0) { - return do_macro_ctime(buf+6); + return do_macro_ctime(buf+6); } else if(strncmp(buf, "range", 5) == 0) { - return do_macro_range(buf+6); + return do_macro_range(buf+6); } } return strdup(buf); @@ -891,7 +876,7 @@ macro_process(rbtree_type* store, struct replay_runtime* runtime, char* text) return strdup(buf); } -char* +char* macro_lookup(rbtree_type* store, char* name) { struct replay_var* x = macro_getvar(store, name); @@ -907,7 +892,7 @@ void macro_print_debug(rbtree_type* store) } } -int +int macro_assign(rbtree_type* store, char* name, char* value) { struct replay_var* x = macro_getvar(store, name); diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index b2c0d5328bb7..84d2b65f6f5c 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -132,7 +132,15 @@ write_q(int fd, int udp, SSL* ssl, sldns_buffer* buf, uint16_t id, /* qtype and qclass */ qinfo.qtype = sldns_get_rr_type_by_name(strtype); + if(qinfo.qtype == 0 && strcmp(strtype, "TYPE0") != 0) { + printf("cannot parse query type: '%s'\n", strtype); + exit(1); + } qinfo.qclass = sldns_get_rr_class_by_name(strclass); + if(qinfo.qclass == 0 && strcmp(strclass, "CLASS0") != 0) { + printf("cannot parse query class: '%s'\n", strclass); + exit(1); + } /* clear local alias */ qinfo.local_alias = NULL; @@ -371,15 +379,19 @@ static void send_em(const char* svr, const char* pp2_client, int udp, int usessl, int noanswer, int onarrival, int delay, int num, char** qs) { - sldns_buffer* buf = sldns_buffer_new(65553); - sldns_buffer* proxy_buf = sldns_buffer_new(65553); struct sockaddr_storage svr_addr; socklen_t svr_addrlen; int fd = open_svr(svr, udp, &svr_addr, &svr_addrlen); int i, wait_results = 0, pp2_parsed; SSL_CTX* ctx = NULL; SSL* ssl = NULL; - if(!buf) fatal_exit("out of memory"); + sldns_buffer* buf = sldns_buffer_new(65553); + sldns_buffer* proxy_buf = sldns_buffer_new(65553); + if(!buf || !proxy_buf) { + sldns_buffer_free(buf); + sldns_buffer_free(proxy_buf); + fatal_exit("out of memory"); + } pp2_parsed = parse_pp2_client(pp2_client, udp, proxy_buf); if(usessl) { ctx = connect_sslctx_create(NULL, NULL, NULL, 0); diff --git a/testcode/testpkts.c b/testcode/testpkts.c index 3702c3f18403..aa852f01ee47 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -21,7 +21,6 @@ */ #include "config.h" -struct sockaddr_storage; #include <errno.h> #include <stdarg.h> #include <ctype.h> @@ -140,6 +139,10 @@ static void matchline(char* line, struct entry* e) e->match_noedns = 1; } else if(str_keyword(&parse, "ednsdata")) { e->match_ednsdata_raw = 1; + } else if(str_keyword(&parse, "client_cookie")) { + e->match_client_cookie = 1; + } else if(str_keyword(&parse, "server_cookie")) { + e->match_server_cookie = 1; } else if(str_keyword(&parse, "UDP")) { e->match_transport = transport_udp; } else if(str_keyword(&parse, "TCP")) { @@ -905,37 +908,64 @@ get_do_flag(uint8_t* pkt, size_t len) return (int)(edns_bits&LDNS_EDNS_MASK_DO_BIT); } -/** Snips the EDE option out of the OPT record and returns the EDNS EDE - * INFO-CODE if found, else -1 */ +/** Snips the specified EDNS option out of the OPT record and puts it in the + * provided buffer. The buffer should be able to hold any opt data ie 65535. + * Returns the length of the option written, + * or 0 if not found, else -1 on error. */ static int -extract_ede(uint8_t* pkt, size_t len) +pkt_snip_edns_option(uint8_t* pkt, size_t len, sldns_edns_option code, + uint8_t* buf) { uint8_t *rdata, *opt_position = pkt; uint16_t rdlen, optlen; size_t remaining = len; - int ede_code; - if(!pkt_find_edns_opt(&opt_position, &remaining)) return -1; + if(!pkt_find_edns_opt(&opt_position, &remaining)) return 0; if(remaining < 8) return -1; /* malformed */ rdlen = sldns_read_uint16(opt_position+6); rdata = opt_position + 8; while(rdlen > 0) { if(rdlen < 4) return -1; /* malformed */ optlen = sldns_read_uint16(rdata+2); - if(sldns_read_uint16(rdata) == LDNS_EDNS_EDE) { - if(rdlen < 6) return -1; /* malformed */ - ede_code = sldns_read_uint16(rdata+4); + if(sldns_read_uint16(rdata) == code) { + /* save data to buf for caller inspection */ + memmove(buf, rdata+4, optlen); /* snip option from packet; assumes len is correct */ memmove(rdata, rdata+4+optlen, (pkt+len)-(rdata+4+optlen)); /* update OPT size */ sldns_write_uint16(opt_position+6, sldns_read_uint16(opt_position+6)-(4+optlen)); - return ede_code; + return optlen; } rdlen -= 4 + optlen; rdata += 4 + optlen; } - return -1; + return 0; +} + +/** Snips the EDE option out of the OPT record and returns the EDNS EDE + * INFO-CODE if found, else -1 */ +static int +extract_ede(uint8_t* pkt, size_t len) +{ + uint8_t buf[65535]; + int buflen = pkt_snip_edns_option(pkt, len, LDNS_EDNS_EDE, buf); + if(buflen < 2 /*ede without text at minimum*/) return -1; + return sldns_read_uint16(buf); +} + +/** Snips the DNS Cookie option out of the OPT record and puts it in the + * provided cookie buffer (should be at least 24 octets). + * Returns the length of the cookie if found, else -1. */ +static int +extract_cookie(uint8_t* pkt, size_t len, uint8_t* cookie) +{ + uint8_t buf[65535]; + int buflen = pkt_snip_edns_option(pkt, len, LDNS_EDNS_COOKIE, buf); + if(buflen != 8 /*client cookie*/ && + buflen != 8 + 16 /*server cookie*/) return -1; + memcpy(cookie, buf, buflen); + return buflen; } /** zero TTLs in packet */ @@ -1530,6 +1560,27 @@ find_match(struct entry* entries, uint8_t* query_pkt, size_t len, continue; } } + /* Cookies could also modify the query_pkt; keep them early */ + if(p->match_client_cookie || p->match_server_cookie) { + uint8_t cookie[24]; + int cookie_len = extract_cookie(query_pkt, len, + cookie); + if(cookie_len == -1) { + verbose(3, "bad DNS Cookie. " + "Expected but not found\n"); + continue; + } else if(p->match_client_cookie && + cookie_len != 8) { + verbose(3, "bad DNS Cookie. Expected client " + "cookie of length 8."); + continue; + } else if((p->match_server_cookie) && + cookie_len != 24) { + verbose(3, "bad DNS Cookie. Expected server " + "cookie of length 24."); + continue; + } + } if(p->match_opcode && get_opcode(query_pkt, len) != get_opcode(reply, rlen)) { verbose(3, "bad opcode\n"); diff --git a/testcode/testpkts.h b/testcode/testpkts.h index 2768040c68cb..c6a3725f368e 100644 --- a/testcode/testpkts.h +++ b/testcode/testpkts.h @@ -64,6 +64,14 @@ struct sldns_file_parse_state; ; 'ede=any' makes the query match any EDNS EDE info-code. ; It also snips the EDE record out of the packet to facilitate ; other matches. + ; 'client_cookie' makes the query match any DNS Cookie option with + ; with a length of 8 octets. + ; It also snips the DNS Cookie record out of the packet to + ; facilitate other matches. + ; 'server_cookie' makes the query match any DNS Cookie option with + ; with a length of 24 octets. + ; It also snips the DNS Cookie record out of the packet to + ; facilitate other matches. MATCH [opcode] [qtype] [qname] [serial=<value>] [all] [ttl] MATCH [UDP|TCP] DO MATCH ... @@ -104,11 +112,11 @@ struct sldns_file_parse_state; ; be parsed, ADJUST rules for the answer packet ; are ignored. Only copy_id is done. HEX_ANSWER_END - HEX_EDNS_BEGIN ; follow with hex data. + HEX_EDNSDATA_BEGIN ; follow with hex data. ; Raw EDNS data to match against. It must be an ; exact match (all options are matched) and will be ; evaluated only when 'MATCH ednsdata' given. - HEX_EDNS_END + HEX_EDNSDATA_END ENTRY_END @@ -214,6 +222,10 @@ struct entry { uint8_t match_noedns; /** match edns data field given in hex */ uint8_t match_ednsdata_raw; + /** match an DNS cookie of length 8 */ + uint8_t match_client_cookie; + /** match an DNS cookie of length 24 */ + uint8_t match_server_cookie; /** match query serial with this value. */ uint32_t ixfr_soa_serial; /** match on UDP/TCP */ @@ -235,7 +247,7 @@ struct entry { /** increment the ECS scope copied from the sourcemask by one */ uint8_t increment_ecs_scope; /** in seconds */ - unsigned int sleeptime; + unsigned int sleeptime; /** some number that names this entry, line number in file or so */ int lineno; diff --git a/testcode/unitlruhash.c b/testcode/unitlruhash.c index e196f0b63211..3c66d7583ed6 100644 --- a/testcode/unitlruhash.c +++ b/testcode/unitlruhash.c @@ -94,7 +94,7 @@ test_bin_find_entry(struct lruhash* table) bin_overflow_remove(&bin, &k->entry); /* find in empty list */ - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == NULL ); /* insert */ lock_quick_lock(&bin.lock); @@ -102,20 +102,20 @@ test_bin_find_entry(struct lruhash* table) lock_quick_unlock(&bin.lock); /* find, hash not OK. */ - unit_assert( bin_find_entry(table, &bin, myhash(13), k) == NULL ); + unit_assert( bin_find_entry(table, &bin, myhash(13), k, NULL) == NULL ); /* find, hash OK, but cmp not */ unit_assert( k->entry.hash == k2->entry.hash ); - unit_assert( bin_find_entry(table, &bin, h, k2) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k2, NULL) == NULL ); /* find, hash OK, and cmp too */ - unit_assert( bin_find_entry(table, &bin, h, k) == &k->entry ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == &k->entry ); /* remove the element */ lock_quick_lock(&bin.lock); bin_overflow_remove(&bin, &k->entry); lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == NULL ); /* prepend two different elements; so the list is long */ /* one has the same hash, but different cmp */ @@ -127,28 +127,28 @@ test_bin_find_entry(struct lruhash* table) lock_quick_unlock(&bin.lock); /* find, hash not OK. */ - unit_assert( bin_find_entry(table, &bin, myhash(13), k) == NULL ); + unit_assert( bin_find_entry(table, &bin, myhash(13), k, NULL) == NULL ); /* find, hash OK, but cmp not */ unit_assert( k->entry.hash == k2->entry.hash ); - unit_assert( bin_find_entry(table, &bin, h, k2) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k2, NULL) == NULL ); /* find, hash OK, and cmp too */ - unit_assert( bin_find_entry(table, &bin, h, k) == &k->entry ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == &k->entry ); /* remove middle element */ - unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4) + unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4, NULL) == &k4->entry ); lock_quick_lock(&bin.lock); bin_overflow_remove(&bin, &k4->entry); lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4) == NULL); + unit_assert( bin_find_entry(table, &bin, k4->entry.hash, k4, NULL) == NULL); /* remove last element */ lock_quick_lock(&bin.lock); bin_overflow_remove(&bin, &k->entry); lock_quick_unlock(&bin.lock); - unit_assert( bin_find_entry(table, &bin, h, k) == NULL ); + unit_assert( bin_find_entry(table, &bin, h, k, NULL) == NULL ); lock_quick_destroy(&bin.lock); delkey(k); diff --git a/testcode/unitmain.c b/testcode/unitmain.c index b6dac5507faf..647cbca3b05b 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -530,6 +530,207 @@ infra_test(void) config_delete(cfg); } +#include "util/edns.h" +/* Complete version-invalid client cookie; needs a new one. + * Based on edns_cookie_rfc9018_a2 */ +static void +edns_cookie_invalid_version(void) +{ + uint32_t timestamp = 1559734385; + uint8_t client_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x99, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0x9f, 0x11, + 0x1f, 0x81, 0x30, 0xc3, 0xee, 0xe2, 0x94, 0x80 }; + uint8_t server_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0xa8, 0x71, + 0xd4, 0xa5, 0x64, 0xa1, 0x44, 0x2a, 0xca, 0x77 }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 198.51.100.100 */ + memcpy(buf + 16, "\306\063\144\144", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_INVALID); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-invalid client cookie; needs a new one. */ +static void +edns_cookie_invalid_hash(void) +{ + uint32_t timestamp = 0; + uint8_t client_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x32, 0xF2, 0x43, 0xB9, 0xBC, 0xFE, 0xC4, 0x06 }; + uint8_t server_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0xBA, 0x0D, 0x82, 0x90, 0x8F, 0xAA, 0xEB, 0xBD }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 203.0.113.203 */ + memcpy(buf + 16, "\313\000\161\313", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_INVALID); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-valid client cookie; more than 30 minutes old; needs a + * refreshed server cookie. + * A slightly better variation of edns_cookie_rfc9018_a3 for Unbound to check + * that RESERVED bits do not influence cookie validation. */ +static void +edns_cookie_rfc9018_a3_better(void) +{ + uint32_t timestamp = 1800 + 1; + uint8_t client_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0xab, 0xcd, 0xef, + 0x00, 0x00, 0x00, 0x00, + 0x32, 0xF2, 0x43, 0xB9, 0xBC, 0xFE, 0xC4, 0x06 }; + uint8_t server_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x07, 0x09, + 0x62, 0xD5, 0x93, 0x09, 0x14, 0x5C, 0x23, 0x9D }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 203.0.113.203 */ + memcpy(buf + 16, "\313\000\161\313", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_VALID_RENEW); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-valid client cookie; more than 60 minutes old (expired); + * needs a refreshed server cookie. */ +static void +edns_cookie_rfc9018_a3(void) +{ + uint32_t timestamp = 1559734700; + uint8_t client_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0xab, 0xcd, 0xef, + 0x5c, 0xf7, 0x8f, 0x71, + 0xa3, 0x14, 0x22, 0x7b, 0x66, 0x79, 0xeb, 0xf5 }; + uint8_t server_cookie[] = { + 0xfc, 0x93, 0xfc, 0x62, 0x80, 0x7d, 0xdb, 0x86, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0xa9, 0xac, + 0xf7, 0x3a, 0x78, 0x10, 0xac, 0xa2, 0x38, 0x1e }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 203.0.113.203 */ + memcpy(buf + 16, "\313\000\161\313", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_EXPIRED); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Complete hash-valid client cookie; more than 30 minutes old; needs a + * refreshed server cookie. */ +static void +edns_cookie_rfc9018_a2(void) +{ + uint32_t timestamp = 1559734385; + uint8_t client_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0x9f, 0x11, + 0x1f, 0x81, 0x30, 0xc3, 0xee, 0xe2, 0x94, 0x80 }; + uint8_t server_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0xa8, 0x71, + 0xd4, 0xa5, 0x64, 0xa1, 0x44, 0x2a, 0xca, 0x77 }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, client_cookie, 8 + 4 + 4); + /* copy ip 198.51.100.100 */ + memcpy(buf + 16, "\306\063\144\144", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), server_secret, sizeof(server_secret), 1, + buf, timestamp) == COOKIE_STATUS_VALID_RENEW); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/* Only client cookie; needs a complete server cookie. */ +static void +edns_cookie_rfc9018_a1(void) +{ + uint32_t timestamp = 1559731985; + uint8_t client_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57 }; + uint8_t server_cookie[] = { + 0x24, 0x64, 0xc4, 0xab, 0xcf, 0x10, 0xc9, 0x57, + 0x01, 0x00, 0x00, 0x00, + 0x5c, 0xf7, 0x9f, 0x11, + 0x1f, 0x81, 0x30, 0xc3, 0xee, 0xe2, 0x94, 0x80 }; + uint8_t server_secret[] = { + 0xe5, 0xe9, 0x73, 0xe5, 0xa6, 0xb2, 0xa4, 0x3f, + 0x48, 0xe7, 0xdc, 0x84, 0x9e, 0x37, 0xbf, 0xcf }; + uint8_t buf[32]; + /* copy client cookie|version|reserved|timestamp */ + memcpy(buf, server_cookie, 8 + 4 + 4); + /* copy ip 198.51.100.100 */ + memcpy(buf + 16, "\306\063\144\144", 4); + unit_assert(edns_cookie_server_validate(client_cookie, + sizeof(client_cookie), + /* these will not be used; it will return invalid + * because of the size. */ + NULL, 0, 1, NULL, 0) == COOKIE_STATUS_CLIENT_ONLY); + edns_cookie_server_write(buf, server_secret, 1, timestamp); + unit_assert(memcmp(server_cookie, buf, 24) == 0); +} + +/** test interoperable DNS cookies (RFC9018) */ +static void +edns_cookie_test(void) +{ + unit_show_feature("interoperable dns cookies"); + /* Check RFC9018 appendix test vectors */ + edns_cookie_rfc9018_a1(); + edns_cookie_rfc9018_a2(); + edns_cookie_rfc9018_a3(); + /* More tests */ + edns_cookie_rfc9018_a3_better(); + edns_cookie_invalid_hash(); + edns_cookie_invalid_version(); +} + #include "util/random.h" /** test randomness */ static void @@ -839,6 +1040,218 @@ static void respip_test(void) respip_conf_actions_test(); } +#include "util/regional.h" +#include "sldns/sbuffer.h" +#include "util/data/dname.h" +#include "util/data/msgreply.h" +#include "util/data/msgencode.h" +#include "sldns/str2wire.h" + +static void edns_ede_encode_setup(struct edns_data* edns, + struct regional* region) +{ + memset(edns, 0, sizeof(*edns)); + edns->edns_present = 1; + edns->edns_version = EDNS_ADVERTISED_VERSION; + edns->udp_size = EDNS_ADVERTISED_SIZE; + edns->bits &= EDNS_DO; + /* Fill up opt_list_out with EDEs */ + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + /* Fill up opt_list_inplace_cb_out with EDEs */ + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_BLOCKED, "Too long blocked text")); + /* append another EDNS option to both lists */ + unit_assert( + edns_opt_list_append(&edns->opt_list_out, + LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, 0, NULL, region)); + unit_assert( + edns_opt_list_append(&edns->opt_list_inplace_cb_out, + LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, 0, NULL, region)); + /* append LDNS_EDE_OTHER at the end of both lists */ + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_out, region, + LDNS_EDE_OTHER, "Too long other text")); + unit_assert( + edns_opt_list_append_ede(&edns->opt_list_inplace_cb_out, region, + LDNS_EDE_OTHER, "Too long other text")); +} + +static void edns_ede_encode_encodedecode(struct query_info* qinfo, + struct reply_info* rep, struct regional* region, + struct edns_data* edns, sldns_buffer* pkt) +{ + /* encode */ + unit_assert( + reply_info_answer_encode(qinfo, rep, 1, rep->flags, pkt, + 0, 0, region, 65535, edns, 0, 0)); + /* buffer ready for reading; skip after the question section */ + sldns_buffer_skip(pkt, LDNS_HEADER_SIZE); + (void)query_dname_len(pkt); + sldns_buffer_skip(pkt, 2 + 2); + /* decode */ + unit_assert(parse_edns_from_query_pkt(pkt, edns, NULL, NULL, NULL, 0, + region) == 0); +} + +static void edns_ede_encode_check(struct edns_data* edns, int* found_ede, + int* found_ede_other, int* found_ede_txt, int* found_other_edns) +{ + struct edns_option* opt; + for(opt = edns->opt_list_in; opt; opt = opt->next) { + if(opt->opt_code == LDNS_EDNS_EDE) { + (*found_ede)++; + if(opt->opt_len > 2) + (*found_ede_txt)++; + if(opt->opt_len >= 2 && sldns_read_uint16( + opt->opt_data) == LDNS_EDE_OTHER) + (*found_ede_other)++; + } else { + (*found_other_edns)++; + } + } + +} + +static void edns_ede_encode_fit_test(struct query_info* qinfo, + struct reply_info* rep, struct regional* region) +{ + struct edns_data edns; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + sldns_buffer* pkt = sldns_buffer_new(65535); + unit_assert(pkt); + edns_ede_encode_setup(&edns, region); + /* leave the pkt buffer as is; everything should fit */ + edns_ede_encode_encodedecode(qinfo, rep, region, &edns, pkt); + edns_ede_encode_check(&edns, &found_ede, &found_ede_other, + &found_ede_txt, &found_other_edns); + unit_assert(found_ede == 12); + unit_assert(found_ede_other == 8); + unit_assert(found_ede_txt == 12); + unit_assert(found_other_edns == 2); + /* cleanup */ + sldns_buffer_free(pkt); +} + +static void edns_ede_encode_notxt_fit_test( struct query_info* qinfo, + struct reply_info* rep, struct regional* region) +{ + struct edns_data edns; + sldns_buffer* pkt; + uint16_t edns_field_size, ede_txt_size; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + edns_ede_encode_setup(&edns, region); + /* pkt buffer should fit everything if the ede txt is cropped. + * OTHER EDE should not be there since it is useless without text. */ + edns_field_size = calc_edns_field_size(&edns); + (void)calc_ede_option_size(&edns, &ede_txt_size); + pkt = sldns_buffer_new(LDNS_HEADER_SIZE + + qinfo->qname_len + + 2 + 2 /* qtype + qclass */ + + 11 /* opt record */ + + edns_field_size + - ede_txt_size); + unit_assert(pkt); + edns_ede_encode_encodedecode(qinfo, rep, region, &edns, pkt); + edns_ede_encode_check(&edns, &found_ede, &found_ede_other, + &found_ede_txt, &found_other_edns); + unit_assert(found_ede == 4); + unit_assert(found_ede_other == 0); + unit_assert(found_ede_txt == 0); + unit_assert(found_other_edns == 2); + /* cleanup */ + sldns_buffer_free(pkt); +} + +static void edns_ede_encode_no_fit_test( struct query_info* qinfo, + struct reply_info* rep, struct regional* region) +{ + struct edns_data edns; + sldns_buffer* pkt; + uint16_t edns_field_size, ede_size, ede_txt_size; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + edns_ede_encode_setup(&edns, region); + /* pkt buffer should fit only non-EDE options. */ + edns_field_size = calc_edns_field_size(&edns); + ede_size = calc_ede_option_size(&edns, &ede_txt_size); + pkt = sldns_buffer_new(LDNS_HEADER_SIZE + + qinfo->qname_len + + 2 + 2 /* qtype + qclass */ + + 11 /* opt record */ + + edns_field_size + - ede_size); + unit_assert(pkt); + edns_ede_encode_encodedecode(qinfo, rep, region, &edns, pkt); + edns_ede_encode_check(&edns, &found_ede, &found_ede_other, + &found_ede_txt, &found_other_edns); + unit_assert(found_ede == 0); + unit_assert(found_ede_other == 0); + unit_assert(found_ede_txt == 0); + unit_assert(found_other_edns == 2); + /* cleanup */ + sldns_buffer_free(pkt); +} + +/** test optional EDE encoding with various buffer + * available sizes */ +static void edns_ede_answer_encode_test(void) +{ + struct regional* region = regional_create(); + struct reply_info* rep; + struct query_info qinfo; + unit_show_feature("edns ede optional encoding"); + unit_assert(region); + rep = construct_reply_info_base(region, + LDNS_RCODE_NOERROR | BIT_QR, 1, + 3600, 3600, 3600, + 0, 0, 0, 0, + sec_status_unchecked, LDNS_EDE_NONE); + unit_assert(rep); + memset(&qinfo, 0, sizeof(qinfo)); + qinfo.qname = sldns_str2wire_dname("encode.ede.", &qinfo.qname_len); + unit_assert(qinfo.qname); + qinfo.qtype = LDNS_RR_TYPE_TXT; + qinfo.qclass = LDNS_RR_CLASS_IN; + + edns_ede_encode_fit_test(&qinfo, rep, region); + edns_ede_encode_notxt_fit_test(&qinfo, rep, region); + edns_ede_encode_no_fit_test(&qinfo, rep, region); + + /* cleanup */ + free(qinfo.qname); + regional_free_all(region); + regional_destroy(region); +} + void unit_show_func(const char* file, const char* func) { printf("test %s:%s\n", file, func); @@ -852,6 +1265,7 @@ void unit_show_feature(const char* feature) #ifdef USE_ECDSA_EVP_WORKAROUND void ecdsa_evp_workaround_init(void); #endif + /** * Main unit test program. Setup, teardown and report errors. * @param argc: arg count. @@ -906,9 +1320,11 @@ main(int argc, char* argv[]) slabhash_test(); infra_test(); ldns_test(); + edns_cookie_test(); zonemd_test(); tcpreuse_test(); msgparse_test(); + edns_ede_answer_encode_test(); #ifdef CLIENT_SUBNET ecs_test(); #endif /* CLIENT_SUBNET */ diff --git a/testdata/00-lint.tdir/00-lint.dsc b/testdata/00-lint.tdir/00-lint.dsc index 4778f7a81ba5..814a53717d90 100644 --- a/testdata/00-lint.tdir/00-lint.dsc +++ b/testdata/00-lint.tdir/00-lint.dsc @@ -3,14 +3,14 @@ Version: 1.0 Description: Put source into lint. CreationDate: Wed Jan 3 14:12:02 CET 2007 Maintainer: dr. W.C.A. Wijngaards -Category: +Category: Component: -CmdDepends: -Depends: +CmdDepends: +Depends: Help: -Pre: +Pre: 00-lint.pre Post: Test: 00-lint.test -AuxFiles: +AuxFiles: Passed: Failure: diff --git a/testdata/00-lint.tdir/00-lint.pre b/testdata/00-lint.tdir/00-lint.pre new file mode 100644 index 000000000000..507f5e1e9454 --- /dev/null +++ b/testdata/00-lint.tdir/00-lint.pre @@ -0,0 +1,14 @@ +# #-- 00-lint.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." + +if test -f $PRE/unbound_test_00-lint ; then + echo test enabled +else + skip_test "test skipped; clang linter preferred over splint" +fi diff --git a/testdata/01-doc.tdir/01-doc.test b/testdata/01-doc.tdir/01-doc.test index 6a78a9cd356d..484b0be42e43 100644 --- a/testdata/01-doc.tdir/01-doc.test +++ b/testdata/01-doc.tdir/01-doc.test @@ -34,6 +34,7 @@ fgrep -v -e "ldns-src/" hlist > ilist; mv ilist hlist fgrep -v -e "libunbound/python/libunbound_wrap.c" hlist > ilist; mv ilist hlist fgrep -v -e "pythonmod/interface.h" hlist > ilist; mv ilist hlist fgrep -v -e "dnstap" hlist > ilist; mv ilist hlist +fgrep -v -e "util/siphash.c" hlist > ilist; mv ilist hlist # filter out compat fgrep -v -e "compat/" hlist > ilist; mv ilist hlist for h in `cat hlist`; do diff --git a/testdata/09-unbound-control.tdir/09-unbound-control.test b/testdata/09-unbound-control.tdir/09-unbound-control.test index 0ef679b3fd46..0a0bd8a18d47 100644 --- a/testdata/09-unbound-control.tdir/09-unbound-control.test +++ b/testdata/09-unbound-control.tdir/09-unbound-control.test @@ -199,7 +199,7 @@ query www.example.com. cache_dump -c ub.conf expect_exit_value 0 cat cache.dump -expect_in_cache "10.20.30.40" +expect_in_cache_dump "10.20.30.40" control_command -c ub.conf lookup www.example.com expect_exit_value 0 @@ -264,6 +264,7 @@ control_command -c ub.conf reload_keep_cache expect_exit_value 0 cache_dump -c ub.conf expect_exit_value 0 +cat cache.dump expect_in_cache_dump "www.example.com.*10.20.30.40" expect_in_cache_dump "msg www.example.com. IN A" query www.example.com +nordflag @@ -291,6 +292,14 @@ fail_in_cache_dump "msg www.example.com. IN A" query www.example.com expect_answer "10.20.30.40" +# See if this part of the test can be enabled, it needs threads for combined +# output. +have_threads="no" +if grep "define HAVE_PTHREAD 1" $PRE/config.h; then have_threads="yes"; fi +if grep "define HAVE_SOLARIS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi +if grep "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi +if test "$have_threads" = "yes"; then + teststep "change num-threads and reload_keep_cache - should be empty" echo "server: num-threads: 2" >> ub.conf control_command -c ub.conf reload_keep_cache @@ -311,6 +320,12 @@ expect_exit_value 0 expect_in_cache_dump "www.example.com.*10.20.30.40" expect_in_cache_dump "msg www.example.com. IN A" +else + echo "" + echo "> skip test parts that need threads, have_threads=no" +# end of check for have_threads +fi + teststep "now stop the server" control_command -c ub.conf stop expect_exit_value 0 diff --git a/testdata/auth_xfr_host.rpl b/testdata/auth_xfr_host.rpl index d052d36a43bf..f8bd1890e0ea 100644 --- a/testdata/auth_xfr_host.rpl +++ b/testdata/auth_xfr_host.rpl @@ -84,6 +84,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/autotrust_init_fail.rpl b/testdata/autotrust_init_fail.rpl index 1f3fed9570a2..00703026d274 100644 --- a/testdata/autotrust_init_fail.rpl +++ b/testdata/autotrust_init_fail.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -159,6 +160,23 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 21 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 22 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + ; The autotrust anchor was probed due to the query. STEP 30 CHECK_AUTOTRUST example.com diff --git a/testdata/autotrust_init_failsig.rpl b/testdata/autotrust_init_failsig.rpl index 7f6a14d833e5..29a8d11d193d 100644 --- a/testdata/autotrust_init_failsig.rpl +++ b/testdata/autotrust_init_failsig.rpl @@ -6,6 +6,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -147,6 +148,23 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 21 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 22 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + ; The autotrust anchor was probed due to the query. STEP 30 CHECK_AUTOTRUST example.com diff --git a/testdata/autotrust_probefail.rpl b/testdata/autotrust_probefail.rpl index e22cbf71ff96..992d9629df13 100644 --- a/testdata/autotrust_probefail.rpl +++ b/testdata/autotrust_probefail.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -164,4 +165,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 40 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/autotrust_probefailsig.rpl b/testdata/autotrust_probefailsig.rpl index 7d486ffbc397..3988add01acf 100644 --- a/testdata/autotrust_probefailsig.rpl +++ b/testdata/autotrust_probefailsig.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -164,4 +165,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 40 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/autotrust_revtp_use.rpl b/testdata/autotrust_revtp_use.rpl index b43eb60ad6c7..952428a3daa4 100644 --- a/testdata/autotrust_revtp_use.rpl +++ b/testdata/autotrust_revtp_use.rpl @@ -109,6 +109,8 @@ SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER ; no AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/black_ds_entry.rpl b/testdata/black_ds_entry.rpl index 168dc236d203..f2e7a2a99241 100644 --- a/testdata/black_ds_entry.rpl +++ b/testdata/black_ds_entry.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -586,6 +587,23 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 20 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; no more outgoing traffic possible. STEP 110 QUERY ENTRY_BEGIN @@ -603,6 +621,23 @@ ftp.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 121 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ftp.sub.example.com. IN A +ENTRY_END + +STEP 122 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ftp.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; wait for timeout seconds. STEP 130 TIME_PASSES ELAPSE 901 diff --git a/testdata/black_key_entry.rpl b/testdata/black_key_entry.rpl index cd2b0bfbe557..c66e1dbb13ad 100644 --- a/testdata/black_key_entry.rpl +++ b/testdata/black_key_entry.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -568,6 +569,23 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 20 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; no more outgoing traffic possible. STEP 110 QUERY ENTRY_BEGIN @@ -585,6 +603,23 @@ ftp.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 121 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ftp.sub.example.com. IN A +ENTRY_END + +STEP 122 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ftp.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + ; wait for timeout seconds. STEP 130 TIME_PASSES ELAPSE 901 diff --git a/testdata/black_prime_entry.rpl b/testdata/black_prime_entry.rpl index e635ed9cc10b..1acd7d7c12e7 100644 --- a/testdata/black_prime_entry.rpl +++ b/testdata/black_prime_entry.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -292,6 +293,22 @@ SECTION QUESTION www.example.com. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + STEP 100 TIME_PASSES ELAPSE 10 ; second query should not result in going to the network. @@ -311,5 +328,21 @@ SECTION QUESTION ftp.example.com. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 121 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ftp.example.com. IN A +ENTRY_END + +STEP 122 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ftp.example.com. IN A +ENTRY_END + SCENARIO_END diff --git a/testdata/cachedb_cached_ede.crpl b/testdata/cachedb_cached_ede.crpl new file mode 100644 index 000000000000..5eade545105f --- /dev/null +++ b/testdata/cachedb_cached_ede.crpl @@ -0,0 +1,91 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + module-config: "cachedb validator iterator" + trust-anchor-signaling: no + verbosity: 4 + ede: yes + val-log-level: 2 + trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" + + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + +stub-zone: + name: "example.nl" + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb support for caching EDEs. + +RANGE_BEGIN 0 10 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN DNSKEY +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN A +SECTION ANSWER +example.nl. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; get the entry in cache. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) + 00 00 ; option length + HEX_EDNSDATA_END +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +; query again for the cached entry +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + FF FE ; option code = 65534 (LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST) + 00 00 ; option length + HEX_EDNSDATA_END +ENTRY_END + +; this must be a cached answer since stub is not answering in this range +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +SCENARIO_END diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test index bbeb9eb2b65f..45bde6564b2e 100644 --- a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test @@ -23,15 +23,26 @@ if test "$?" -ne 0; then fi num=$(grep "ANSWER SEC" outfile | wc -l) # 58 byte answers, 500 byte max response buffer -> 8 answers + +# Sometimes unbound is scheduled to be able to respond very quickly, +# before all the queries are sent, and then writes some of the queries +# back already, emptying the buffer, which then does not overflow. +# The attempt is to detect this test flakyness with 'mode w' write lines. +nummodew=$(grep "mode w" unbound.log | wc -l) +echo "num answers $num and num write events $nummodew" if [ $num -eq 8 ]; then echo "content OK" else + if [ "(" $num -eq 9 -o $num -eq 10 ")" -a $nummodew -eq 2 ]; then + echo "skip buffer emptied event" + else echo "result contents not OK" echo "> cat logfiles" cat outfile cat unbound.log echo "result contents not OK" exit 1 + fi fi echo "OK" diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test index 5d478bd49cb2..e45085ebf156 100644 --- a/testdata/ede.tdir/ede.test +++ b/testdata/ede.tdir/ede.test @@ -68,5 +68,36 @@ then exit 1 fi +# EDE with CD bit set (EDE but no SERVFAIL) +dig @127.0.0.1 -p $UNBOUND_PORT cd.dnskey-failures.test +cd > cd_bit_ede.txt -# @TODO DNSSEC indeterminate when implemented +if ! grep -q -e "NXDOMAIN" cd_bit_ede.txt +then + echo "No NXDOMAIN reply with CD bit set" + cat cd_bit_ede.txt + exit 1 +fi +if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" cd_bit_ede.txt +then + echo "No EDE attached with CD bit set" + cat cd_bit_ede.txt + exit 1 +fi + +# EDE with CD bit set (EDE but no SERVFAIL) for a cached answer +# Same test as above +dig @127.0.0.1 -p $UNBOUND_PORT cd.dnskey-failures.test +cd > cd_bit_ede.txt + +if ! grep -q -e "NXDOMAIN" cd_bit_ede.txt +then + echo "No NXDOMAIN reply with CD bit set for cached answer" + cat cd_bit_ede.txt + exit 1 +fi +if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" cd_bit_ede.txt +then + echo "No EDE attached with CD bit set for cached answer" + cat cd_bit_ede.txt + exit 1 +fi +# TODO DNSSEC indeterminate when implemented diff --git a/testdata/ede_cache_snoop_noth_auth.rpl b/testdata/ede_cache_snoop_not_auth.rpl index d243fdde00ac..d243fdde00ac 100644 --- a/testdata/ede_cache_snoop_noth_auth.rpl +++ b/testdata/ede_cache_snoop_not_auth.rpl diff --git a/testdata/edns_downstream_cookies.rpl b/testdata/edns_downstream_cookies.rpl new file mode 100644 index 000000000000..820bc5a7ca70 --- /dev/null +++ b/testdata/edns_downstream_cookies.rpl @@ -0,0 +1,235 @@ +; config options +server: + answer-cookie: yes + cookie-secret: "000102030405060708090a0b0c0d0e0f" + access-control: 127.0.0.1 allow_cookie + access-control: 1.2.3.4 allow + local-data: "test. TXT test" + +CONFIG_END + +SCENARIO_BEGIN Test downstream DNS Cookies + +; Note: When a valid hash was required, it was generated by running this test +; with an invalid one and checking the output for the valid one. +; Actual hash generation is tested with unit tests. + +; Query without a client cookie ... +STEP 0 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +ENTRY_END +; ... get TC and refused +STEP 1 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA TC REFUSED +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query without a client cookie on TCP ... +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +MATCH TCP +SECTION QUESTION +test. IN TXT +ENTRY_END +; ... get an answer +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with only a client cookie ... +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 08 ; Length 8 + 31 32 33 34 35 36 37 38 ; Random bits +HEX_EDNSDATA_END +ENTRY_END +; ... get BADCOOKIE and a new cookie +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query with an invalid cookie ... +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 02 00 00 00 ; wrong version + 00 00 00 00 ; Timestamp + 31 32 33 34 35 36 37 38 ; wrong hash +HEX_EDNSDATA_END +ENTRY_END +; ... get BADCOOKIE and a new cookie +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query with an invalid cookie from a non-cookie protected address ... +STEP 40 QUERY ADDRESS 1.2.3.4 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 02 00 00 00 ; wrong version + 00 00 00 00 ; Timestamp + 31 32 33 34 35 36 37 38 ; wrong hash +HEX_EDNSDATA_END +ENTRY_END +; ... get answer and a cookie +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with a valid cookie ... +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 00 00 ; Timestamp + 38 52 7b a8 c6 a4 ea 96 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... get answer and the cookie +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with a valid >30 minutes old cookie ... +STEP 59 TIME_PASSES ELAPSE 1801 +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 00 00 ; Timestamp + 38 52 7b a8 c6 a4 ea 96 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... Get answer and a refreshed cookie +; (we don't check the re-freshness here; it has its own unit test) +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +; Query with a hash-valid >60 minutes old cookie ... +STEP 69 TIME_PASSES ELAPSE 3601 +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 07 09 ; Timestamp (1801) + 77 81 38 e3 8f aa 72 86 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... get BADCOOKIE and a new cookie +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode +SECTION QUESTION +test. IN TXT +ENTRY_END + +; Query with a valid future (<5 minutes) cookie ... +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test. IN TXT +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 0a ; Opcode 10 + 00 18 ; Length 24 + 31 32 33 34 35 36 37 38 ; Random bits + 01 00 00 00 ; Version/Reserved + 00 00 16 45 ; Timestamp (1801 + 3601 + 299) + 4a f5 0f df f0 e8 c7 09 ; Hash +HEX_EDNSDATA_END +ENTRY_END +; ... get an answer +STEP 81 CHECK_ANSWER +ENTRY_BEGIN +MATCH all server_cookie +REPLY QR RD RA AA DO NOERROR +SECTION QUESTION +test. IN TXT +SECTION ANSWER +test. IN TXT "test" +ENTRY_END + +SCENARIO_END diff --git a/testdata/ip_ratelimit.tdir/ip_ratelimit.conf b/testdata/ip_ratelimit.tdir/ip_ratelimit.conf new file mode 100644 index 000000000000..ae7d0cda0d9d --- /dev/null +++ b/testdata/ip_ratelimit.tdir/ip_ratelimit.conf @@ -0,0 +1,28 @@ +server: + verbosity: 5 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + local-data: "test. IN TXT localdata" + + ip-ratelimit: 1 + ip-ratelimit-cookie: 0 + ip-ratelimit-factor: 0 + ip-ratelimit-backoff: yes + answer-cookie: yes + access-control: 127.0.0.0/8 allow_cookie + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" diff --git a/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc b/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc new file mode 100644 index 000000000000..a6f6192360cd --- /dev/null +++ b/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc @@ -0,0 +1,16 @@ +BaseName: ip_ratelimit +Version: 1.0 +Description: Test IP source ratelimit. +CreationDate: Tue Aug 8 00:00:00 CET 2023 +Maintainer: Yorgos Thessalonikefs +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: ip_ratelimit.pre +Post: ip_ratelimit.post +Test: ip_ratelimit.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/ip_ratelimit.tdir/ip_ratelimit.post b/testdata/ip_ratelimit.tdir/ip_ratelimit.post new file mode 100644 index 000000000000..1f86d008587d --- /dev/null +++ b/testdata/ip_ratelimit.tdir/ip_ratelimit.post @@ -0,0 +1,13 @@ +# #-- ip_ratelimit.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $UNBOUND_PID +if test -f unbound.log; then + echo ">>> unbound log" + cat unbound.log +fi diff --git a/testdata/ip_ratelimit.tdir/ip_ratelimit.pre b/testdata/ip_ratelimit.tdir/ip_ratelimit.pre new file mode 100644 index 000000000000..c4589a0ea4fe --- /dev/null +++ b/testdata/ip_ratelimit.tdir/ip_ratelimit.pre @@ -0,0 +1,24 @@ +# #-- ip_ratelimit.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +CONTROL_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < ip_ratelimit.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +wait_unbound_up unbound.log + +cat .tpkg.var.test diff --git a/testdata/ip_ratelimit.tdir/ip_ratelimit.test b/testdata/ip_ratelimit.tdir/ip_ratelimit.test new file mode 100644 index 000000000000..f58b7edcbe2a --- /dev/null +++ b/testdata/ip_ratelimit.tdir/ip_ratelimit.test @@ -0,0 +1,165 @@ +# #-- ip_ratelimit.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +get_make +(cd $PRE; $MAKE streamtcp) + +# These tests rely on second time precision. To combat false negatives the +# tests run multiple times and we allow 1/3 of the runs to fail. +total_runs=6 +success_threshold=4 # 2/3*total_runs + +if dig -h 2>&1 | grep "cookie" >/dev/null; then + nocookie="+nocookie" +else + nocookie="" +fi + +echo "> First get a valid cookie" +dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:0102030405060708 $nocookie +tcp +retry=0 +time=1 test. TXT >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +if test `grep "COOKIE: " outfile | wc -l` -ne 1; then + echo "Could not get cookie" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +cookie=`grep "COOKIE: " outfile | cut -d ' ' -f 3` + +successes=0 +echo "> Three parallel queries with backoff and cookie" +# For this test we send three parallel queries. The ratelimit should be reached +# for that second. We send a query to verify that there is no reply. +# Then for the next second we again send three parallel queries and we expect +# none of them to be allowed through because of the backoff logic that keeps +# rolling the RATE_WINDOW based on demand. +# Again we send another query but with a valid cookie and we expect to receive +# an answer. +for i in $(seq 1 $total_runs); do + # Try to hit limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect no answer because of limit + dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -eq 0; then + continue + fi + # Try to keep limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect answer because of DNS cookie + dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -ne 0; then + continue + fi + ((successes++)) + # We don't have to wait for all the runs to complete if we know + # we passed the threshold. + if test $successes -ge $success_threshold; then + break + fi +done + +if test $successes -ge $success_threshold; then + echo "Three parallel queries with backoff and cookie OK" +else + echo "Three parallel queries with backoff and cookie NOT OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Three parallel queries with backoff and cookie NOT OK" + exit 1 +fi + +echo "> Activating ip-ratelimit-cookie" +echo "$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1" +$PRE/unbound-control -c ub.conf set_option ip-ratelimit-cookie: 1 +if test $? -ne 0; then + echo "wrong exit value after success" + exit 1 +fi + +successes=0 +echo "> Three parallel queries with backoff and cookie with ip-ratelimit-cookie" +# This is the exact same test as above with the exception that we don't expect +# an answer on the last query because ip-ratelimit-cookie is now enabled. +for i in $(seq 1 $total_runs); do + # Try to hit limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect no answer because of limit + dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -eq 0; then + continue + fi + # Try to keep limit + $PRE/streamtcp -nu -f 127.0.0.1@$UNBOUND_PORT test. TXT IN test. TXT IN test. TXT IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi + # Expect no answer because of ip-ratelimit-cookie + dig @127.0.0.1 -p $UNBOUND_PORT +ednsopt=10:$cookie $nocookie +retry=0 +time=1 test. TXT >outfile 2>&1 + if test "$?" -eq 0; then + continue + fi + ((successes++)) + # We don't have to wait for all the runs to complete if we know + # we passed the threshold. + if test $successes -ge $success_threshold; then + break + fi +done + +if test $successes -ge $success_threshold; then + echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie OK" +else + echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Three parallel queries with backoff and cookie with ip-ratelimit-cookie NOT OK" + exit 1 +fi + +exit 0 diff --git a/testdata/ip_ratelimit.tdir/unbound_control.key b/testdata/ip_ratelimit.tdir/unbound_control.key new file mode 100644 index 000000000000..753a4ef6162e --- /dev/null +++ b/testdata/ip_ratelimit.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/ip_ratelimit.tdir/unbound_control.pem b/testdata/ip_ratelimit.tdir/unbound_control.pem new file mode 100644 index 000000000000..a1edf7017f1d --- /dev/null +++ b/testdata/ip_ratelimit.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/ip_ratelimit.tdir/unbound_server.key b/testdata/ip_ratelimit.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/ip_ratelimit.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/ip_ratelimit.tdir/unbound_server.pem b/testdata/ip_ratelimit.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/ip_ratelimit.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/iter_cname_minimise_nx.rpl b/testdata/iter_cname_minimise_nx.rpl new file mode 100644 index 000000000000..080055208daf --- /dev/null +++ b/testdata/iter_cname_minimise_nx.rpl @@ -0,0 +1,246 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: yes + module-config: "validator iterator" + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test cname chain resolution of nxdomain with qname minimisation. +; the qtype CNAME lookup has NXDOMAIN. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AAZrcta3WCyz0iq2p78gmcPpXbmXPP9nQXM/czH1R9ilCaEoV8E27UU= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN CNAME +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN CNAME +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +c.example.com. IN CNAME +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +ENTRY_END + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +c.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +c.example.com. IN A +SECTION ANSWER +c.example.com. 10 IN CNAME www.example.com. +c.example.com. 10 IN RRSIG CNAME 3 3 10 20070926134150 20070829134150 2854 example.com. ABT7twnK5qkCBKnaOHxFthUOK+3rBge1wEMItoFPdf16OoVdfccYU2U= +SECTION AUTHORITY +example.com. 300 IN SOA a. b. 1 2 3 4 300 +example.com. 300 IN RRSIG SOA 3 2 300 20070926134150 20070829134150 2854 example.com. AFPx1ZhcHixnxfB90ha4zgp7A+EdM8L63tUnVdlI5B14NiRIXONPDB4= +v.example.com. IN NSEC x.example.com. A AAAA RRSIG NSEC +v.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AFT0Ao01lUN8Ppa9QPayQIN9ZtNIj4TzyhUQV31+FhNRK5uSQhiVwMc= +example.com. 3600 IN NSEC abc.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. ABEOu6iietfjKY1MS0TutZZxUtRYA6XKsC1rMTrenwBF2darY3/Emco= +ENTRY_END +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_dnsseclame_bug.rpl b/testdata/iter_dnsseclame_bug.rpl index cb17bbf330ad..c5fd13244f58 100644 --- a/testdata/iter_dnsseclame_bug.rpl +++ b/testdata/iter_dnsseclame_bug.rpl @@ -117,6 +117,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -126,6 +128,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; no example.net delegation answers yet. @@ -156,6 +160,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -165,6 +171,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -287,6 +295,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -321,6 +331,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; fine DNSKEY response. @@ -417,6 +429,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; response to query of interest diff --git a/testdata/iter_dnsseclame_ds.rpl b/testdata/iter_dnsseclame_ds.rpl index 78a11cc072c9..6b2bf653fca4 100644 --- a/testdata/iter_dnsseclame_ds.rpl +++ b/testdata/iter_dnsseclame_ds.rpl @@ -116,6 +116,8 @@ REPLY QR AA NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -125,6 +127,8 @@ REPLY QR AA NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -245,6 +249,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +sub.example.com. 3600 IN RRSIG SOA 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. o6B6mzZ2pzXRE9qBagNw+U5kZOCViyuYRObCJTMsEQn8kNzSIxOhuqjBoo0ifKmxvUmCxaNtsWaG4eDC+vCBdQ== ENTRY_END RANGE_END @@ -279,6 +286,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; fine DNSKEY response. @@ -375,6 +384,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.sub.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; response to query of interest diff --git a/testdata/iter_dnsseclame_ta.rpl b/testdata/iter_dnsseclame_ta.rpl index 5799a1146787..ce4414dda3ce 100644 --- a/testdata/iter_dnsseclame_ta.rpl +++ b/testdata/iter_dnsseclame_ta.rpl @@ -119,6 +119,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -128,6 +130,8 @@ REPLY QR NOERROR SECTION QUESTION e.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -239,6 +243,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END RANGE_END @@ -261,6 +268,8 @@ ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; lame DNSKEY response. diff --git a/testdata/iter_donotq127.rpl b/testdata/iter_donotq127.rpl index 3668d7b6fa10..4b22222d286a 100644 --- a/testdata/iter_donotq127.rpl +++ b/testdata/iter_donotq127.rpl @@ -35,6 +35,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_emptydp.rpl b/testdata/iter_emptydp.rpl index 82ddccfade66..ecb49b6cd0fa 100644 --- a/testdata/iter_emptydp.rpl +++ b/testdata/iter_emptydp.rpl @@ -108,6 +108,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -156,6 +158,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -180,7 +184,9 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER -; bogus +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END ; response to DNSKEY priming query @@ -261,6 +267,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_emptydp_for_glue.rpl b/testdata/iter_emptydp_for_glue.rpl index 68fad6f15c6c..94dec2bc5e06 100644 --- a/testdata/iter_emptydp_for_glue.rpl +++ b/testdata/iter_emptydp_for_glue.rpl @@ -135,6 +135,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -211,6 +213,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.org. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.net. zone @@ -244,6 +248,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -268,7 +274,9 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER -; bogus message. +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= ENTRY_END ; response to DNSKEY priming query @@ -343,6 +351,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.org. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.net. zone @@ -376,6 +386,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -471,6 +483,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END @@ -490,6 +503,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_failreply.rpl b/testdata/iter_failreply.rpl new file mode 100644 index 000000000000..393714196d89 --- /dev/null +++ b/testdata/iter_failreply.rpl @@ -0,0 +1,132 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + log-servfail: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test iterator fail_reply report + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. IN AAAA ::1 +ns2.example.net. IN AAAA ::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example.net. IN A +SECTION ANSWER +ns2.example.net. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example.net. IN AAAA +SECTION ANSWER +ns2.example.net. IN AAAA ::1 +ENTRY_END + +RANGE_END + +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 21 TIMEOUT +STEP 22 TIMEOUT +STEP 23 TIMEOUT +STEP 24 TIMEOUT +STEP 25 TIMEOUT + +STEP 31 TIMEOUT +STEP 32 TIMEOUT +STEP 33 TIMEOUT +STEP 34 TIMEOUT + +; recursion happens here. +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_ignore_empty.rpl b/testdata/iter_ignore_empty.rpl new file mode 100644 index 000000000000..c70dd7e8df7b --- /dev/null +++ b/testdata/iter_ignore_empty.rpl @@ -0,0 +1,198 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test ignore of an empty response. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION AUTHORITY +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN SOA ns root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns2.example2.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example2.com. IN NS +SECTION ANSWER +example2.com. IN NS ns2.example2.com. +SECTION ADDITIONAL +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN A +SECTION ANSWER +ns2.example2.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns2.example2.com. IN AAAA +SECTION AUTHORITY +example2.com. IN SOA ns2 root 4 14400 3600 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +; wait for pending nameserver lookups. +STEP 20 TRAFFIC + +SCENARIO_END diff --git a/testdata/iter_lame_aaaa.rpl b/testdata/iter_lame_aaaa.rpl index 8afef770ff6b..cef471305c30 100644 --- a/testdata/iter_lame_aaaa.rpl +++ b/testdata/iter_lame_aaaa.rpl @@ -76,6 +76,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -85,6 +87,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN A SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_lamescrub.rpl b/testdata/iter_lamescrub.rpl index 2de13a6551f3..0ac19d7f8853 100644 --- a/testdata/iter_lamescrub.rpl +++ b/testdata/iter_lamescrub.rpl @@ -42,6 +42,8 @@ REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_nat64.rpl b/testdata/iter_nat64.rpl new file mode 100644 index 000000000000..dde0a25596c1 --- /dev/null +++ b/testdata/iter_nat64.rpl @@ -0,0 +1,117 @@ +; config options +server: + do-nat64: yes + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport for a v4-only server. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 64:ff9b::c000:0201 + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_nat64_prefix.rpl b/testdata/iter_nat64_prefix.rpl new file mode 100644 index 000000000000..ecb6508dcf55 --- /dev/null +++ b/testdata/iter_nat64_prefix.rpl @@ -0,0 +1,119 @@ +; config options +server: + do-nat64: yes + nat64-prefix: 2001:db8:1234::/96 + target-fetch-policy: "0 0 0 0 0" + do-ip4: no + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport for a v4-only server, custom NAT64 prefix. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8:1234::c000:0201 + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_nat64_prefix48.rpl b/testdata/iter_nat64_prefix48.rpl new file mode 100644 index 000000000000..e7c32e8ffc6a --- /dev/null +++ b/testdata/iter_nat64_prefix48.rpl @@ -0,0 +1,118 @@ +; config options +server: + do-nat64: yes + nat64-prefix: 2001:db8:2345::/48 + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 2001:db8::1 +CONFIG_END + +SCENARIO_BEGIN Test NAT64 transport, this time with /48 NAT64 prefix. + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8::1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS FAKE.ROOT. +SECTION ADDITIONAL +FAKE.ROOT. IN AAAA 2001:db8::1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +; replies from NS over "NAT64" + +RANGE_BEGIN 0 100 + ADDRESS 2001:db8:2345:c000:0002:0100:: + +; A over NAT64 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN A +SECTION ANSWER +ns.v4only. IN A 192.0.2.1 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +ENTRY_END + +; no AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +ns.v4only. IN AAAA +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +v4only. IN NS +SECTION ANSWER +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +SECTION AUTHORITY +v4only. IN NS ns.v4only. +SECTION ADDITIONAL +ns.v4only. IN A 192.0.2.1 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +test.v4only. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +test.v4only. IN A +SECTION ANSWER +test.v4only. IN A 192.0.2.2 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_nxns_cached.rpl b/testdata/iter_nxns_cached.rpl index 7671df6636cc..6cb8866edcbd 100644 --- a/testdata/iter_nxns_cached.rpl +++ b/testdata/iter_nxns_cached.rpl @@ -152,6 +152,8 @@ RANGE_BEGIN 31 100 REPLY QR NOERROR SECTION QUESTION nameservers.com. IN A + SECTION AUTHORITY + nameservers.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END diff --git a/testdata/iter_nxns_fallback.rpl b/testdata/iter_nxns_fallback.rpl index 324068604be0..2a6a3fd33b75 100644 --- a/testdata/iter_nxns_fallback.rpl +++ b/testdata/iter_nxns_fallback.rpl @@ -137,6 +137,8 @@ RANGE_BEGIN 0 100 REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_primenoglue.rpl b/testdata/iter_primenoglue.rpl index a0be71c78cb6..b9808dd2c7df 100644 --- a/testdata/iter_primenoglue.rpl +++ b/testdata/iter_primenoglue.rpl @@ -115,29 +115,22 @@ a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -A.ROOT-SERVERS.NET. IN AAAA -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN MATCH opcode qname ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN -MATCH opcode qname +MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION -K.ROOT-SERVERS.NET. IN A +ROOT-SERVERS.NET. IN A SECTION AUTHORITY ROOT-SERVERS.NET. IN NS A.ROOT-SERVERS.NET. SECTION ADDITIONAL @@ -149,15 +142,6 @@ MATCH opcode qname ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION -K.ROOT-SERVERS.NET. IN AAAA -SECTION ANSWER -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION ns.example.net. IN A SECTION AUTHORITY example.net. NS ns.example.net. @@ -213,6 +197,7 @@ K.ROOT-SERVERS.NET. IN A SECTION ANSWER K.ROOT-SERVERS.NET. IN A 193.0.14.129 ENTRY_END + ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -222,6 +207,8 @@ K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER ; no ip6 address: we want to use only one address for K. to avoid having ; to duplicate the entries in this file for both addresses. +SECTION AUTHORITY +root-servers.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -258,6 +245,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; example.com. zone @@ -282,6 +271,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END @@ -363,6 +354,7 @@ SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END @@ -381,6 +373,7 @@ SECTION QUESTION K.ROOT-SERVERS.NET. IN AAAA SECTION ANSWER SECTION AUTHORITY +root-servers.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_privaddr.rpl b/testdata/iter_privaddr.rpl index 93a2a147d1eb..0c87b4b9aaa2 100644 --- a/testdata/iter_privaddr.rpl +++ b/testdata/iter_privaddr.rpl @@ -122,6 +122,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_ranoaa_lame.rpl b/testdata/iter_ranoaa_lame.rpl index 0e6d9877858e..8ee82415abc1 100644 --- a/testdata/iter_ranoaa_lame.rpl +++ b/testdata/iter_ranoaa_lame.rpl @@ -198,6 +198,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -235,6 +237,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -243,6 +247,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ; the lame response. diff --git a/testdata/iter_reclame_two.rpl b/testdata/iter_reclame_two.rpl index 459dcb17f401..76c310b28efd 100644 --- a/testdata/iter_reclame_two.rpl +++ b/testdata/iter_reclame_two.rpl @@ -95,6 +95,8 @@ REPLY QR RA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -104,6 +106,8 @@ REPLY QR RA NOERROR SECTION QUESTION lame.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/iter_scrub_ns.rpl b/testdata/iter_scrub_ns.rpl index 365f0b54ec31..64f980dcd03d 100644 --- a/testdata/iter_scrub_ns.rpl +++ b/testdata/iter_scrub_ns.rpl @@ -39,6 +39,7 @@ REPLY QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -78,6 +79,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_scrub_ns_fwd.rpl b/testdata/iter_scrub_ns_fwd.rpl index 239dc37f9752..f7a526c46fff 100644 --- a/testdata/iter_scrub_ns_fwd.rpl +++ b/testdata/iter_scrub_ns_fwd.rpl @@ -39,6 +39,7 @@ REPLY RD RA QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -78,6 +79,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_scrub_ns_side.rpl b/testdata/iter_scrub_ns_side.rpl index 98d00fd92502..44620ebd1ffb 100644 --- a/testdata/iter_scrub_ns_side.rpl +++ b/testdata/iter_scrub_ns_side.rpl @@ -39,6 +39,7 @@ REPLY QR NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 ; must be scrubbed www.burritolovers.com. IN A 10.20.30.40 SECTION AUTHORITY @@ -54,6 +55,7 @@ REPLY QR NOERROR SECTION QUESTION mail.example.com. IN A SECTION ANSWER +mail.example.com. IN A 1.2.3.11 SECTION AUTHORITY ; not pertinent to the query www.example.com. IN NS ns.example.com. @@ -78,6 +80,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER +www.example.com. IN A 1.2.3.4 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END @@ -96,6 +99,7 @@ REPLY QR RD RA NOERROR SECTION QUESTION mail.example.com. IN A SECTION ANSWER +mail.example.com. IN A 1.2.3.11 SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/iter_stublastresort.rpl b/testdata/iter_stublastresort.rpl index b60778910a04..8fac79905aa2 100644 --- a/testdata/iter_stublastresort.rpl +++ b/testdata/iter_stublastresort.rpl @@ -105,6 +105,8 @@ REPLY QR NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -156,6 +158,8 @@ REPLY QR AA SERVFAIL SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN @@ -204,6 +208,8 @@ REPLY QR AA SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END ENTRY_BEGIN diff --git a/testdata/nsid_bogus.rpl b/testdata/nsid_bogus.rpl index 7e92266cfa49..9a80e1d7503b 100644 --- a/testdata/nsid_bogus.rpl +++ b/testdata/nsid_bogus.rpl @@ -10,6 +10,7 @@ server: minimal-responses: no nsid: "ascii_hopsa kidee" ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -117,6 +118,9 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 1440 0 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AC23LvSspto6Zqctz05urK/2OKTnB+7nppMKInYkyjZbZotq2wjJA9s= SECTION ADDITIONAL ENTRY_END @@ -172,4 +176,33 @@ SECTION ADDITIONAL HEX_EDNSDATA_END ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 0b ; Length 11 + 68 6F 70 73 61 20 ; "hopsa " + 6B 69 64 65 65 ; "kidee" + HEX_EDNSDATA_END +ENTRY_END + SCENARIO_END diff --git a/testdata/ratelimit.tdir/ratelimit.testns b/testdata/ratelimit.tdir/ratelimit.testns index 673bd15a598b..563c1db6a1f2 100644 --- a/testdata/ratelimit.tdir/ratelimit.testns +++ b/testdata/ratelimit.tdir/ratelimit.testns @@ -10,4 +10,6 @@ SECTION QUESTION wild IN A SECTION ANSWER wild IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. ENTRY_END diff --git a/testdata/root_key_sentinel.rpl b/testdata/root_key_sentinel.rpl index 39bd9685c293..e368bc52185e 100644 --- a/testdata/root_key_sentinel.rpl +++ b/testdata/root_key_sentinel.rpl @@ -5,6 +5,7 @@ server: target-fetch-policy: "0 0 0 0 0" trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -145,6 +146,22 @@ SECTION QUESTION root-key-sentinel-not-ta-19036. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 23 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +root-key-sentinel-not-ta-19036. IN A +ENTRY_END + +STEP 24 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +root-key-sentinel-not-ta-19036. IN A +ENTRY_END + STEP 30 QUERY ENTRY_BEGIN REPLY RD DO @@ -161,6 +178,22 @@ SECTION QUESTION root-key-sentinel-is-ta-20326. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 34 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +root-key-sentinel-is-ta-20326. IN A +ENTRY_END + +STEP 35 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +root-key-sentinel-is-ta-20326. IN A +ENTRY_END + STEP 40 QUERY ENTRY_BEGIN REPLY RD DO diff --git a/testdata/rpz_ixfr.rpl b/testdata/rpz_ixfr.rpl index ca2b6233562f..3566631571a3 100644 --- a/testdata/rpz_ixfr.rpl +++ b/testdata/rpz_ixfr.rpl @@ -4,6 +4,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: no rrset-roundrobin: no + access-control: 192.0.0.0/8 allow rpz: name: "rpz.example.com." @@ -22,6 +23,11 @@ d.rpz.example.com. IN CNAME . 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 32.4.123.0.10.rpz-ip.rpz.example.com. CNAME . +; also test client-ip, and remove it later with an IXFR. +24.0.5.0.192.rpz-client-ip A 127.0.0.5 +24.0.6.0.192.rpz-client-ip CNAME *. +32.41.30.20.10.rpz-nsip A 127.0.0.1 +ns.gotham.com.rpz-nsdname A 127.0.0.1 TEMPFILE_END stub-zone: @@ -100,6 +106,42 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qname qtype ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 10.0.123.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION ANSWER +SECTION AUTHORITY +foo.com. 10 IN NS ns.foo.com. +SECTION ADDITIONAL +ns.foo.com. 10 IN A 10.20.30.41 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +gotham.com. IN NS +SECTION ANSWER +SECTION AUTHORITY +gotham.com. 10 IN NS ns.gotham.com. +SECTION ADDITIONAL +ns.gotham.com. 10 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id REPLY QR AA NOERROR SECTION QUESTION rpz.example.com. IN SOA @@ -124,6 +166,10 @@ d.rpz.example.com. IN CNAME . 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 32.4.123.0.10.rpz-ip.rpz.example.com. CNAME . +24.0.5.0.192.rpz-client-ip.rpz.example.com. A 127.0.0.5 +24.0.6.0.192.rpz-client-ip.rpz.example.com. CNAME *. +32.41.30.20.10.rpz-nsip.rpz.example.com. A 127.0.0.1 +ns.gotham.com.rpz-nsdname.rpz.example.com. A 127.0.0.1 rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 b.rpz.example.com. TXT "hello from RPZ" c.rpz.example.com. TXT "hello from RPZ" @@ -136,6 +182,78 @@ ENTRY_END RANGE_END +; ns.foo.com +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.41 +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.foo.com. IN A +SECTION ANSWER +ns.foo.com. 10 IN A 10.20.30.41 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.foo.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +foo.com. 10 IN SOA ns.foo.com. root.foo.com. 1 2 3 4 10 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +www.foo.com. 10 IN A 10.20.30.42 +ENTRY_END + +RANGE_END + +; ns.gotham.com +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.42 +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.gotham.com. IN A +SECTION ANSWER +ns.gotham.com. 10 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +ns.gotham.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +gotham.com. 10 IN SOA ns.gotham.com. root.gotham.com. 1 2 3 4 10 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR AA +SECTION QUESTION +www.gotham.com. IN A +SECTION ANSWER +www.gotham.com. 10 IN A 10.20.30.43 +ENTRY_END + +RANGE_END + STEP 1 QUERY ENTRY_BEGIN REPLY RD @@ -244,7 +362,6 @@ SECTION QUESTION d.rpz-ip. IN A ENTRY_END - STEP 15 CHECK_ANSWER ENTRY_BEGIN MATCH all @@ -253,7 +370,74 @@ SECTION QUESTION d.rpz-ip. IN A ENTRY_END -STEP 16 TIME_PASSES ELAPSE 1 +STEP 16 QUERY ADDRESS 192.0.5.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 17 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 127.0.0.5 +ENTRY_END + +STEP 18 QUERY ADDRESS 192.0.6.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 19 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.foo.com. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +www.foo.com. IN A 127.0.0.1 +ENTRY_END + +STEP 22 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.com. IN A +ENTRY_END + +STEP 23 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham.com. IN A +SECTION ANSWER +www.gotham.com. IN A 127.0.0.1 +ENTRY_END + +STEP 24 TIME_PASSES ELAPSE 1 STEP 30 TIME_PASSES ELAPSE 3600 STEP 40 TRAFFIC @@ -376,4 +560,72 @@ SECTION ANSWER d.rpz-ip. IN A 10.0.123.4 ENTRY_END +STEP 64 QUERY ADDRESS 192.0.5.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 65 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 10.0.123.5 +ENTRY_END + +STEP 66 QUERY ADDRESS 192.0.6.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.a. IN A +ENTRY_END + +STEP 67 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +a.a. IN A +SECTION ANSWER +a.a. IN A 10.0.123.5 +ENTRY_END + +STEP 68 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.foo.com. IN A +ENTRY_END + +STEP 69 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.foo.com. IN A +SECTION ANSWER +www.foo.com. 10 IN A 10.20.30.42 +ENTRY_END + +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.com. IN A +ENTRY_END + +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham.com. IN A +SECTION ANSWER +www.gotham.com. 10 IN A 10.20.30.43 +ENTRY_END + SCENARIO_END diff --git a/testdata/rpz_respip.rpl b/testdata/rpz_respip.rpl index 894a7cc5fca3..795bb25c8a4c 100644 --- a/testdata/rpz_respip.rpl +++ b/testdata/rpz_respip.rpl @@ -458,14 +458,29 @@ e. IN AAAA ENTRY_END STEP 29 TIME_PASSES ELAPSE 12 +; should be dropped, with cache entry too. STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION +e. IN A +ENTRY_END +STEP 31 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +e. IN AAAA +ENTRY_END +STEP 32 TIME_PASSES ELAPSE 12 + +STEP 33 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION y. IN A ENTRY_END -STEP 31 CHECK_ANSWER +STEP 34 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR TC RD RA NOERROR diff --git a/testdata/serve_expired_0ttl_nodata.rpl b/testdata/serve_expired_0ttl_nodata.rpl new file mode 100644 index 000000000000..45b51444bccd --- /dev/null +++ b/testdata/serve_expired_0ttl_nodata.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NODATA; will be cached for the SOA negative TTL. +; - check that the client gets the NODATA; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the NODATA (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NODATA +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_0ttl_nxdomain.rpl b/testdata/serve_expired_0ttl_nxdomain.rpl new file mode 100644 index 000000000000..0fcde9f2ddb6 --- /dev/null +++ b/testdata/serve_expired_0ttl_nxdomain.rpl @@ -0,0 +1,154 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with NXDOMAIN followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is NXDOMAIN; will be cached for the SOA negative TTL. +; - check that the client gets the NXDOMAIN; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Wait for the NXDOMAIN to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached NXDOMAIN +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA NXDOMAIN + SECTION QUESTION + 0ttl.example.com. IN A + SECTION AUTHORITY + example.com IN SOA ns.example.com dns.example.com 1 7200 3600 2419200 10 +ENTRY_END + +; Query again +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_0ttl_servfail.rpl b/testdata/serve_expired_0ttl_servfail.rpl new file mode 100644 index 000000000000..aad7aa8c984f --- /dev/null +++ b/testdata/serve_expired_0ttl_servfail.rpl @@ -0,0 +1,129 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with SERVFAIL followed by 0 TTL +; Scenario overview: +; - query for 0ttl.example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - this time the server answers with a 0 TTL RRset +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 32 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + 0ttl.example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + 0ttl.example.com. IN A + SECTION ANSWER + 0ttl.example.com. 0 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_expired_cached_servfail_refresh.rpl b/testdata/serve_expired_cached_servfail_refresh.rpl new file mode 100644 index 000000000000..664de9aa8732 --- /dev/null +++ b/testdata/serve_expired_cached_servfail_refresh.rpl @@ -0,0 +1,145 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 123 + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply +; Scenario overview: +; - query for example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - cached SERVFAIL should be ignored and upstream queried +; - answer from upstream is still SERVFAIL; the cached error response will be +; refreshed for another NORR_TTL(5) +; - check that the client gets the SERVFAIL +; - query again; the upstream now has the answer available +; - check that we get the refreshed cached response instead + +; ns.example.com. +RANGE_BEGIN 0 50 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 60 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 6 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be refreshed) +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again, upstream has the real answer available +STEP 60 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the refreshed cached SERVFAIL +STEP 70 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +SCENARIO_END diff --git a/testdata/speed_local.tdir/speed_local.test b/testdata/speed_local.tdir/speed_local.test index 684b3c52251b..6ad1ba737355 100644 --- a/testdata/speed_local.tdir/speed_local.test +++ b/testdata/speed_local.tdir/speed_local.test @@ -9,8 +9,11 @@ PRE="../.." get_make (cd $PRE; $MAKE perf) +# seconds per test +dur=1 + echo "> perf version.server" -$PRE/perf -d 1 -a "version.server CH TXT -" 127.0.0.1@$UNBOUND_PORT 2>&1 | +$PRE/perf -d $dur -a "version.server CH TXT -" 127.0.0.1@$UNBOUND_PORT 2>&1 | tee outfile echo -n "version-server " > line.txt @@ -25,7 +28,7 @@ fi echo "> perf localhost" -$PRE/perf -d 1 -a "localhost IN A -" 127.0.0.1@$UNBOUND_PORT 2>&1 | +$PRE/perf -d $dur -a "localhost IN A -" 127.0.0.1@$UNBOUND_PORT 2>&1 | tee outfile echo -n "localhost-addr " >> line.txt diff --git a/testdata/stat_values.tdir/stat_values.pre b/testdata/stat_values.tdir/stat_values.pre index 2db4a17e0096..7b6eefdfaa49 100644 --- a/testdata/stat_values.tdir/stat_values.pre +++ b/testdata/stat_values.tdir/stat_values.pre @@ -5,6 +5,13 @@ [ -f .tpkg.var.test ] && source .tpkg.var.test . ../common.sh + +PRE="../.." +if grep "define USE_CACHEDB 1" $PRE/config.h; then + USE_CACHEDB=1 + echo "USE_CACHEDB=1" >> .tpkg.var.test +fi + get_random_port 4 UNBOUND_PORT=$RND_PORT FWD_PORT=$(($RND_PORT + 1)) @@ -29,8 +36,9 @@ echo "FWD_EXPIRED_PID=$FWD_EXPIRED_PID" >> .tpkg.var.test # make config file sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values.conf > ub.conf +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values_cachedb.conf > ub_cachedb.conf +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values_downstream_cookies.conf > ub_downstream_cookies.conf # start unbound in the background -PRE="../.." $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test diff --git a/testdata/stat_values.tdir/stat_values.test b/testdata/stat_values.tdir/stat_values.test index ef86a0471d60..22d55f1f0d31 100644 --- a/testdata/stat_values.tdir/stat_values.test +++ b/testdata/stat_values.tdir/stat_values.test @@ -52,6 +52,12 @@ REST_STATS_FILE=rest_stats.$$ DEBUG=0 +if dig -h 2>&1 | grep "cookie" >/dev/null; then + nocookie="+nocookie" +else + nocookie="" +fi + # Write stats to $STATS_FILE. # Call this when you want to get stats from unbound. get_stats () { @@ -95,7 +101,7 @@ check_expected_stats () { else echo "! bad expected stats:" cat $FILTERED_STATS_FILE - exit 1 + end 1 fi } @@ -109,7 +115,7 @@ check_rest_stats () { fi if grep -v "=0$" $REST_STATS_FILE; then echo "! bad rest stats" - exit 1 + end 1 else echo "OK" fi @@ -414,4 +420,195 @@ rrset.cache.count=3 infra.cache.count=2" +# Bring the downstream DNS Cookies configured Unbound up +kill_pid $UNBOUND_PID # kill current Unbound +echo "" +cat unbound.log +echo "" +$PRE/unbound -d -c ub_downstream_cookies.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +echo +echo "[ Get a DNS Cookie. ]" +echo "> dig www.local.zone +tcp $nocookie +ednsopt=10:0102030405060708" +dig @127.0.0.1 -p $UNBOUND_PORT +tcp $nocookie +ednsopt=10:0102030405060708 +retry=0 +time=1 www.local.zone. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +# Save valid cookie +valid_cookie=`grep "COOKIE: " outfile | cut -d ' ' -f 3` +invalid_cookie=`echo $valid_cookie | tr '0' '4'` +check_stats "\ +total.num.queries=1 +total.num.queries_cookie_client=1 +total.num.cachehits=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.query.tcp=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Present the valid DNS Cookie. ]" +echo "> dig www.local.zone $nocookie +ednsopt=10:valid_cookie" +dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +ednsopt=10:$valid_cookie +retry=0 +time=1 www.local.zone. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.queries_cookie_valid=1 +total.num.cachehits=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Present an invalid DNS Cookie. ]" +echo "> dig www.local.zone $nocookie +ednsopt=10:invalid_cookie" +dig @127.0.0.1 -p $UNBOUND_PORT $nocookie +ednsopt=10:$invalid_cookie +retry=0 +time=1 www.local.zone. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + end 1 +else + echo "OK" +fi +# A lot of stats are missing since BADCOOKIE error response is before +# those stat calculations. +# BADCOOKIE is an extended error code; we record YXRRSET below. +check_stats "\ +total.num.queries=1 +total.num.queries_cookie_invalid=1 +total.num.cachehits=1 +num.answer.rcode.YXRRSET=1" + +echo +echo "[ Present no DNS Cookie. ]" +echo "> dig www.local.zone +ignore" +dig @127.0.0.1 -p $UNBOUND_PORT +ignore $nocookie +retry=0 +time=1 www.local.zone. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + end 1 +else + echo "OK" +fi +# A lot of stats are missing since REFUSED error response because of no DNS +# Cookie is before those stat calculations. +check_stats "\ +total.num.queries=1 +total.num.cachehits=1 +num.answer.rcode.REFUSED=1" + +if test x$USE_CACHEDB = "x1"; then + +# Bring the cachedb configured Unbound up +kill_pid $UNBOUND_PID # kill current Unbound +echo "" +cat unbound.log +echo "" +$PRE/unbound -d -c ub_cachedb.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +echo +echo "[ Check cachedb cache miss. ]" +echo "> dig www.example.com." +dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.cachehits=0 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.query.udpout=1 +num.query.cachedb=0 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Check cachedb cache hit. ]" +echo "> dig www.example.com." +dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.cachehits=0 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.query.udpout=0 +num.query.cachedb=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Check cachedb cache hit with stat reset ]" +echo "> dig www.example.com." +dig @127.0.0.1 +ednsopt=65534 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.cachehits=0 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +num.query.cachedb=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +fi # USE_CACHEDB + end 0 diff --git a/testdata/stat_values.tdir/stat_values.testns b/testdata/stat_values.tdir/stat_values.testns index 6691b01998ad..12df8a93905a 100644 --- a/testdata/stat_values.tdir/stat_values.testns +++ b/testdata/stat_values.tdir/stat_values.testns @@ -21,3 +21,13 @@ SECTION QUESTION SECTION ANSWER 1ttl 1 IN A 1.1.1.1 ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +0ttl IN A +SECTION ANSWER +0ttl 0 IN A 0.0.0.1 +ENTRY_END diff --git a/testdata/stat_values.tdir/stat_values_cachedb.conf b/testdata/stat_values.tdir/stat_values_cachedb.conf new file mode 100644 index 000000000000..b5e9b0e02932 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values_cachedb.conf @@ -0,0 +1,36 @@ +server: + verbosity: 5 + module-config: "cachedb iterator" + serve-expired: yes + num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + extended-statistics: yes + identity: "stat_values" + outbound-msg-retry: 0 + root-key-sentinel: no + trust-anchor-signaling: no + + local-zone: local.zone static + local-data: "www.local.zone A 192.0.2.1" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +forward-zone: + name: "expired." + forward-addr: "127.0.0.1@@EXPIREDPORT@" diff --git a/testdata/stat_values.tdir/stat_values_downstream_cookies.conf b/testdata/stat_values.tdir/stat_values_downstream_cookies.conf new file mode 100644 index 000000000000..21e78829fc8e --- /dev/null +++ b/testdata/stat_values.tdir/stat_values_downstream_cookies.conf @@ -0,0 +1,32 @@ +server: + verbosity: 5 + module-config: "iterator" + num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + extended-statistics: yes + identity: "stat_values" + outbound-msg-retry: 0 + root-key-sentinel: no + trust-anchor-signaling: no + + local-zone: local.zone static + local-data: "www.local.zone A 192.0.2.1" + + answer-cookie: yes + access-control: 127.0.0.1 allow_cookie + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" diff --git a/testdata/stream_ssl.tdir/stream_ssl.serv.conf b/testdata/stream_ssl.tdir/stream_ssl.serv.conf index a5dfcf364ec3..840334f1edb8 100644 --- a/testdata/stream_ssl.tdir/stream_ssl.serv.conf +++ b/testdata/stream_ssl.tdir/stream_ssl.serv.conf @@ -9,9 +9,15 @@ server: chroot: "" username: "" do-not-query-localhost: yes + local-zone: "example.com" static + local-zone: "server" static + local-zone: "host" static local-data: "www.example.com. IN A 10.20.30.40" local-data: "unbound.server. IN A 127.0.0.1" local-data: "test.host. IN A 1.2.3.4" + local-data: "example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600" + local-data: "server. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600" + local-data: "host. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600" ssl-port: @SERVPORT@ ssl-service-key: "unbound_server.key" ssl-service-pem: "unbound_server.pem" diff --git a/testdata/subnet_cached_ede.crpl b/testdata/subnet_cached_ede.crpl new file mode 100644 index 000000000000..36bb28fcc180 --- /dev/null +++ b/testdata/subnet_cached_ede.crpl @@ -0,0 +1,114 @@ +; Ask the same question twice. Check to see second is answered +; from cache + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + qname-minimisation: no + minimal-responses: no + ede: yes + val-log-level: 2 + trust-anchor: "example.nl. DS 50602 8 2 FA8EE175C47325F4BD46D8A4083C3EBEB11C977D689069F2B41F1A29B22446B1" + +stub-zone: + name: "example.nl" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test subnetcache support for caching EDEs. + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN DNSKEY +SECTION ANSWER +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.nl. IN A +SECTION ANSWER +example.nl. IN A 1.2.3.4 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; get the entry in cache. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ; 127.0.0.0/17 + HEX_EDNSDATA_END +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +; query again for the cached entry +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.nl. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ; 127.0.0.0/17 + HEX_EDNSDATA_END +ENTRY_END + +; this must be a cached answer since stub is not answering in this range +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +example.nl. IN A +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_derived.crpl b/testdata/subnet_derived.crpl index 6ff626abd7cc..7acf316fe2ec 100644 --- a/testdata/subnet_derived.crpl +++ b/testdata/subnet_derived.crpl @@ -39,6 +39,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -111,6 +112,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/subnet_format_ip4.crpl b/testdata/subnet_format_ip4.crpl index cd1c858fd636..1370caee7da4 100644 --- a/testdata/subnet_format_ip4.crpl +++ b/testdata/subnet_format_ip4.crpl @@ -38,6 +38,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -108,6 +109,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/subnet_global_prefetch.crpl b/testdata/subnet_global_prefetch.crpl new file mode 100644 index 000000000000..2f005d43b905 --- /dev/null +++ b/testdata/subnet_global_prefetch.crpl @@ -0,0 +1,236 @@ +; Check if the prefetch option works properly for messages stored in the global +; cache for non-ECS clients. The prefetch query needs to result in an ECS +; outgoing query based on the client's IP. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + prefetch: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache (because no ECS from upstream) +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Try to trigger a prefetch +STEP 3 TIME_PASSES ELAPSE 9 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the global cache and a prefetch was triggered. +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 1 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3591 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3591 IN A 1.2.3.4 +ENTRY_END + +; Allow time to pass so that the global cache record is expired. +STEP 13 TIME_PASSES ELAPSE 2 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache. +STEP 15 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the ECS cache. +STEP 16 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3598 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3598 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_global_prefetch_always_forward.crpl b/testdata/subnet_global_prefetch_always_forward.crpl new file mode 100644 index 000000000000..ccfe5dfd6ea1 --- /dev/null +++ b/testdata/subnet_global_prefetch_always_forward.crpl @@ -0,0 +1,167 @@ +; Check if the prefetch option works properly when serve-expired is combined +; with client-subnet-always-forward for non-ECS clients. The prefetch query +; needs to result in an outgoing query without ECS. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + serve-expired: yes + client-subnet-always-forward: yes + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test serve-expired and client-subnet-always-forward without ECS in the request + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Wait for the TTL to expire +STEP 3 TIME_PASSES ELAPSE 20 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the global cache and a prefetch was triggered +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3580 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3580 IN A 1.2.3.4 +ENTRY_END + +STEP 13 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH all + REPLY NOERROR DO + SECTION QUESTION + www.example.com. IN A +ENTRY_END + +STEP 14 TRAFFIC + +SCENARIO_END diff --git a/testdata/subnet_global_prefetch_expired.crpl b/testdata/subnet_global_prefetch_expired.crpl new file mode 100644 index 000000000000..de1b780553a9 --- /dev/null +++ b/testdata/subnet_global_prefetch_expired.crpl @@ -0,0 +1,241 @@ +; Check if the prefetch option works properly for messages stored in the global +; cache for non-ECS clients. The prefetch query needs to result in an ECS +; outgoing query based on the client's IP. +; Prefetch initiated via serve-expired. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-ttl: 1 + prefetch: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled (initiated via serve-expired) + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache (because no ECS from upstream) +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Try to trigger a prefetch with expired data +STEP 3 TIME_PASSES ELAPSE 11 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This expired record came from the global cache and a prefetch is triggered. +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3589 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3589 IN A 1.2.3.4 +ENTRY_END + +;STEP 13 TRAFFIC +; Allow enough time to pass so that the expired record from the global cache +; cannot be used anymore. +STEP 14 TIME_PASSES ELAPSE 1 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache. +STEP 15 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This record came from the ECS cache. +STEP 16 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 9 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3599 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3599 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_prefetch_with_client_ecs.crpl b/testdata/subnet_global_prefetch_with_client_ecs.crpl index ddc832c475de..ddc832c475de 100644 --- a/testdata/subnet_prefetch_with_client_ecs.crpl +++ b/testdata/subnet_global_prefetch_with_client_ecs.crpl diff --git a/testdata/subnet_not_whitelisted.crpl b/testdata/subnet_not_whitelisted.crpl index 545b019eda92..5419a5790f0d 100644 --- a/testdata/subnet_not_whitelisted.crpl +++ b/testdata/subnet_not_whitelisted.crpl @@ -39,6 +39,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -109,6 +110,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/subnet_prefetch.crpl b/testdata/subnet_prefetch.crpl index 04922f2bbe48..aaa6bf08c450 100644 --- a/testdata/subnet_prefetch.crpl +++ b/testdata/subnet_prefetch.crpl @@ -1,12 +1,12 @@ -; Check if the prefetch option works properly for messages stored in the global -; cache for non-ECS clients. The prefetch query needs to result in an ECS -; outgoing query based on the client's IP. +; Check if the prefetch option works properly for messages stored in ECS cache +; for non-ECS clients. server: trust-anchor-signaling: no target-fetch-policy: "0 0 0 0 0" send-client-subnet: 1.2.3.4 max-client-subnet-ipv4: 21 + client-subnet-always-forward: yes module-config: "subnetcache iterator" verbosity: 3 access-control: 127.0.0.1 allow_snoop @@ -19,7 +19,7 @@ stub-zone: stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test prefetch option for global cache with ECS enabled +SCENARIO_BEGIN Test prefetch option for ECS cache ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 @@ -78,38 +78,7 @@ RANGE_BEGIN 0 100 RANGE_END ; ns.example.com. -RANGE_BEGIN 0 10 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ; response to query of interest - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - www.example.com. IN A - SECTION ANSWER - www.example.com. 10 IN A 10.20.30.40 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 11 100 +RANGE_BEGIN 0 100 ADDRESS 1.2.3.4 ENTRY_BEGIN MATCH opcode qtype qname @@ -154,7 +123,7 @@ SECTION QUESTION www.example.com. IN A ENTRY_END -; This answer should be in the global cache (because no ECS from upstream) +; This answer will end up in the subnet cache STEP 2 CHECK_ANSWER ENTRY_BEGIN MATCH all @@ -172,53 +141,51 @@ ENTRY_END ; Try to trigger a prefetch STEP 3 TIME_PASSES ELAPSE 9 -STEP 11 QUERY +STEP 4 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.example.com. IN A ENTRY_END -; This record came from the global cache and a prefetch was triggered -STEP 12 CHECK_ANSWER +; This record came from the cache and a prefetch is triggered +STEP 5 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER -www.example.com. 1 IN A 10.20.30.40 +www.example.com. 1 IN A 10.20.30.40 SECTION AUTHORITY -example.com. 3591 IN NS ns.example.com. +example.com. 3591 IN NS ns.example.com. SECTION ADDITIONAL -ns.example.com. 3591 IN A 1.2.3.4 +ns.example.com. 3591 IN A 1.2.3.4 ENTRY_END -; Allow time to pass so that the global cache record is expired -STEP 13 TIME_PASSES ELAPSE 2 +; Allow for some time to pass to differentiate from a cached vs resolved answer +STEP 6 TIME_PASSES ELAPSE 1 -; Query again to verify that the record was prefetched and stored in the ECS -; cache (because the server replied with ECS this time) -STEP 14 QUERY +STEP 7 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.example.com. IN A ENTRY_END -; This record came from the ECS cache -STEP 15 CHECK_ANSWER +; This prefetched record came from the ECS cache +STEP 8 CHECK_ANSWER ENTRY_BEGIN MATCH all ttl REPLY QR RD RA NOERROR SECTION QUESTION -www.example.com. IN A +www.example.com. IN A SECTION ANSWER -www.example.com. 8 IN A 10.20.30.40 +www.example.com. 9 IN A 10.20.30.40 SECTION AUTHORITY -example.com. 3598 IN NS ns.example.com. +example.com. 3599 IN NS ns.example.com. SECTION ADDITIONAL -ns.example.com. 3598 IN A 1.2.3.4 +ns.example.com. 3599 IN A 1.2.3.4 ENTRY_END SCENARIO_END diff --git a/testdata/subnet_without_validator.crpl b/testdata/subnet_without_validator.crpl index 2fbf24239ecb..59c38660f281 100644 --- a/testdata/subnet_without_validator.crpl +++ b/testdata/subnet_without_validator.crpl @@ -38,6 +38,7 @@ RANGE_BEGIN 0 100 SECTION QUESTION a.gtld-servers.net. IN AAAA SECTION AUTHORITY + net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty @@ -108,6 +109,8 @@ RANGE_BEGIN 0 100 SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 SECTION ADDITIONAL HEX_EDNSDATA_BEGIN ;; we expect to receive empty diff --git a/testdata/svcb.tdir/svcb.failure-cases-01 b/testdata/svcb.tdir/svcb.failure-cases-01 index c60151692ee8..6d57584f3137 100644 --- a/testdata/svcb.tdir/svcb.failure-cases-01 +++ b/testdata/svcb.tdir/svcb.failure-cases-01 @@ -3,7 +3,7 @@ $TTL 3600 @ SOA primary admin 0 0 0 0 0 -; Here there are multiple instances of the same SvcParamKey in the mandatory list +; These cases should be base64 encoded but aren't f21 HTTPS 1 foo.example.com. ech="123" f21 HTTPS 1 foo.example.com. echconfig="123" diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone index 5d6339542f67..c3d015ec0f03 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -45,3 +45,17 @@ s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a ke ; maximum alpn size allowed (255 characters) s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ) + +; dohpath can be (non-)quoted and MUST contain "?dns" +; currently there is no validation from Unbound, it can be anything +; maybe needs changing if Unbound is the primary authoritative for SVCB records. +; Then SVCB_SEMANTIC_CHECKS parts of the code could be used per authoritative role. + +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath= +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/dns-query{?dns}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcd}{!abcd}{?dns} +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcdabcd?dns?defedf} +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-queryéè{?dns} diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp index e504e7b18ad5..3a42393baa17 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp @@ -8,3 +8,11 @@ s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE=" s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a" s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +_dns.doh.example. 7200 IN SVCB \# 26 000103646F68076578616D706C65000001000302683200070000 +_dns.doh.example. 7200 IN SVCB \# 26 000103646F68076578616D706C65000001000302683200070000 +_dns.doh.example. 7200 IN SVCB \# 26 000103646F68076578616D706C65000001000302683200070000 +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?dns}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?abcd}{!abcd}{?dns}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?abcdabcd?dns?defedf}" +_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query\195\169\195\168{?dns}" diff --git a/testdata/svcb.tdir/svcb.test b/testdata/svcb.tdir/svcb.test index 17330e08fde6..280c58fc81c4 100644 --- a/testdata/svcb.tdir/svcb.test +++ b/testdata/svcb.tdir/svcb.test @@ -66,7 +66,7 @@ then elif $PRE/readzone svcb.failure-cases-03 then - echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64" + echo "Failure case 03: 65 SvcParams is too many SvcParams; the limit is 64" echo "Incorrectly succeeded" exit 1 @@ -75,6 +75,7 @@ then echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255" echo "Incorrectly succeeded" exit 1 + else echo "All failure cases test successfully" fi diff --git a/testdata/val_any.rpl b/testdata/val_any.rpl index 4ce195134926..ee249ffb6843 100644 --- a/testdata/val_any.rpl +++ b/testdata/val_any.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no rrset-roundrobin: no + harden-unknown-additional: yes stub-zone: name: "." @@ -195,10 +196,8 @@ SECTION ADDITIONAL open.example.com. 600 IN A 213.154.224.1 open.example.com. 600 IN AAAA 2001:7b8:206:1::53 open.example.com. 600 IN AAAA 2001:7b8:206:1::1 -_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} -_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} ENTRY_END SCENARIO_END diff --git a/testdata/val_any_dname.rpl b/testdata/val_any_dname.rpl index 6ab3cded7d5a..005d29606980 100644 --- a/testdata/val_any_dname.rpl +++ b/testdata/val_any_dname.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no rrset-roundrobin: no + harden-unknown-additional: no stub-zone: name: "." diff --git a/testdata/val_any_negcache.rpl b/testdata/val_any_negcache.rpl new file mode 100644 index 000000000000..77aacba8cc13 --- /dev/null +++ b/testdata/val_any_negcache.rpl @@ -0,0 +1,240 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + rrset-roundrobin: no + aggressive-nsec: yes + harden-unknown-additional: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with response to qtype ANY and negative cache. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response with NODATA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN LOC +SECTION AUTHORITY +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ns7.domain-registry.example. 80173 IN A 62.4.86.230 +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +v.net.example. 28800 IN A 213.154.224.17 +v.net.example. 28800 IN AAAA 2001:7b8:206:1:200:39ff:fe59:b187 +johnny.example.com. 600 IN A 213.154.224.44 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +johnny.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854} +_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} +_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN LOC +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN LOC +SECTION ANSWER +SECTION AUTHORITY +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN ANY +ENTRY_END + +; recursion happens here. +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_cnametocloser_nosig.rpl b/testdata/val_cnametocloser_nosig.rpl index 6a0552ec5404..eca05b1aaf90 100644 --- a/testdata/val_cnametocloser_nosig.rpl +++ b/testdata/val_cnametocloser_nosig.rpl @@ -6,6 +6,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop forward-zone: name: "." @@ -89,11 +90,27 @@ ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN -MATCH all ede=9 +MATCH all ede=10 REPLY QR RD RA DO SERVFAIL SECTION QUESTION www.example.com. IN AAAA SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 20 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_cnametoinsecure.rpl b/testdata/val_cnametoinsecure.rpl index 78d04de972cc..372a61f21da6 100644 --- a/testdata/val_cnametoinsecure.rpl +++ b/testdata/val_cnametoinsecure.rpl @@ -50,9 +50,11 @@ SECTION QUESTION unsafe.example.com. IN AAAA SECTION ANSWER ; empty response +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.com. gJkF06xR3FoD/d+rxcLOwGpT8+DV+nbxED8C6T1qZyhWfKlfpYzISNooKBWD+JQbaGKV/nfm+rT3M0fnIXPpQQ== ENTRY_END - ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -88,6 +90,9 @@ SECTION QUESTION unsafe.example.org. IN AAAA SECTION ANSWER ; empty response +SECTION AUTHORITY +example.org. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.org. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.org. lYlSk7saPytwcu6Dp3HKYdyCOIlpTm+T8kjf0hnrLgPDZuksUjw/GLB+d6onTDpWLlasHfi0eoAkNvTeuR0+1w== ENTRY_END RANGE_END @@ -112,6 +117,8 @@ www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20 SECTION AUTHORITY unsafe.example.com. 3600 IN NSEC v.example.com. NS RRSIG NSEC unsafe.example.com. 3600 IN RRSIG NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899} +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.com. gJkF06xR3FoD/d+rxcLOwGpT8+DV+nbxED8C6T1qZyhWfKlfpYzISNooKBWD+JQbaGKV/nfm+rT3M0fnIXPpQQ== ENTRY_END ; NSEC3 @@ -134,6 +141,8 @@ www.example.org. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20 SECTION AUTHORITY ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN RRSIG NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899} +example.org. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.org. 3600 IN RRSIG SOA 5 2 3600 20091012000000 20091010000000 30899 example.org. lYlSk7saPytwcu6Dp3HKYdyCOIlpTm+T8kjf0hnrLgPDZuksUjw/GLB+d6onTDpWLlasHfi0eoAkNvTeuR0+1w== ENTRY_END SCENARIO_END diff --git a/testdata/val_cnametonodata_nonsec.rpl b/testdata/val_cnametonodata_nonsec.rpl index 48158162cba6..8f3927575ecb 100644 --- a/testdata/val_cnametonodata_nonsec.rpl +++ b/testdata/val_cnametonodata_nonsec.rpl @@ -9,6 +9,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -146,11 +147,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. AI+pFL3opyI/Mx3pCwnULbwc99bqXrJjRp4ds1lIBPN9X/Pia3wQdkM= ; NSEC here ... SECTION ADDITIONAL ENTRY_END @@ -208,11 +211,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.net. IN AAAA SECTION ANSWER SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} ; NSEC here SECTION ADDITIONAL ENTRY_END @@ -226,6 +231,8 @@ SECTION QUESTION www.example.net. IN A SECTION ANSWER SECTION AUTHORITY +example.net. 3600 IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 +;example.net. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.net. ADNbj4XoTESBEkbFri3OG7SujbOUAoyrxPNHbULhxbvbB48Y0YAwvNY= ;www.example.net. IN NSEC example.net. MX NSEC RRSIG ;www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} SECTION ADDITIONAL @@ -262,4 +269,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_cnametooptout.rpl b/testdata/val_cnametooptout.rpl index c9e982253632..2ec4889f9d4e 100644 --- a/testdata/val_cnametooptout.rpl +++ b/testdata/val_cnametooptout.rpl @@ -4,6 +4,7 @@ server: val-override-date: "20091113091234" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no forward-zone: name: "." @@ -44,6 +45,9 @@ REPLY QR NOERROR SECTION QUESTION www.content.hud.gov. IN AAAA SECTION ANSWER +SECTION AUTHORITY +content.hud.gov. 86400 IN NS drfswitch.hud.gov. +content.hud.gov. 86400 IN NS lanswitch.hud.gov. ENTRY_END ENTRY_BEGIN @@ -107,6 +111,8 @@ SECTION AUTHORITY 3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775} GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN NSEC3 1 1 5 abcd gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG ; flags: optout GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775} +content.hud.gov. 86400 IN NS drfswitch.hud.gov. +content.hud.gov. 86400 IN NS lanswitch.hud.gov. ENTRY_END SCENARIO_END diff --git a/testdata/val_cnametoposnowc.rpl b/testdata/val_cnametoposnowc.rpl index 2975bd8d2a03..1ba57633c146 100644 --- a/testdata/val_cnametoposnowc.rpl +++ b/testdata/val_cnametoposnowc.rpl @@ -9,6 +9,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -261,4 +262,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_deleg_nons.rpl b/testdata/val_deleg_nons.rpl index 82348d95b7f9..aac87eab7316 100644 --- a/testdata/val_deleg_nons.rpl +++ b/testdata/val_deleg_nons.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -269,4 +270,21 @@ foo.www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +foo.www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +foo.www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_dnamewc.rpl b/testdata/val_dnamewc.rpl index 1a0e41ecff0b..ee72f6a1fa1b 100644 --- a/testdata/val_dnamewc.rpl +++ b/testdata/val_dnamewc.rpl @@ -9,6 +9,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -264,4 +265,21 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_ds_cname.rpl b/testdata/val_ds_cname.rpl index 3b88fb5a25a6..a49c53538ebe 100644 --- a/testdata/val_ds_cname.rpl +++ b/testdata/val_ds_cname.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -78,6 +79,8 @@ REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600 ENTRY_END RANGE_END @@ -202,4 +205,20 @@ SECTION QUESTION www.example.com. IN A ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + SCENARIO_END diff --git a/testdata/val_faildnskey.rpl b/testdata/val_faildnskey.rpl index 528082120968..cc1cc9eeed0f 100644 --- a/testdata/val_faildnskey.rpl +++ b/testdata/val_faildnskey.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -143,10 +144,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END RANGE_END @@ -168,4 +172,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_faildnskey_ok.rpl b/testdata/val_faildnskey_ok.rpl index d3ac00c47d15..50f3184b48f1 100644 --- a/testdata/val_faildnskey_ok.rpl +++ b/testdata/val_faildnskey_ok.rpl @@ -144,10 +144,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END RANGE_END diff --git a/testdata/val_nodata_failsig.rpl b/testdata/val_nodata_failsig.rpl index 0c4426bc1054..16b46d4fd33b 100644 --- a/testdata/val_nodata_failsig.rpl +++ b/testdata/val_nodata_failsig.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -162,4 +163,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nodata_failwc.rpl b/testdata/val_nodata_failwc.rpl index 3aa8212c8932..7ac61fa2bddb 100644 --- a/testdata/val_nodata_failwc.rpl +++ b/testdata/val_nodata_failwc.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "nsecwc.nlnetlabs.nl" @@ -17,8 +18,8 @@ CONFIG_END SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. - ; ns.example.com. -RANGE_BEGIN 0 100 + ; ns.example.com. +RANGE_BEGIN 0 100 ADDRESS 185.49.140.60 ; response to DNSKEY priming query @@ -69,4 +70,21 @@ _25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nokeyprime.rpl b/testdata/val_nokeyprime.rpl index 5d3727420799..b7646d34ca8b 100644 --- a/testdata/val_nokeyprime.rpl +++ b/testdata/val_nokeyprime.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -161,4 +162,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nsec3_b1_nameerror_nowc.rpl b/testdata/val_nsec3_b1_nameerror_nowc.rpl index 0ff135af6bba..9445fec08907 100644 --- a/testdata/val_nsec3_b1_nameerror_nowc.rpl +++ b/testdata/val_nsec3_b1_nameerror_nowc.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -140,12 +141,24 @@ SECTION QUESTION a.c.x.w.example. IN A SECTION ANSWER SECTION AUTHORITY -; example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) -; example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) -; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) -; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) -; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) -; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) +ENTRY_END + +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +a.c.x.w.example. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +a.c.x.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY ENTRY_END SCENARIO_END diff --git a/testdata/val_nsec3_b2_nodata_nons.rpl b/testdata/val_nsec3_b2_nodata_nons.rpl index b47643b25564..7dd06a392fa1 100644 --- a/testdata/val_nsec3_b2_nodata_nons.rpl +++ b/testdata/val_nsec3_b2_nodata_nons.rpl @@ -6,6 +6,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -97,6 +98,9 @@ ADJUST copy_id REPLY QR AA DO NOERROR SECTION QUESTION ns1.example. IN DS +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) ENTRY_END ENTRY_BEGIN @@ -135,4 +139,21 @@ ns1.example. IN MX SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ns1.example. IN MX +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=12 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ns1.example. IN MX +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nsec3_b4_wild_wr.rpl b/testdata/val_nsec3_b4_wild_wr.rpl index 50daf3809e9b..5ca165628607 100644 --- a/testdata/val_nsec3_b4_wild_wr.rpl +++ b/testdata/val_nsec3_b4_wild_wr.rpl @@ -129,6 +129,10 @@ SECTION QUESTION ns2.example. IN A SECTION ANSWER ; nothing to make sure the ns1 server is used for queries. +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) ENTRY_END ENTRY_BEGIN @@ -139,6 +143,10 @@ SECTION QUESTION ns2.example. IN AAAA SECTION ANSWER ; nothing to make sure the ns1 server is used for queries. +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) ENTRY_END diff --git a/testdata/val_nsec3_entnodata_optout_badopt.rpl b/testdata/val_nsec3_entnodata_optout_badopt.rpl index b672bd6e6cc2..c7e5a50068be 100644 --- a/testdata/val_nsec3_entnodata_optout_badopt.rpl +++ b/testdata/val_nsec3_entnodata_optout_badopt.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -194,4 +195,21 @@ ent.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +ent.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +ent.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nsec3_nods_badsig.rpl b/testdata/val_nsec3_nods_badsig.rpl index 79290d659ae7..d99470f344fc 100644 --- a/testdata/val_nsec3_nods_badsig.rpl +++ b/testdata/val_nsec3_nods_badsig.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -234,4 +235,20 @@ www.sub.example.com. IN A SECTION ANSWER ENTRY_END +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=7 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nx_failwc.rpl b/testdata/val_nx_failwc.rpl index 645a6b4c9728..765b34456d96 100644 --- a/testdata/val_nx_failwc.rpl +++ b/testdata/val_nx_failwc.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "nsecwc.nlnetlabs.nl" @@ -67,4 +68,21 @@ a.nsecwc.nlnetlabs.nl. IN TXT SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_nx_overreach.rpl b/testdata/val_nx_overreach.rpl index e5046bc1a445..28089e5f361c 100644 --- a/testdata/val_nx_overreach.rpl +++ b/testdata/val_nx_overreach.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -162,4 +163,21 @@ www.example.com. IN A SECTION ANSWER ENTRY_END +; Redo the query without RD to check EDE caching. +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/testdata/val_positive_nosigs.rpl b/testdata/val_positive_nosigs.rpl index e57836f90d02..c48b39e6f0d3 100644 --- a/testdata/val_positive_nosigs.rpl +++ b/testdata/val_positive_nosigs.rpl @@ -137,10 +137,13 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION www.example.com. IN DS SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} ENTRY_END ; response to query of interest diff --git a/testdata/val_secds_nosig.rpl b/testdata/val_secds_nosig.rpl index 69f83a393c10..ec768799d7f9 100644 --- a/testdata/val_secds_nosig.rpl +++ b/testdata/val_secds_nosig.rpl @@ -7,6 +7,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -230,4 +231,19 @@ SECTION QUESTION www.sub.example.com. IN A ENTRY_END +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=10 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + SCENARIO_END diff --git a/testdata/val_ta_algo_missing.rpl b/testdata/val_ta_algo_missing.rpl index 9efb24266c05..537af2cb3e6b 100644 --- a/testdata/val_ta_algo_missing.rpl +++ b/testdata/val_ta_algo_missing.rpl @@ -11,6 +11,7 @@ server: fake-sha1: yes trust-anchor-signaling: no ede: yes + access-control: 127.0.0.0/8 allow_snoop stub-zone: name: "." @@ -166,11 +167,27 @@ ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN -MATCH all ede=9 +MATCH all ede=6 REPLY QR RD RA DO SERVFAIL SECTION QUESTION www.example.com. IN A SECTION ANSWER ENTRY_END +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=6 +REPLY QR RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + SCENARIO_END diff --git a/util/config_file.c b/util/config_file.c index e3a77053709f..454096342326 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -55,6 +55,7 @@ #include "util/regional.h" #include "util/fptr_wlist.h" #include "util/data/dname.h" +#include "util/random.h" #include "util/rtt.h" #include "services/cache/infra.h" #include "sldns/wire2str.h" @@ -87,7 +88,10 @@ struct config_parser_state* cfg_parser = 0; /** init ports possible for use */ static void init_outgoing_availports(int* array, int num); -struct config_file* +/** init cookie with random data */ +static void init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len); + +struct config_file* config_create(void) { struct config_file* cfg; @@ -116,6 +120,7 @@ config_create(void) cfg->tcp_auth_query_timeout = 3 * 1000; /* 3s in millisecs */ cfg->do_tcp_keepalive = 0; cfg->tcp_keepalive_timeout = 120 * 1000; /* 120s in millisecs */ + cfg->sock_queue_timeout = 0; /* do not check timeout */ cfg->ssl_service_key = NULL; cfg->ssl_service_pem = NULL; cfg->ssl_port = UNBOUND_DNS_OVER_TLS_PORT; @@ -153,7 +158,7 @@ config_create(void) cfg->outgoing_num_ports = 48; /* windows is limited in num fds */ cfg->num_queries_per_thread = 24; cfg->outgoing_num_tcp = 2; /* leaves 64-52=12 for: 4if,1stop,thread4 */ - cfg->incoming_num_tcp = 2; + cfg->incoming_num_tcp = 2; #endif cfg->stream_wait_size = 4 * 1024 * 1024; cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */ @@ -233,6 +238,7 @@ config_create(void) cfg->harden_below_nxdomain = 1; cfg->harden_referral_path = 0; cfg->harden_algo_downgrade = 0; + cfg->harden_unknown_additional = 0; cfg->use_caps_bits_for_id = 0; cfg->caps_whitelist = NULL; cfg->private_address = NULL; @@ -300,14 +306,14 @@ config_create(void) cfg->minimal_responses = 1; cfg->rrset_roundrobin = 1; cfg->unknown_server_time_limit = 376; - cfg->max_udp_size = 4096; - if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) + cfg->max_udp_size = 1232; /* value taken from edns_buffer_size */ + if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) goto error_exit; - if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) + if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) goto error_exit; - if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) + if(!(cfg->control_key_file = strdup(RUN_DIR"/unbound_control.key"))) goto error_exit; - if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) + if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) goto error_exit; #ifdef CLIENT_SUBNET @@ -315,7 +321,7 @@ config_create(void) #else if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; #endif - if(!(cfg->val_nsec3_key_iterations = + if(!(cfg->val_nsec3_key_iterations = strdup("1024 150 2048 150 4096 150"))) goto error_exit; #if defined(DNSTAP_SOCKET_PATH) if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) @@ -324,6 +330,7 @@ config_create(void) cfg->dnstap_bidirectional = 1; cfg->dnstap_tls = 1; cfg->disable_dnssec_lame_check = 0; + cfg->ip_ratelimit_cookie = 0; cfg->ip_ratelimit = 0; cfg->ratelimit = 0; cfg->ip_ratelimit_slabs = 4; @@ -367,11 +374,17 @@ config_create(void) cfg->ipsecmod_whitelist = NULL; cfg->ipsecmod_strict = 0; #endif + cfg->do_answer_cookie = 0; + memset(cfg->cookie_secret, 0, sizeof(cfg->cookie_secret)); + cfg->cookie_secret_len = 16; + init_cookie_secret(cfg->cookie_secret, cfg->cookie_secret_len); #ifdef USE_CACHEDB if(!(cfg->cachedb_backend = strdup("testframe"))) goto error_exit; if(!(cfg->cachedb_secret = strdup("default"))) goto error_exit; #ifdef USE_REDIS if(!(cfg->redis_server_host = strdup("127.0.0.1"))) goto error_exit; + cfg->redis_server_path = NULL; + cfg->redis_server_password = NULL; cfg->redis_timeout = 100; cfg->redis_server_port = 6379; cfg->redis_expire_records = 0; @@ -487,10 +500,10 @@ int config_set_option(struct config_file* cfg, const char* opt, /* not supported, library must have 1 thread in bgworker */ return 0; } else if(strcmp(opt, "outgoing-port-permit:") == 0) { - return cfg_mark_ports(val, 1, + return cfg_mark_ports(val, 1, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "outgoing-port-avoid:") == 0) { - return cfg_mark_ports(val, 0, + return cfg_mark_ports(val, 0, cfg->outgoing_avail_ports, 65536); } else if(strcmp(opt, "local-zone:") == 0) { return cfg_parse_local_zone(cfg, val); @@ -504,7 +517,7 @@ int config_set_option(struct config_file* cfg, const char* opt, if(atoi(val) == 0) return 0; cfg->val_date_override = (uint32_t)atoi(val); } - } else if(strcmp(opt, "local-data-ptr:") == 0) { + } else if(strcmp(opt, "local-data-ptr:") == 0) { char* ptr = cfg_ptr_reverse((char*)opt); return cfg_strlist_insert(&cfg->local_data, ptr); } else if(strcmp(opt, "logfile:") == 0) { @@ -540,6 +553,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_NUMBER_NONZERO("tcp-reuse-timeout:", tcp_reuse_timeout) else S_YNO("edns-tcp-keepalive:", do_tcp_keepalive) else S_NUMBER_NONZERO("edns-tcp-keepalive-timeout:", tcp_keepalive_timeout) + else S_NUMBER_OR_ZERO("sock-queue-timeout:", sock_queue_timeout) else S_YNO("ssl-upstream:", ssl_upstream) else S_YNO("tls-upstream:", ssl_upstream) else S_STR("ssl-service-key:", ssl_service_key) @@ -649,6 +663,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("harden-below-nxdomain:", harden_below_nxdomain) else S_YNO("harden-referral-path:", harden_referral_path) else S_YNO("harden-algo-downgrade:", harden_algo_downgrade) + else S_YNO("harden-unknown-additional:", harden_unknown_additional) else S_YNO("use-caps-for-id:", use_caps_bits_for_id) else S_STRLIST("caps-whitelist:", caps_whitelist) else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold) @@ -684,7 +699,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else if(strcmp(opt, "serve-expired-reply-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->serve_expired_reply_ttl = atoi(val); SERVE_EXPIRED_REPLY_TTL=(time_t)cfg->serve_expired_reply_ttl;} else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout) - else S_YNO("ede:", ede) + else S_YNO("ede:", ede) else S_YNO("ede-serve-expired:", ede_serve_expired) else S_YNO("serve-original-ttl:", serve_original_ttl) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) @@ -765,6 +780,10 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_POW2("dnscrypt-nonce-cache-slabs:", dnscrypt_nonce_cache_slabs) #endif + else if(strcmp(opt, "ip-ratelimit-cookie:") == 0) { + IS_NUMBER_OR_ZERO; cfg->ip_ratelimit_cookie = atoi(val); + infra_ip_ratelimit_cookie=cfg->ip_ratelimit_cookie; + } else if(strcmp(opt, "ip-ratelimit:") == 0) { IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val); infra_ip_ratelimit=cfg->ip_ratelimit; @@ -812,7 +831,7 @@ int config_set_option(struct config_file* cfg, const char* opt, { IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); - char** oi = + char** oi = (char**)reallocarray(NULL, (size_t)cfg->num_out_ifs+1, sizeof(char*)); if(!d || !oi) { free(d); free(oi); return -1; } if(cfg->out_ifs && cfg->num_out_ifs) { @@ -907,7 +926,7 @@ config_collate_cat(struct config_strlist* list) for(s=list; s; s=s->next) total += strlen(s->str) + 1; /* len + newline */ left = total+1; /* one extra for nul at end */ - r = malloc(left); + r = malloc(left); if(!r) return NULL; w = r; @@ -986,7 +1005,7 @@ config_collate_cat(struct config_strlist* list) } int -config_get_option(struct config_file* cfg, const char* opt, +config_get_option(struct config_file* cfg, const char* opt, void (*func)(char*,void*), void* arg) { char buf[1024], nopt[64]; @@ -1062,6 +1081,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "tcp-reuse-timeout", tcp_reuse_timeout) else O_YNO(opt, "edns-tcp-keepalive", do_tcp_keepalive) else O_DEC(opt, "edns-tcp-keepalive-timeout", tcp_keepalive_timeout) + else O_DEC(opt, "sock-queue-timeout", sock_queue_timeout) else O_YNO(opt, "ssl-upstream", ssl_upstream) else O_YNO(opt, "tls-upstream", ssl_upstream) else O_STR(opt, "ssl-service-key", ssl_service_key) @@ -1117,6 +1137,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "harden-below-nxdomain", harden_below_nxdomain) else O_YNO(opt, "harden-referral-path", harden_referral_path) else O_YNO(opt, "harden-algo-downgrade", harden_algo_downgrade) + else O_YNO(opt, "harden-unknown-additional", harden_unknown_additional) else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id) else O_LST(opt, "caps-whitelist", caps_whitelist) else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) @@ -1232,6 +1253,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "python-script", python_script) else O_LST(opt, "dynlib-file", dynlib_file) else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check) + else O_DEC(opt, "ip-ratelimit-cookie", ip_ratelimit_cookie) else O_DEC(opt, "ip-ratelimit", ip_ratelimit) else O_DEC(opt, "ratelimit", ratelimit) else O_MEM(opt, "ip-ratelimit-size", ip_ratelimit_size) @@ -1287,6 +1309,8 @@ config_get_option(struct config_file* cfg, const char* opt, #ifdef USE_REDIS else O_STR(opt, "redis-server-host", redis_server_host) else O_DEC(opt, "redis-server-port", redis_server_port) + else O_STR(opt, "redis-server-path", redis_server_path) + else O_STR(opt, "redis-server-password", redis_server_password) else O_DEC(opt, "redis-timeout", redis_timeout) else O_YNO(opt, "redis-expire-records", redis_expire_records) #endif /* USE_REDIS */ @@ -1322,7 +1346,7 @@ create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot) init_cfg_parse(); } -int +int config_read(struct config_file* cfg, const char* filename, const char* chroot) { FILE *in; @@ -1362,7 +1386,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot) if(r == GLOB_NOMATCH) { verbose(VERB_QUERY, "include: " "no matches for %s", fname); - return 1; + return 1; } else if(r == GLOB_NOSPACE) { log_err("include: %s: " "fnametern out of memory", fname); @@ -1561,7 +1585,7 @@ config_del_strbytelist(struct config_strbytelist* p) } } -void +void config_delete(struct config_file* cfg) { if(!cfg) return; @@ -1638,6 +1662,7 @@ config_delete(struct config_file* cfg) free(cfg->server_cert_file); free(cfg->control_key_file); free(cfg->control_cert_file); + free(cfg->nat64_prefix); free(cfg->dns64_prefix); config_delstrlist(cfg->dns64_ignore_aaaa); free(cfg->dnstap_socket_path); @@ -1663,6 +1688,8 @@ config_delete(struct config_file* cfg) free(cfg->cachedb_secret); #ifdef USE_REDIS free(cfg->redis_server_host); + free(cfg->redis_server_path); + free(cfg->redis_server_password); #endif /* USE_REDIS */ #endif /* USE_CACHEDB */ #ifdef USE_IPSET @@ -1672,7 +1699,21 @@ config_delete(struct config_file* cfg) free(cfg); } -static void +static void +init_cookie_secret(uint8_t* cookie_secret, size_t cookie_secret_len) +{ + struct ub_randstate *rand = ub_initstate(NULL); + + if (!rand) + fatal_exit("could not init random generator"); + while (cookie_secret_len) { + *cookie_secret++ = (uint8_t)ub_random(rand); + cookie_secret_len--; + } + ub_randfree(rand); +} + +static void init_outgoing_availports(int* a, int num) { /* generated with make iana_update */ @@ -1685,7 +1726,7 @@ init_outgoing_availports(int* a, int num) for(i=1024; i<num; i++) { a[i] = i; } - /* create empty spot at 49152 to keep ephemeral ports available + /* create empty spot at 49152 to keep ephemeral ports available * to other programs */ for(i=49152; i<49152+256; i++) a[i] = 0; @@ -1696,7 +1737,7 @@ init_outgoing_availports(int* a, int num) } } -int +int cfg_mark_ports(const char* str, int allow, int* avail, int num) { char* mid = strchr(str, '-'); @@ -1741,7 +1782,7 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) return 1; } -int +int cfg_scan_ports(int* avail, int num) { int i; @@ -1858,7 +1899,7 @@ int cfg_strlist_append(struct config_strlist_head* list, char* item) return 1; } -int +int cfg_region_strlist_insert(struct regional* region, struct config_strlist** head, char* item) { @@ -1891,7 +1932,7 @@ cfg_strlist_find(struct config_strlist* head, const char *item) return NULL; } -int +int cfg_strlist_insert(struct config_strlist** head, char* item) { struct config_strlist *s; @@ -1921,7 +1962,7 @@ cfg_strlist_append_ex(struct config_strlist** head, char* item) return 0; s->str = item; s->next = NULL; - + if (*head==NULL) { *head = s; } else { @@ -1931,11 +1972,11 @@ cfg_strlist_append_ex(struct config_strlist** head, char* item) } last->next = s; } - - return 1; + + return 1; } -int +int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) { struct config_str2list *s; @@ -1957,7 +1998,7 @@ cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) return 1; } -int +int cfg_str3list_insert(struct config_str3list** head, char* item, char* i2, char* i3) { @@ -1993,7 +2034,7 @@ cfg_strbytelist_insert(struct config_strbytelist** head, char* item, return 1; } -time_t +time_t cfg_convert_timeval(const char* str) { time_t t; @@ -2001,7 +2042,7 @@ cfg_convert_timeval(const char* str) memset(&tm, 0, sizeof(tm)); if(strlen(str) < 14) return 0; - if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, + if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) return 0; tm.tm_year -= 1900; @@ -2018,7 +2059,7 @@ cfg_convert_timeval(const char* str) return t; } -int +int cfg_count_numbers(const char* s) { /* format ::= (sp num)+ sp */ @@ -2053,7 +2094,7 @@ static int isalldigit(const char* str, size_t l) return 1; } -int +int cfg_parse_memsize(const char* str, size_t* res) { size_t len; @@ -2069,11 +2110,11 @@ cfg_parse_memsize(const char* str, size_t* res) /* check appended num */ while(len>0 && str[len-1]==' ') len--; - if(len > 1 && str[len-1] == 'b') + if(len > 1 && str[len-1] == 'b') len--; - else if(len > 1 && str[len-1] == 'B') + else if(len > 1 && str[len-1] == 'B') len--; - + if(len > 1 && tolower((unsigned char)str[len-1]) == 'g') mult = 1024*1024*1024; else if(len > 1 && tolower((unsigned char)str[len-1]) == 'm') @@ -2160,7 +2201,7 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str, log_err("out of memory"); return 0; } - + /* parse */ s = str; while((p=strsep(&s, " \t\n")) != NULL) { @@ -2246,7 +2287,7 @@ int taglist_intersect(uint8_t* list1, size_t list1len, const uint8_t* list2, return 0; } -void +void config_apply(struct config_file* config) { MAX_TTL = (time_t)config->max_ttl; @@ -2288,7 +2329,7 @@ void config_lookup_uid(struct config_file* cfg) #endif } -/** +/** * Calculate string length of full pathname in original filesys * @param fname: the path name to convert. * Must not be null or empty. @@ -2302,7 +2343,7 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) { size_t len = 0; int slashit = 0; - if(cfg->chrootdir && cfg->chrootdir[0] && + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ return strlen(fname); @@ -2325,8 +2366,8 @@ strlen_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) /* prepend chdir */ if(slashit && cfg->directory[0] != '/') len++; - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, + if(cfg->chrootdir && cfg->chrootdir[0] && + strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) len += strlen(cfg->directory)-strlen(cfg->chrootdir); else len += strlen(cfg->directory); @@ -2349,7 +2390,7 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) return NULL; buf[0] = 0; /* is fname already in chroot ? */ - if(cfg->chrootdir && cfg->chrootdir[0] && + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(cfg->chrootdir, fname, strlen(cfg->chrootdir)) == 0) { /* already full pathname, return it */ (void)strlcpy(buf, fname, len); @@ -2375,10 +2416,10 @@ fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir) if(slashit && cfg->directory[0] != '/') (void)strlcat(buf, "/", len); /* is the directory already in the chroot? */ - if(cfg->chrootdir && cfg->chrootdir[0] && - strncmp(cfg->chrootdir, cfg->directory, + if(cfg->chrootdir && cfg->chrootdir[0] && + strncmp(cfg->chrootdir, cfg->directory, strlen(cfg->chrootdir)) == 0) - (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), + (void)strlcat(buf, cfg->directory+strlen(cfg->chrootdir), len); else (void)strlcat(buf, cfg->directory, len); slashit = 1; @@ -2415,7 +2456,7 @@ static char* last_space_pos(const char* str) return (sp>tab)?sp:tab; } -int +int cfg_parse_local_zone(struct config_file* cfg, const char* val) { const char *type, *name_end, *name; @@ -2450,11 +2491,11 @@ cfg_parse_local_zone(struct config_file* cfg, const char* val) } if(strcmp(type, "nodefault")==0) { - return cfg_strlist_insert(&cfg->local_zones_nodefault, + return cfg_strlist_insert(&cfg->local_zones_nodefault, strdup(name)); #ifdef USE_IPSET } else if(strcmp(type, "ipset")==0) { - return cfg_strlist_insert(&cfg->local_zones_ipset, + return cfg_strlist_insert(&cfg->local_zones_ipset, strdup(name)); #endif } else { @@ -2509,7 +2550,7 @@ char* cfg_ptr_reverse(char* str) const char* hex = "0123456789abcdef"; char *p = buf; int i; - memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, + memmove(ad, &((struct sockaddr_in6*)&addr)->sin6_addr, sizeof(ad)); for(i=15; i>=0; i--) { uint8_t b = ad[i]; @@ -2521,7 +2562,7 @@ char* cfg_ptr_reverse(char* str) snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa. "); } else { uint8_t ad[4]; - memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, + memmove(ad, &((struct sockaddr_in*)&addr)->sin_addr, sizeof(ad)); snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa. ", (unsigned)ad[3], (unsigned)ad[2], diff --git a/util/config_file.h b/util/config_file.h index 87cb92cf0e03..452f3c6a78fb 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -88,6 +88,8 @@ struct config_file { int do_ip4; /** do ip6 query support. */ int do_ip6; + /** do nat64 on queries */ + int do_nat64; /** prefer ip4 upstream queries. */ int prefer_ip4; /** prefer ip6 upstream queries. */ @@ -116,6 +118,8 @@ struct config_file { int do_tcp_keepalive; /** tcp keepalive timeout, in msec */ int tcp_keepalive_timeout; + /** timeout of packets sitting in the socket queue */ + int sock_queue_timeout; /** proxy protocol ports */ struct config_strlist* proxy_protocol_port; @@ -232,7 +236,7 @@ struct config_file { /** interface description strings (IP addresses) */ char **ifs; - /** number of outgoing interfaces to open. + /** number of outgoing interfaces to open. * If 0 default all interfaces. */ int num_out_ifs; /** outgoing interface description strings (IP addresses) */ @@ -251,7 +255,7 @@ struct config_file { /** list of donotquery addresses, linked list */ struct config_strlist* donotqueryaddrs; #ifdef CLIENT_SUBNET - /** list of servers we send edns-client-subnet option to and + /** list of servers we send edns-client-subnet option to and * accept option from, linked list */ struct config_strlist* client_subnet; /** list of zones we send edns-client-subnet option for */ @@ -292,6 +296,9 @@ struct config_file { int harden_referral_path; /** harden against algorithm downgrade */ int harden_algo_downgrade; + /** harden against unknown records in the authority section and in + * the additional section */ + int harden_unknown_additional; /** use 0x20 bits in query as random ID bits */ int use_caps_bits_for_id; /** 0x20 whitelist, domains that do not use capsforid */ @@ -364,7 +371,7 @@ struct config_file { /** the module configuration string */ char* module_conf; - + /** files with trusted DS and DNSKEYs in zonefile format, list */ struct config_strlist* trust_anchor_file_list; /** list of trustanchor keys, linked list */ @@ -389,7 +396,7 @@ struct config_file { /** max number of query restarts, number of IPs to probe */ int32_t val_max_restart; /** this value sets the number of seconds before revalidating bogus */ - int bogus_ttl; + int bogus_ttl; /** should validator clean additional section for secure msgs */ int val_clean_additional; /** log bogus messages by the validator */ @@ -535,6 +542,9 @@ struct config_file { /** ignore AAAAs for these domain names and use A record anyway */ struct config_strlist* dns64_ignore_aaaa; + /* NAT64 prefix; if unset defaults to dns64_prefix */ + char* nat64_prefix; + /** true to enable dnstap support */ int dnstap; /** using bidirectional frame streams if true */ @@ -580,6 +590,9 @@ struct config_file { /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ int ip_ratelimit; + /** ratelimit for ip addresses with a valid DNS Cookie. 0 is off, + * otherwise qps (unless overridden) */ + int ip_ratelimit_cookie; /** number of slabs for ip_ratelimit cache */ size_t ip_ratelimit_slabs; /** memory size in bytes for ip_ratelimit cache */ @@ -691,12 +704,23 @@ struct config_file { char* redis_server_host; /** redis server's TCP port */ int redis_server_port; + /** redis server's unix path. Or "", NULL if unused */ + char* redis_server_path; + /** redis server's AUTH password. Or "", NULL if unused */ + char* redis_server_password; /** timeout (in ms) for communication with the redis server */ int redis_timeout; /** set timeout on redis records based on DNS response ttl */ int redis_expire_records; #endif #endif + /** Downstream DNS Cookies */ + /** do answer with server cookie when request contained cookie option */ + int do_answer_cookie; + /** cookie secret */ + uint8_t cookie_secret[40]; + /** cookie secret length */ + size_t cookie_secret_len; /* ipset module */ #ifdef USE_IPSET @@ -809,7 +833,7 @@ struct config_view { struct config_strlist* local_zones_ipset; #endif /** Fallback to global local_zones when there is no match in the view - * view specific tree. 1 for yes, 0 for no */ + * view specific tree. 1 for yes, 0 for no */ int isfirst; /** predefined actions for particular IP address responses */ struct config_str2list* respip_actions; @@ -884,7 +908,7 @@ struct config_file* config_create_forlib(void); * @param config: where options are stored into, must be freshly created. * @param filename: name of configfile. If NULL nothing is done. * @param chroot: if not NULL, the chroot dir currently in use (for include). - * @return: false on error. In that case errno is set, ENOENT means + * @return: false on error. In that case errno is set, ENOENT means * file not found. */ int config_read(struct config_file* config, const char* filename, @@ -919,16 +943,16 @@ void config_lookup_uid(struct config_file* config); int config_set_option(struct config_file* config, const char* option, const char* value); -/** +/** * Call print routine for the given option. * @param cfg: config. - * @param opt: option name without trailing :. + * @param opt: option name without trailing :. * This is different from config_set_option. * @param func: print func, called as (str, arg) for every data element. * @param arg: user argument for print func. * @return false if the option name is not supported (syntax error). */ -int config_get_option(struct config_file* cfg, const char* opt, +int config_get_option(struct config_file* cfg, const char* opt, void (*func)(char*,void*), void* arg); /** @@ -948,7 +972,7 @@ int config_get_option_list(struct config_file* cfg, const char* opt, * @param str: string. malloced, caller must free it. * @return 0=OK, 1=syntax error, 2=malloc failed. */ -int config_get_option_collate(struct config_file* cfg, const char* opt, +int config_get_option_collate(struct config_file* cfg, const char* opt, char** str); /** @@ -1143,7 +1167,7 @@ int cfg_count_numbers(const char* str); * k=1024, m=1024*1024, g=1024*1024*1024. * @param str: string * @param res: result is stored here, size in bytes. - * @return: true if parsed correctly, or 0 on a parse error (and an error + * @return: true if parsed correctly, or 0 on a parse error (and an error * is logged). */ int cfg_parse_memsize(const char* str, size_t* res); @@ -1177,7 +1201,7 @@ int find_tag_id(struct config_file* cfg, const char* tag); /** * parse taglist from string into bytestring with bitlist. * @param cfg: the config structure (with tagnames) - * @param str: the string to parse. Parse puts 0 bytes in string. + * @param str: the string to parse. Parse puts 0 bytes in string. * @param listlen: returns length of in bytes. * @return malloced bytes with a bitlist of the tags. or NULL on parse error * or malloc failure. @@ -1220,7 +1244,7 @@ int cfg_parse_local_zone(struct config_file* cfg, const char* val); * @param allow: give true if this range is permitted. * @param avail: the array from cfg. * @param num: size of the array (65536). - * @return: true if parsed correctly, or 0 on a parse error (and an error + * @return: true if parsed correctly, or 0 on a parse error (and an error * is logged). */ int cfg_mark_ports(const char* str, int allow, int* avail, int num); @@ -1248,7 +1272,7 @@ void cfg_apply_local_port_policy(struct config_file* cfg, int num); */ int cfg_scan_ports(int* avail, int num); -/** +/** * Convert a filename to full pathname in original filesys * @param fname: the path name to convert. * Must not be null or empty. @@ -1257,7 +1281,7 @@ int cfg_scan_ports(int* avail, int num); * @return pointer to malloced buffer which is: [chroot][chdir]fname * or NULL on malloc failure. */ -char* fname_after_chroot(const char* fname, struct config_file* cfg, +char* fname_after_chroot(const char* fname, struct config_file* cfg, int use_chdir); /** @@ -1342,4 +1366,3 @@ int if_is_dnscrypt(const char* ifname, const char* port, int dnscrypt_port); #endif #endif /* UTIL_CONFIG_FILE_H */ - diff --git a/util/configlexer.c b/util/configlexer.c index 0815f6e6553b..546800c2c56a 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -354,8 +354,8 @@ static void yynoreturn yy_fatal_error ( const char* msg ); (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 372 -#define YY_END_OF_BUFFER 373 +#define YY_NUM_RULES 381 +#define YY_END_OF_BUFFER 382 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -363,413 +363,423 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept[3683] = +static const flex_int16_t yy_accept[3778] = { 0, - 1, 1, 346, 346, 350, 350, 354, 354, 358, 358, - 1, 1, 362, 362, 366, 366, 373, 370, 1, 344, - 344, 371, 2, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 371, 346, 347, 347, 348, - 371, 350, 351, 351, 352, 371, 357, 354, 355, 355, - 356, 371, 358, 359, 359, 360, 371, 369, 345, 2, - 349, 369, 371, 365, 362, 363, 363, 364, 371, 366, - 367, 367, 368, 371, 370, 0, 1, 2, 2, 2, - 2, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 346, - 0, 350, 0, 357, 0, 354, 358, 0, 369, 0, - 2, 2, 369, 365, 0, 362, 366, 0, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 369, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 342, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 133, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 143, 370, 370, 370, 370, - 370, 370, 370, 369, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 115, 370, 341, 370, - 370, 370, 370, 370, 370, 370, 370, 8, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 134, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 148, 370, 370, 369, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 334, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 369, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 69, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 261, 370, 14, 15, 370, 19, 18, 370, 370, - 241, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 141, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 239, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 3, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 369, 370, 370, 370, - 370, 370, 370, 370, 328, 370, 370, 327, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 353, 370, - 370, 370, 370, 370, 370, 370, 370, 68, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 72, 370, 297, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 335, 336, - 370, 370, 370, 370, 370, 370, 370, 370, 73, 370, - 370, 142, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 137, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 228, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 21, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 169, 370, 370, 370, 370, 370, - 369, 353, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 113, 370, 370, 370, 370, 370, 370, - 370, 305, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 196, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 168, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 112, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 35, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 36, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 70, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 140, 370, 370, 370, 369, 370, 370, - 370, 370, 370, 132, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 71, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 265, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 197, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 58, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 283, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 63, 370, 64, - 370, 370, 370, 370, 370, 116, 370, 117, 370, 370, - 370, 370, 370, 114, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 7, 370, 370, - - 370, 370, 369, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 250, 370, 370, 370, 370, 172, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 266, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 49, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 59, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 219, 370, 218, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 16, 17, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 74, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 227, 370, 370, 370, - 370, 370, 370, 119, 370, 118, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 210, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 149, 370, 370, 370, 369, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 107, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 95, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 240, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 100, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 67, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 213, 214, 370, 370, 370, 299, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 6, 370, 370, 370, 370, 370, 370, 370, 318, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 303, - 370, 370, 370, 370, 370, 370, 370, 329, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 46, 370, 370, 370, 370, 370, 48, 370, - 370, 370, 96, 370, 370, 370, 370, 370, 56, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 369, 370, 206, 370, 370, 370, 144, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 232, 370, 207, - 370, 370, 370, 247, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 57, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 146, 125, 370, 126, - 370, 370, 370, 370, 124, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 165, 370, 370, 54, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 282, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 208, 370, - 370, 370, 370, 370, 211, 370, 217, 370, 370, 370, - 370, 370, 370, 370, 370, 246, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 111, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 138, 370, 370, 370, 370, 370, - 370, 370, 370, 65, 370, 370, 370, 29, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 20, 370, 370, 370, 370, 370, 370, 370, 30, 39, - 370, 177, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 204, 370, 370, 369, - 370, 370, 370, 370, 370, 370, 82, 84, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 307, 370, 370, 370, 370, 262, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 127, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 164, 370, 50, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 256, 370, 370, 370, 370, - 370, 370, 370, 322, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 171, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 316, - - 370, 370, 370, 370, 238, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 332, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 189, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 120, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 184, 370, 198, 370, 370, 370, 370, - 370, 370, 370, 369, 370, 152, 370, 370, 370, 370, - 370, 106, 370, 370, 370, 370, 230, 370, 370, 370, - 370, 370, 370, 248, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 274, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 145, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 188, 370, 370, 370, 370, 370, 370, 370, 85, 370, - 86, 370, 370, 370, 370, 370, 259, 370, 370, 370, - 370, 66, 325, 370, 370, 370, 370, 370, 94, 199, - 370, 220, 370, 251, 370, 370, 212, 300, 370, 370, - 370, 370, 295, 370, 370, 370, 78, 370, 201, 370, - 370, 370, 370, 370, 370, 9, 370, 370, 370, 370, - - 370, 110, 370, 370, 370, 370, 370, 370, 287, 370, - 370, 370, 370, 229, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 369, - 370, 370, 370, 370, 187, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 173, 370, 306, 370, 370, - 370, 370, 370, 273, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 242, 370, 370, 370, 370, - 370, 370, 298, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 170, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 326, 370, 200, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 77, 79, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 109, 370, 370, 370, 370, - 370, 370, 285, 370, 370, 370, 370, 302, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 234, 37, 31, 33, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 38, 370, - 32, 34, 370, 40, 370, 370, 370, 370, 370, 370, - 370, 105, 370, 183, 370, 370, 370, 370, 370, 370, - 370, 369, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 236, 233, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 76, 370, 370, 370, 147, 370, - 128, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 166, 51, 370, 370, 370, 361, 13, 370, 370, - - 370, 370, 370, 370, 370, 153, 370, 370, 370, 370, - 370, 370, 370, 320, 370, 323, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 12, - 370, 370, 22, 370, 370, 370, 370, 370, 370, 370, - 291, 370, 370, 370, 370, 304, 370, 370, 370, 370, - 80, 370, 244, 370, 370, 370, 370, 370, 235, 370, - 370, 370, 75, 370, 370, 370, 370, 370, 370, 23, - 370, 370, 47, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 182, 181, 370, 370, 361, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 237, - - 231, 370, 249, 370, 370, 308, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 194, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 87, 370, 370, 370, 370, 370, 370, 370, - 286, 370, 370, 370, 370, 216, 370, 370, 370, 370, - 370, 370, 243, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 293, 370, 370, 370, 330, 331, 179, - 370, 370, 370, 81, 370, 370, 370, 370, 190, 370, - 370, 370, 370, 121, 123, 122, 370, 370, 370, 25, - - 370, 370, 174, 370, 176, 370, 221, 370, 370, 370, - 370, 180, 370, 370, 370, 370, 252, 370, 370, 370, - 370, 370, 370, 370, 155, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 264, 370, 370, - 370, 370, 370, 370, 370, 339, 370, 27, 370, 301, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 92, 222, 370, - 370, 258, 370, 370, 284, 370, 324, 370, 215, 370, - 370, 296, 370, 370, 370, 294, 60, 370, 370, 370, - 370, 370, 370, 370, 4, 370, 370, 370, 370, 136, - - 370, 154, 370, 370, 370, 195, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 255, 41, 42, 370, 370, - 370, 370, 370, 370, 370, 309, 370, 370, 370, 370, - 370, 370, 370, 272, 370, 370, 370, 370, 370, 370, - 370, 370, 225, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 91, 90, 370, - 370, 61, 370, 370, 290, 370, 260, 370, 370, 370, - 370, 370, 11, 370, 370, 370, 370, 343, 370, 370, - 370, 370, 135, 370, 370, 370, 370, 370, 370, 223, - - 97, 370, 370, 44, 370, 370, 370, 370, 370, 370, - 370, 370, 186, 370, 370, 370, 370, 370, 370, 370, - 157, 370, 370, 370, 370, 263, 370, 370, 370, 370, - 370, 271, 370, 370, 370, 370, 150, 370, 370, 370, - 129, 131, 130, 370, 370, 370, 99, 103, 98, 167, - 370, 370, 370, 370, 88, 370, 257, 292, 370, 370, - 370, 370, 370, 370, 10, 370, 370, 370, 370, 370, - 288, 333, 370, 370, 370, 370, 370, 370, 370, 338, - 43, 370, 370, 370, 370, 370, 185, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 104, 102, 370, 55, 370, 370, 89, 370, - 321, 370, 370, 370, 370, 24, 370, 370, 370, 370, - 370, 209, 370, 370, 370, 370, 370, 370, 224, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 205, 370, - 370, 175, 83, 370, 370, 370, 370, 370, 310, 370, - 370, 370, 370, 370, 370, 370, 268, 370, 370, 267, - 151, 370, 370, 101, 52, 370, 370, 158, 159, 162, - 163, 160, 161, 93, 319, 370, 370, 289, 139, 370, - 370, 370, 370, 26, 370, 178, 370, 370, 370, 370, - - 203, 370, 254, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 192, 191, 226, 45, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 317, 370, 370, 370, 370, 108, 370, 253, 370, - 281, 314, 370, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 340, 370, 53, 62, 5, 370, 370, - 245, 370, 370, 315, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 269, 28, 370, 370, 370, 370, 370, - - 370, 370, 370, 370, 370, 370, 370, 270, 370, 370, - 370, 156, 370, 370, 370, 370, 370, 370, 370, 370, - 193, 370, 202, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 311, 370, 370, 370, 370, 370, 370, 370, - 370, 370, 370, 370, 370, 370, 370, 370, 370, 370, - 337, 370, 370, 277, 370, 370, 370, 370, 370, 312, - 370, 370, 370, 370, 370, 370, 313, 370, 370, 370, - 275, 370, 278, 279, 370, 370, 370, 370, 370, 276, - 280, 0 + 1, 1, 355, 355, 359, 359, 363, 363, 367, 367, + 1, 1, 371, 371, 375, 375, 382, 379, 1, 353, + 353, 380, 2, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 380, 355, 356, 356, 357, + 380, 359, 360, 360, 361, 380, 366, 363, 364, 364, + 365, 380, 367, 368, 368, 369, 380, 378, 354, 2, + 358, 378, 380, 374, 371, 372, 372, 373, 380, 375, + 376, 376, 377, 380, 379, 0, 1, 2, 2, 2, + 2, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 355, 0, 359, 0, 366, 0, 363, 367, 0, 378, + 0, 2, 2, 378, 374, 0, 371, 375, 0, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 378, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 351, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 136, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 146, 379, 379, 379, 379, 379, + + 379, 379, 378, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 118, 379, + 379, 350, 379, 379, 379, 379, 379, 379, 379, 379, + + 8, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 137, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 151, 379, 379, + 378, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 341, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 378, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 71, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 265, 379, 14, 15, 379, 379, 20, 19, + + 379, 379, 244, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 144, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 242, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 3, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 378, 379, 379, 379, 379, 379, 379, 379, 379, 333, + 379, 379, 332, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 362, 379, 379, 379, + 379, 379, 379, 379, 379, 70, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 74, 379, 302, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 342, 343, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 75, 379, 379, + + 145, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 140, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 231, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 22, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 172, 379, 379, 379, 379, 379, + 378, 362, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 116, 379, 379, 379, 379, + 379, 379, 379, 310, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 16, 379, 379, 379, 379, 379, + 379, 379, 379, 199, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 171, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 115, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 37, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 38, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 72, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 143, + 379, 379, 379, 378, 379, 379, 379, 379, 379, 379, + 135, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 73, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 269, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 200, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 60, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 288, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 65, 379, 66, + 379, 379, 379, 379, 379, 379, 119, 379, 120, 379, + + 379, 379, 379, 379, 117, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 7, 379, + 379, 379, 379, 378, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 254, 379, 379, 379, 379, 175, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 270, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 51, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 61, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 222, 379, 221, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 17, 18, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 76, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 230, 379, 379, 379, 379, 379, 379, 379, 122, + 379, 121, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 213, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 152, 379, + 379, 379, 378, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 110, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 97, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 243, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 102, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 69, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 216, + 217, 379, 379, 379, 304, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 6, 379, 379, 379, 379, 379, 379, 379, 323, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 308, + 379, 379, 379, 379, 379, 379, 379, 334, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 48, 379, 379, 379, 379, 379, 50, + 379, 379, 379, 98, 379, 379, 379, 379, 379, 58, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 378, 379, 209, 379, 379, 379, 147, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 235, + 379, 379, 210, 379, 379, 379, 250, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 59, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 149, + 128, 379, 129, 379, 379, 379, 379, 127, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 168, 379, + 379, 56, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 286, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 211, 379, 379, 379, 379, 379, 214, 379, + 220, 379, 379, 379, 379, 379, 379, 379, 379, 249, + 379, 379, 379, 379, 379, 379, 253, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 114, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 141, + 379, 379, 379, 379, 379, 379, 379, 379, 67, 379, + 379, 379, 379, 31, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 21, 379, 379, 379, + + 379, 379, 379, 379, 32, 41, 379, 180, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 207, 379, 379, 378, 379, 379, 379, 379, + 346, 379, 379, 84, 86, 379, 379, 379, 379, 379, + 379, 379, 347, 379, 379, 379, 379, 379, 379, 312, + 379, 379, 379, 379, 266, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 130, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 167, 379, 52, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 260, 379, 379, 379, 379, 379, + 379, 379, 379, 327, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 174, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 321, + 379, 379, 379, 379, 241, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 339, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 192, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 123, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 187, 379, 201, 379, 379, 379, + 379, 379, 379, 379, 378, 379, 155, 379, 379, 379, + 379, 379, 109, 379, 379, 379, 379, 233, 379, 379, + 379, 379, 379, 379, 251, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 278, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 148, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 191, 379, 379, 379, 379, 379, 379, 379, + 87, 379, 88, 379, 379, 379, 379, 379, 263, 379, + 379, 379, 379, 379, 68, 330, 379, 379, 379, 379, + 379, 96, 202, 379, 223, 379, 255, 379, 379, 215, + 305, 379, 379, 379, 379, 300, 379, 379, 379, 80, + 379, 204, 379, 379, 379, 379, 379, 379, 9, 379, + 379, 379, 379, 379, 113, 379, 379, 379, 379, 379, + 379, 292, 379, 379, 379, 379, 379, 232, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 378, 379, 379, 379, 379, 190, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 176, 379, 311, 379, 379, 379, 379, 379, 277, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 245, 379, 379, 379, 379, 379, 379, 303, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 173, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 331, 379, + 203, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 79, 81, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 112, 379, 379, 379, 379, 379, 379, 290, + 379, 379, 379, 379, 379, 379, 307, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 237, 379, 39, 33, 35, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 40, 379, + 34, 36, 379, 42, 379, 379, 379, 379, 379, 379, + + 379, 108, 379, 186, 379, 379, 379, 379, 379, 379, + 379, 378, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 239, 236, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 78, 379, 379, 379, 150, 379, + 131, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 169, 53, 379, 379, 379, 370, 13, 379, + 379, 379, 379, 379, 379, 379, 156, 379, 379, 379, + 379, 379, 379, 379, 379, 325, 379, 328, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 12, 379, 379, 23, 379, 379, 379, 379, 379, + 379, 379, 296, 379, 379, 379, 379, 379, 379, 309, + 379, 379, 379, 379, 82, 379, 247, 379, 379, 379, + 379, 379, 238, 379, 379, 379, 379, 77, 379, 379, + 379, 379, 379, 379, 24, 379, 379, 49, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 185, 184, 379, 379, 370, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 240, 234, 379, 252, 379, 379, + 313, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 197, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 89, 379, + 379, 379, 379, 379, 379, 379, 379, 291, 379, 379, + 379, 379, 219, 379, 379, 379, 379, 379, 379, 246, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 298, 379, 379, 379, 335, 379, 337, 336, 182, 379, + 379, 379, 83, 379, 379, 379, 379, 193, 379, 379, + 379, 379, 379, 124, 126, 125, 379, 379, 379, 26, + 379, 379, 177, 379, 179, 379, 224, 379, 379, 379, + 379, 183, 379, 379, 379, 379, 256, 379, 379, 379, + + 379, 379, 379, 379, 158, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 268, 379, 379, + 379, 379, 379, 379, 379, 348, 379, 28, 379, 306, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 94, 225, + 379, 379, 262, 379, 379, 379, 289, 379, 329, 379, + 218, 379, 379, 301, 379, 379, 379, 299, 62, 379, + 379, 379, 379, 379, 379, 379, 4, 379, 379, 379, + 379, 379, 139, 379, 157, 379, 379, 379, 198, 30, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 259, + 43, 44, 379, 379, 379, 379, 379, 379, 379, 314, + 379, 379, 379, 379, 379, 379, 379, 276, 379, 379, + 379, 379, 379, 379, 379, 379, 228, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 93, 92, 379, 379, 63, 379, 379, 287, + 295, 379, 264, 379, 379, 379, 379, 379, 11, 379, + 379, 379, 379, 352, 379, 379, 379, 379, 379, 138, + 379, 379, 379, 379, 379, 379, 226, 99, 379, 379, + 46, 379, 379, 379, 379, 379, 379, 379, 379, 189, + + 379, 379, 379, 379, 379, 379, 379, 160, 379, 379, + 379, 379, 267, 379, 379, 379, 379, 379, 275, 379, + 379, 379, 379, 153, 379, 379, 379, 132, 134, 133, + 379, 379, 379, 101, 105, 100, 379, 170, 379, 379, + 379, 379, 90, 379, 261, 297, 379, 379, 379, 379, + 379, 379, 10, 379, 379, 379, 379, 379, 293, 340, + 379, 379, 379, 379, 379, 379, 379, 379, 345, 45, + 379, 379, 379, 379, 379, 188, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 106, 104, 379, 379, 57, 379, 379, 91, 379, + 326, 379, 379, 379, 379, 25, 379, 379, 379, 379, + 379, 212, 379, 379, 338, 379, 379, 379, 379, 227, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 208, + 379, 379, 178, 85, 379, 379, 379, 379, 379, 315, + 379, 379, 379, 379, 379, 379, 379, 272, 379, 379, + 271, 154, 379, 379, 103, 379, 54, 379, 379, 161, + 162, 165, 166, 163, 164, 95, 324, 379, 379, 294, + 142, 379, 379, 379, 379, 27, 379, 181, 379, 379, + 379, 379, 206, 379, 258, 379, 379, 379, 379, 379, + + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 195, 194, 229, + 47, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 322, 379, 379, 379, 379, + 111, 379, 257, 379, 285, 319, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 349, 379, 107, + 55, 64, 5, 379, 379, 248, 379, 379, 320, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 273, 29, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + + 379, 379, 274, 379, 379, 379, 159, 379, 379, 379, + 379, 379, 379, 379, 379, 196, 379, 205, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 316, 379, 379, + 379, 379, 379, 379, 379, 379, 379, 379, 379, 379, + 379, 379, 379, 379, 379, 344, 379, 379, 281, 379, + 379, 379, 379, 379, 317, 379, 379, 379, 379, 379, + 379, 318, 379, 379, 379, 279, 379, 282, 283, 379, + 379, 379, 379, 379, 280, 284, 0 } ; static const YY_CHAR yy_ec[256] = @@ -815,829 +825,851 @@ static const YY_CHAR yy_meta[67] = 1, 1, 1, 1, 1, 1 } ; -static const flex_int16_t yy_base[3701] = +static const flex_int16_t yy_base[3796] = { 0, 0, 0, 64, 67, 70, 72, 78, 84, 89, 92, - 131, 137, 112, 118, 123, 142, 488, 423, 96,10542, - 10542,10542, 160, 185, 116, 183, 229, 132, 175, 173, - 232, 50, 66, 120, 263, 275, 151, 323, 134, 375, - 416, 286, 308, 283, 126, 237, 374,10542,10542,10542, - 95, 372,10542,10542,10542, 186, 361, 373,10542,10542, - 10542, 258, 309,10542,10542,10542, 104, 293,10542, 266, - 10542, 167, 351, 281, 311,10542,10542,10542, 369, 268, - 10542,10542,10542, 146, 252, 378, 177, 0, 392, 0, - 0, 303, 270, 235, 317, 362, 344, 384, 178, 177, - - 226, 420, 377, 330, 379, 402, 414, 425, 413, 453, - 319, 367, 440, 429, 441, 455, 475, 479, 458, 482, - 490, 491, 489, 496, 504, 499, 521, 520, 506, 516, - 531, 514, 540, 527, 555, 530, 548, 541, 565, 538, - 547, 562, 576, 572, 250, 571, 601, 586, 591, 596, - 389, 598, 624, 597, 611, 618, 621, 627, 623, 208, - 294, 205, 236, 194, 669, 225, 180, 326, 158, 676, - 684, 0, 652, 152, 692, 176, 130, 492, 664, 676, - 662, 672, 682, 666, 686, 673, 683, 696, 668, 693, - 721, 681, 700, 717, 256, 727, 771, 733, 719, 740, - - 723, 732, 736, 726, 735, 756, 739, 767, 757, 762, - 763, 781, 759, 782, 783, 823, 790, 801, 809, 339, - 810, 836, 378, 806, 418, 835, 813, 443, 840, 459, - 828, 600, 858, 606, 851, 867, 819, 868, 862, 852, - 869, 870, 881, 871, 878, 872, 889, 917, 901, 896, - 915, 899, 645, 911, 744, 898, 922, 932, 905, 928, - 786, 854, 912, 863, 925, 926, 942, 947, 955, 965, - 961, 945, 966, 964, 956, 969, 958, 974, 985, 970, - 986, 982, 984, 991, 995, 1001, 999, 1005, 1012, 996, - 1004, 1022, 1027, 1023, 144, 1016, 1032, 1035, 1014, 1038, - - 1037, 1041, 1046, 1049, 1047,10542, 1043, 1057, 1074, 1073, - 1082, 1083, 1078, 1076, 1088, 1093, 1069, 1068, 1070, 1094, - 1098, 1108, 1101, 1113, 1103, 1105, 1126, 1106, 1138, 1125, - 1134, 1133, 1130, 1177, 1139, 1129, 1140, 1222, 1152, 1160, - 1164, 1178, 1183, 1185, 1143, 1182, 1191, 1204, 1217, 1184, - 1221, 1171, 1223, 1231, 1236, 1165, 1238, 1242, 1233, 1252, - 1255, 1258, 1256, 1285,10542, 1264, 1276, 1282, 1287, 1290, - 1291, 1279, 1313, 1317, 1309, 1312, 1278, 1320, 1361, 1409, - 1318, 1327, 1331, 1336, 1328,10542, 1357, 1353, 1458, 1356, - 1341, 1386, 1387, 1369, 1380, 1377, 1402, 1389, 1407, 1395, - - 1404, 1426, 1438, 1418, 1429, 1455, 1439, 1457, 1463, 1420, - 1479, 1466, 1452, 1469, 1468, 1467, 1487, 1504, 1513, 1488, - 1500, 1501, 1506, 1519, 1518, 1522, 1528, 1534, 1536, 1535, - 1514, 1541, 1540, 1546, 1566, 1611, 1539, 1562, 1565, 1568, - 1567, 1582, 1569, 1573, 1587, 1580, 1599, 1592, 1607, 1609, - 1578, 1615, 1610, 1626, 1635, 1617, 1618, 1619, 1636, 1652, - 1660, 1646, 1644, 1647, 1654, 1667, 1651, 1671, 1675, 1673, - 1674, 1681, 1678, 1668, 1705, 1690,10542, 1710,10542, 1693, - 1707, 1697, 1713, 1698, 1716, 1703, 1717,10542, 1708, 1709, - 1731, 1736, 1733, 1757, 1750, 1762, 1756, 1752, 1760, 1764, - - 1755, 1758, 1763, 1770, 1781, 1777, 1797, 1789, 1800, 1784, - 1754, 1808, 1804, 1795, 1813, 1798, 1802, 1807, 1848,10542, - 1799, 1796, 1823, 1839, 1832, 1850, 1836, 1853, 1881, 1845, - 1880, 1877, 1879, 1897, 1883, 1884, 1906, 1876, 1894, 1915, - 1903, 1917, 1904, 1910, 1920, 1933, 1921, 1929, 1945, 1930, - 1944, 1937, 1932,10542, 1949, 1964, 1965, 1959, 1961, 1955, - 1956, 1960, 1966, 1962, 1990, 1971, 1997, 1979, 1996, 2005, - 2014, 1998, 2017, 2001, 2012, 2002, 2007, 2028, 2024, 2029, - 2019, 2052, 2023, 2053, 2057, 2063, 2059, 2061, 2069, 2071, - 2049, 2047, 2058, 2074, 2073, 2062, 2075, 2079, 2086, 2076, - - 2088, 2089, 2092, 2094, 2108, 2104, 2106, 2103, 2123, 2110, - 2115, 2127, 2121, 2129, 2126, 2128, 2138, 2133, 2168, 2139, - 2160, 2151, 2148, 2172, 2178, 2167, 2170,10542, 2163, 2173, - 2159, 2188, 2196, 2190, 2197, 2195, 2198, 2206, 2205, 2221, - 2207, 2230, 2222, 2217, 2232, 2225, 2228, 2223, 2238, 2244, - 2240, 2245, 2257, 2263, 2265, 2270, 2258, 2266, 2267, 2272, - 2269, 2284, 2286, 2287, 2295, 2285, 2296, 2273, 2324, 2293, - 2304, 2316, 2314, 2307, 2318, 2325, 2312, 2328, 2331, 2333, - 2343, 2347, 2337, 2363, 2371, 2374, 2352, 2367, 2353, 2379, - 2364, 2365, 2366, 2370, 2380, 2390, 2399, 2404, 2397, 2405, - - 2396, 2402, 2416, 2407, 2391, 2415, 2411, 2424, 2418, 2423, - 2434, 2429, 2439, 2438, 2440, 2450, 2451, 2455, 2467, 2459, - 2475, 2479, 2477, 2471, 2478, 2493, 2482, 2492, 2494, 2498, - 2505, 2510, 2516, 2500, 2517, 2521, 2518, 2534, 2519, 2533, - 2543, 2542, 2535, 2551, 2555, 2553, 2545, 2562, 2549, 2561, - 2546, 2565, 2586, 2566, 2572, 2581,10542, 2578, 2601, 2580, - 2599, 2594, 2584, 2592, 2617, 2607, 2611, 2598, 2604, 2612, - 2658,10542, 2608,10542,10542, 2624,10542,10542, 2637, 2642, - 10542, 2625, 2649, 2645, 2668, 2661, 2682, 2685, 2687, 2644, - 2652, 2676, 2704, 2731, 2681, 2695, 2694, 2699, 2714, 2710, - - 2720, 2725, 2727, 2748, 2721, 2739, 2752, 2774, 2761, 2770, - 2757, 2751, 2780, 2782, 2783, 2784, 2702, 2788, 2773, 2775, - 2792, 2798, 2801, 2795, 2804, 2809, 2812, 2828, 2815, 2822, - 2813, 2811, 2832, 2827, 2846,10542, 2838, 2849, 2830, 2831, - 2847, 2857, 2858, 2871, 2865, 2866, 2861, 2878, 2879, 2873, - 2862, 2877, 2883, 2884, 2885, 2870, 2896, 2901, 2893, 2908, - 2917, 2924, 2904, 2906,10542, 2912, 2918, 2910, 2931, 2923, - 2935, 2941, 2926, 2930, 2947, 2951, 2971, 2958, 2959, 2954, - 2957, 2961, 2953, 2974, 2991,10542, 2987, 2979, 2984, 2985, - 2986, 2973, 2988, 3000, 3003, 3001, 3013, 3020, 3015, 3012, - - 3014, 3016, 3026, 3028, 3027, 3034, 3039, 3049, 3042, 3054, - 3062, 3051, 3047, 3055, 3060, 3069, 3065, 3066, 3071, 3075, - 3079, 3073, 3084, 3087, 3108, 3091, 3089, 3113, 3115, 3116, - 3100, 3111, 3124, 3112, 3136, 3118, 3126, 3122, 3130, 3128, - 3135, 3134, 3144, 3147, 3161, 3164, 3177, 3158, 3172, 3168, - 3156, 3159, 3184, 3171,10542, 3186, 3187,10542, 3157, 3188, - 3191, 3237, 3222, 3198, 3205, 3224, 3209, 3229, 3228, 3227, - 3225, 3245, 3271, 3254, 3251, 3272, 3247, 3278, 3267, 3277, - 3270, 3274, 3273, 3298, 3286, 3290, 3297, 3192, 3250, 3308, - 381, 3317, 3294, 3300, 3310, 3355, 3314, 3325, 3318, 3321, - - 3337, 3335, 3323, 3350, 3357, 3349, 3351, 3364, 3352, 3367, - 3373, 3386, 3376, 3387, 3388, 3389, 3407, 3390,10542, 3359, - 3415, 3401, 3416, 3396, 3427, 3419, 3422,10542, 3417, 3430, - 3413, 3432, 3443, 3431, 3455, 3442, 3447, 3444, 3451, 3456, - 3458, 3466, 3459, 3478,10542, 3468,10542, 3482, 3477, 3473, - 3475, 3486, 3487, 3494, 3483, 3500, 3507, 3511,10542,10542, - 3513, 3510, 3521, 3525, 3531, 3520, 3517, 3523,10542, 3514, - 3560,10542, 3550, 3538, 3558, 3548, 3544, 3552, 3549, 3556, - 3555, 3571, 3566, 3577, 3575, 3579, 3578,10542, 3572, 3598, - 3582, 3602, 3605, 3596, 3599, 3609, 3611, 3606,10542, 3615, - - 3604, 3634, 3627, 3624, 3635, 3628, 3647, 3648, 3638, 3633, - 3637, 3655, 3653, 3632, 3668, 3673, 3664, 3665, 3677, 3676, - 3683,10542, 3682, 3671, 3674, 3691, 3685, 3688, 3693, 3696, - 3701, 3695, 3680, 3708, 3716, 3714, 3722, 3712, 3724, 3715, - 3729, 3742, 3732, 3726, 3744, 3741, 3748, 3738, 3737, 91, - 3749, 3757, 3751, 3754,10542, 3753, 3773, 3775, 3780, 3781, - 3768, 128, 3776, 3777, 3784, 3793, 3782, 3801, 3794, 3810, - 3821, 3806, 3819, 3825, 3826, 3815, 3816, 3833, 3817, 3820, - 3828, 3846, 3844,10542, 3840, 3850, 3851, 3853, 3866, 3854, - 3870,10542, 3878, 3891, 3871, 3879, 3880, 3890, 3897, 3893, - - 3903, 3899, 3905, 3896, 3913, 3927, 3923, 3919, 3918, 3917, - 10542, 3934, 3938, 3942, 3931, 3944, 3937, 3948, 3952, 3958, - 3953, 3974, 3966, 3955, 3971, 3968, 3969, 3970, 3985, 3992, - 3997, 3982, 3996, 3994, 4005, 4006, 3999, 4008, 4012, 4013, - 4036, 4021,10542, 4047, 4029, 4031, 4038, 4030, 4033, 4048, - 4039, 4067, 4042, 4056, 4066, 4058, 4106, 4068, 4073, 4089, - 4090, 4094, 4095, 4097, 4096, 4100, 4109, 4118, 4134, 4144, - 4093, 4085, 4148, 4153, 4151, 4141, 4137, 4155, 4145, 4140, - 4156, 4168, 4164, 4161, 4166, 4198, 4192, 4176, 4172, 4203, - 4183,10542, 4200, 4193, 4195, 4205, 4202, 4233, 4217, 4224, - - 4231, 4234, 4228, 4230, 4235, 4238, 4245, 4255, 4247, 4258, - 4253, 4263, 4257, 4260, 4270, 4273, 4274, 4283, 4278, 4287, - 4289, 4290,10542, 4300, 4301, 4293, 4298, 4308, 4304, 4309, - 4310, 4316, 4319, 4320, 4323, 4322, 4325, 4315, 4350, 4334, - 4328, 4351, 4348, 4358, 4346,10542, 4359, 4355, 4352, 4361, - 4349, 4369, 4386, 4390, 4396, 4393, 4401, 4400, 4385, 4404, - 4407, 4406,10542, 4409, 4411, 4413, 4430, 4412, 4415, 4425, - 4432, 4447, 4428,10542, 4445, 4431, 4446, 4438, 4434, 4437, - 4468, 4471, 4461,10542, 4473, 4464, 4459, 4462, 4480, 4476, - 4475, 4495, 4477, 4474, 4494, 4503, 4510, 4491, 4511,10542, - - 4506, 4532, 4513, 4519, 4507, 4522, 4529, 4530, 4542, 4551, - 4552, 4539,10542, 4534, 4558, 4556, 4570, 4549, 4564, 4555, - 4579, 4581, 4583, 4574, 4576, 4593, 4582,10542, 4585, 4587, - 4589, 4603, 4614, 4606, 4608, 4626, 4610, 4612, 4617, 4629, - 4623, 4625, 4639, 4637, 4641, 4652, 4644, 4651, 4650, 4646, - 4661, 4671, 4663, 4681, 4665, 4666, 4673, 4690, 4694, 4689, - 4685, 4675, 4692, 4686, 4709, 4710, 4705, 4719,10542, 4711, - 4721, 4717, 4713, 4703, 4729, 4730, 4727, 4748, 4735, 4742, - 4746, 4753, 4744, 4764, 4765, 4754, 4778, 4766, 4768, 4775, - 4781, 4769, 4777, 4771, 4804, 4795, 4791, 4783, 4792, 4794, - - 4822, 4806, 4817, 4831, 4810, 4813, 4816, 4819, 4826, 4814, - 4821, 4824, 4853, 4857, 4844, 4848, 4849, 4864, 4868, 4865, - 4869, 4866, 4859, 4876, 4886, 4896,10542, 4887, 4877, 4892, - 4890, 4895, 4889, 4903, 4923, 4906, 4914, 4925, 4919, 4932, - 4935, 4920, 4926, 4922, 4937, 4933, 4943,10542, 4938,10542, - 4934, 4963, 4971, 4950, 4949,10542, 4973,10542, 4975, 4974, - 4964, 4965, 4970,10542, 4976, 4966, 4984, 4985, 4989, 5014, - 4995, 4996, 4999, 5019, 5006, 5030, 5026, 5023, 5011, 5013, - 5033, 5041, 5038, 5021, 5025, 5044, 5048, 5064, 5065, 5047, - 5071, 5051, 5060, 5066, 5076, 5062, 5078,10542, 5082, 5092, - - 5084, 5096, 5086, 5094, 5100, 5098, 5106, 5105, 5115, 5121, - 5111, 5129, 5134, 5127, 5132, 5135, 5138, 5141, 5156, 5150, - 5157,10542, 5152, 5160, 5153, 5163,10542, 5173, 5147, 5174, - 5180, 5177, 5167, 5188, 5183, 5194, 5193, 5197, 5196, 5222, - 5219, 5212, 5223,10542, 5218, 5224, 5206, 5232, 5192, 5210, - 5237, 5246, 5243, 5256, 5259, 5252, 5258, 5253, 5247, 5249, - 5251, 5269, 5282, 5286, 5287, 5283, 5294, 5274, 5295, 5291, - 5298, 5284, 5285, 5289, 5299, 5290, 5293, 5309, 5310, 5313, - 5329, 5337, 5322, 5335,10542, 5331, 5332, 5334, 5350, 5352, - 5351, 5353, 5349, 5354, 5381, 5374,10542, 5385, 5366, 5384, - - 5376, 5390, 5377, 5393, 5371, 5369, 5396, 5406, 5417, 5416, - 5410,10542, 5415,10542, 5402, 5433, 5431, 5438, 5429, 5422, - 5442, 5439, 5434, 5451, 5454, 5466, 5461, 5452, 5472, 5456, - 5460, 5480, 5463, 5483, 5485, 5490, 5484, 5498, 5481, 5493, - 5496, 5499, 5502, 5535, 5510, 5512,10542,10542, 5509, 5520, - 5526, 5528, 5530, 5539, 5551, 5549, 5558, 5554, 5542, 5547, - 5545, 5589,10542, 5566, 5573, 5522, 5577, 5578, 5601, 5581, - 5598, 5606, 5597, 5596, 5608, 5605,10542, 5593, 5600, 5617, - 5609, 5636, 5623,10542, 5626,10542, 5624, 5627, 5628, 5640, - 5625, 5633, 5649, 5650, 5651, 5644, 5654, 5679, 5661, 5670, - - 5677, 5669, 5683, 5667, 5666, 5671, 5692, 5686, 5706, 5681, - 5689, 5694,10542, 5702, 5695, 5714, 5719, 5708, 5720, 5726, - 5727, 5711,10542, 5729, 5735, 5745, 5737, 5742, 5723, 5741, - 5747, 5746, 5743, 5752, 5770, 5768, 5769,10542, 5763, 5758, - 5788, 5779, 5771, 5793, 5794, 5797, 5801,10542, 5798, 5802, - 5807, 5810, 5805, 5812, 5816, 5813, 5809, 5824, 5827, 5830, - 5843, 5838, 5837, 5840, 5851, 5841, 5832, 5861, 5875, 5869, - 5871, 5858, 5860,10542, 5870, 5872, 5876, 5878, 5889, 5890, - 5896, 5900, 5904, 5906, 5905, 5914, 5919, 5903, 5908, 5913, - 5915, 5922, 5943, 5941,10542, 5948, 5927, 5953, 5950, 5932, - - 5959, 5958, 5940, 5961, 5963, 5949, 5952, 5969, 5976, 5977, - 5987, 5970, 5997, 5975, 5980, 5979, 5988, 5993, 6001, 6005, - 6018,10542, 6034, 6003, 6020, 6025, 6022, 6026, 6036, 6037, - 6031, 6038, 6042, 6029, 6056, 6047, 6044, 6069, 6072, 6060, - 10542,10542, 6075, 6052, 6076,10542, 6079, 6068, 6081, 6071, - 6084, 6078, 6091, 6093, 6086, 6102, 6112, 6096, 6123, 6099, - 6115,10542, 6135, 6105, 6138, 6120, 6127, 6143, 6142,10542, - 6126, 6148, 6146, 6150, 6147, 6149, 6139, 6141, 6154, 6151, - 6176, 6162, 6166, 6184, 6193, 6199, 6175, 6181, 6194,10542, - 6177, 6178, 6204, 6201, 6186, 6211, 6202,10542, 6213, 6212, - - 6233, 6229, 6206, 6218, 6242, 6236, 6248, 6228, 6237, 6231, - 6260, 6261, 6262, 6263, 6258, 6253, 6257, 6286, 6280, 6267, - 6269, 6296,10542, 6259, 6290, 6284, 6297, 6303,10542, 6305, - 6319, 6317,10542, 6320, 6295, 6311, 6313, 6331,10542, 6322, - 6332, 6323, 6338, 6326, 6342, 6333, 6346, 6345, 6337, 6347, - 6349, 6358,10542, 6359, 6360, 6363,10542, 6372, 6376, 6357, - 6380, 6369, 6393, 6385, 6387, 6394, 6396,10542, 6403,10542, - 6398, 6397, 6410,10542, 6414, 6417, 6428, 6413, 6422, 6434, - 6437, 6440, 6445, 6427, 6441, 6430, 6432, 6458, 6460, 6457, - 6453, 6454, 6455, 6469,10542, 6485, 6461, 6467, 6482, 6475, - - 6492, 6490, 6489, 6484, 6502, 6508,10542,10542, 6504,10542, - 6511, 6509, 6517, 6523,10542, 6500, 6516, 6513, 6520, 6544, - 6547, 6528, 6551, 6548,10542, 6553, 6557,10542, 6536, 6555, - 6567, 6540, 6562, 6543, 6570, 6576, 6578, 6572, 6583, 6586, - 6585, 6589, 6581, 6582, 6596, 6624, 6603, 6627,10542, 6612, - 6608, 6609, 6615, 6622, 6617, 6638, 6642, 6623,10542, 6650, - 6659, 6639, 6658, 6645,10542, 6653,10542, 6660, 6666, 6664, - 6669, 6673, 6674, 6686, 6677,10542, 6681, 6685, 6695, 6680, - 6704, 6712, 6710, 6711, 6700, 6702, 6703, 6722, 6727, 6721, - 6713, 6751, 6736,10542, 6737, 6739, 6743, 6735, 6757, 6749, - - 6750, 6747, 6762, 6763, 6770, 6761, 6785, 6769, 6786, 6780, - 6790, 6794, 6795, 6784,10542, 6805, 6807, 6808, 6812, 6831, - 6811, 6815, 6828,10542, 6829, 6839, 6842,10542, 6832, 6853, - 6843, 6848, 6836, 6858, 6859, 6862, 6857, 6869, 6872, 6885, - 10542, 6879, 6880, 6874, 6888, 6897, 6886, 6898,10542,10542, - 6917,10542, 6905, 6903, 6912, 6910, 6906, 6925, 6908, 6932, - 6940, 6924, 6929, 6943, 6944, 6933,10542, 6938, 6778, 6950, - 6983, 6870, 6967, 6961, 6958, 6959,10542,10542, 6980, 6986, - 6973, 6981, 6988, 6978, 6977, 6997, 6991, 7002, 6998, 7006, - 7007,10542, 7015, 7000, 7017, 7016,10542, 7010, 7026, 7018, - - 7025, 7027, 7033, 7034, 7029, 7052, 7042, 7055, 7061, 7056, - 7067, 7048, 7047, 7062, 7058, 7068, 7076, 7077, 7078, 7086, - 10542, 7093, 7083, 7092, 7097, 7095, 7082, 7107, 7094, 7100, - 7104, 7135,10542, 7117,10542, 7123, 7127, 7131, 7138, 7128, - 7146, 7142, 7153, 7144, 7152, 7158, 7164, 7159, 7151, 7168, - 7161, 7166, 7167, 7179, 7197,10542, 7189, 7195, 7199, 7193, - 7190, 7207, 7206,10542, 7208, 7194, 7210, 7219, 7212, 7215, - 7217, 7218, 7225, 7247, 7233, 7244, 7250, 7251, 7239, 7245, - 7255, 7242, 7261, 7265, 7266,10542, 7257, 7264, 7268, 7267, - 7272, 7291, 7292, 7270, 7300, 7302, 7284, 7293, 7305,10542, - - 7294, 7312, 7310, 7318,10542, 7295, 7311, 7317, 7332, 7329, - 7324, 7322, 7343, 7335, 7337,10542, 7346, 7334, 7356, 7351, - 7339, 7353, 7361, 7359, 7368, 7373, 7370, 7384,10542, 7394, - 7379, 7388, 7396, 7380, 7395, 7389, 7415, 7412, 7399,10542, - 7414, 7422, 7428, 7421, 7418, 7435, 7413, 7423, 7448, 7442, - 7451, 7432, 7440, 7455, 7444, 7459, 7461, 7463, 7467, 7452, - 7478, 7482, 7477,10542, 7469,10542, 7480, 7483, 7486, 7503, - 7511, 7497, 7501, 7510, 7514,10542, 7505, 7519, 7517, 7516, - 7513,10542, 7533, 7537, 7539, 7538,10542, 7548, 7547, 7549, - 7543, 7556, 7558,10542, 7557, 7564, 7563, 7576, 7578, 7579, - - 7587, 7575, 7591, 7581, 7583, 7580, 7600, 7603, 7590, 7606, - 10542, 7605, 7610, 7612, 7616, 7617, 7614, 7620, 7615, 7630, - 7625, 7632,10542, 7641, 7631, 7633, 7643, 7640, 7660, 7649, - 7650, 7670, 7665, 7673, 7648, 7667, 7676, 7678, 7658, 7684, - 10542, 7677, 7672, 7697, 7712, 7713, 7701, 7715,10542, 7705, - 10542, 7704, 7706, 7722, 7716, 7724,10542, 7727, 7731, 7700, - 7736,10542,10542, 7744, 7740, 7743, 7738, 7747,10542,10542, - 7759,10542, 7742,10542, 7752, 7746,10542,10542, 7763, 7750, - 7754, 7757,10542, 7775, 7783, 7785,10542, 7791,10542, 7797, - 7774, 7795, 7782, 7784, 7799,10542, 7781, 7810, 7802, 7805, - - 7816,10542, 7803, 7811, 7822, 7839, 7818, 7827,10542, 7835, - 7845, 7831, 7833,10542, 7852, 7856, 7854, 7843, 7855, 7844, - 7860, 7866, 7862, 7871, 7878, 7869, 7877, 7879, 7889, 7873, - 7902, 7907, 7908, 7898, 7909, 7895, 7914, 7917, 7922, 7926, - 7903, 7912, 7916, 7931, 7935, 7904, 7933, 7938, 7948, 7952, - 7950, 7963, 7954, 7960, 7958, 7944, 7968, 7949, 7962, 7972, - 7965, 7980, 7976, 7978, 7991, 7984, 7992, 7988, 8011, 8000, - 8015, 8005, 8007, 8009,10542, 7999, 8001, 8025, 8027, 8031, - 8041, 8042, 8053, 8055, 8058,10542, 8060,10542, 8062, 8038, - 8065, 8051, 8052,10542, 8044, 8066, 8073, 8078, 8072, 8082, - - 8094, 8086, 8083, 8089, 8103,10542, 8108, 8114, 8105, 8093, - 8109, 8117,10542, 8128, 8124, 8120, 8122, 8125, 8141, 8135, - 8136, 8139, 8142, 8134, 8149, 8159, 8160, 8151, 8155, 8166, - 10542, 8174, 8179, 8193, 8176, 8177, 8175, 8170, 8178, 8186, - 8196, 8187, 8188, 8204, 8198, 8206, 8205, 8225, 8211, 8228, - 8212,10542, 8221,10542, 8220, 8222, 8231, 8239, 8237, 8245, - 8255, 8251, 8254,10542,10542, 8256, 8257, 8247, 8261, 8264, - 8262, 8263, 8274, 8278, 8290,10542, 8281, 8282, 8289, 8300, - 8299, 8298,10542, 8303, 8308, 8309, 8310,10542, 8307, 8305, - 8335, 8332, 8313, 8323, 8343, 8344, 8338, 8336, 8341, 8331, - - 8348,10542,10542,10542,10542, 8356, 8345, 8355, 8361, 8360, - 8372, 8376, 8381, 8382, 8383, 8367, 8366, 8380,10542, 8396, - 10542,10542, 8393,10542, 8397, 8387, 8400, 8403, 8407, 8406, - 8413,10542, 8416,10542, 8430, 8432, 8424, 8436, 8441, 8440, - 8425, 8446, 8442, 8450, 8429, 8443, 8459, 8460, 8474, 8463, - 8476, 8479, 8480,10542,10542, 8470, 8484, 8482, 8494, 8486, - 8488, 8490, 8500, 8492, 8509, 8489, 8507, 8516, 8505, 8533, - 8534, 8525, 8523, 8537,10542, 8531, 8539, 8542,10542, 8528, - 10542, 8541, 8543, 8549, 8529, 8550, 8569, 8570, 8558, 8571, - 8577,10542,10542, 8565, 8589, 8581,10542,10542, 8572, 8568, - - 8573, 8575, 8601, 8596, 8592,10542, 8604, 8608, 8621, 8597, - 8610, 8626, 8614,10542, 8619,10542, 8609, 8623, 8632, 8618, - 8647, 8652, 8636, 8639, 8656, 8658, 8654, 8640, 8659,10542, - 8660, 8663,10542, 8673, 8668, 8674, 8670, 8666, 8672, 8679, - 10542, 8701, 8686, 8708, 8709,10542, 8710, 8707, 8712, 8705, - 10542, 8716,10542, 8698, 8715, 8721, 8724, 8728,10542, 8703, - 8726, 8748,10542, 8727, 8752, 8756, 8754, 8745, 8750,10542, - 8759, 8743,10542, 8742, 8764, 8765, 8768, 8767, 8771, 8774, - 8778, 8783, 8779, 8780, 8795,10542,10542, 8805, 8798, 73, - 8813, 8788, 8792, 8800, 8810, 8807, 8804, 8814, 8817,10542, - - 10542, 8823,10542, 8825, 8832,10542, 8821, 8839, 8848, 8836, - 8852, 8840, 8841, 8837, 8865, 8856, 8871, 8863, 8867, 8864, - 10542, 8900, 8907, 8884, 8887, 8888, 8892, 8895, 8904, 8909, - 8890, 8913, 8901, 8898, 8912, 8930, 8919, 8936, 8920, 8922, - 8923, 8932,10542, 8944, 8954, 8955, 8945, 8961, 8967, 8948, - 10542, 8964, 8969, 8974, 8972,10542, 8978, 8971, 8975, 8983, - 8981, 8986,10542, 8979, 8989, 8992, 9005, 9003, 8996, 9007, - 8999, 9000, 9033,10542, 9008, 9016, 9027,10542,10542,10542, - 9024, 9037, 9026,10542, 9038, 9030, 9034, 9028,10542, 9049, - 9041, 8809, 9051,10542,10542,10542, 9045, 9057, 9060,10542, - - 9054, 9071,10542, 9067,10542, 9061,10542, 9075, 9078, 9084, - 9086,10542, 9087, 9090, 9077, 9119,10542, 9099, 9100, 9108, - 9106, 9101, 9097, 9124,10542, 9098, 9126, 9127, 9134, 9118, - 9125, 9117, 9135, 9139, 9144, 9143, 9149,10542, 9151, 9164, - 9167, 9159, 9154, 9162, 9165,10542, 9163,10542, 9174,10542, - 9166, 9175, 9184, 9181, 9189, 9187, 9186, 9201, 9212, 9199, - 9220, 9213, 9200, 9207, 9223, 9229, 9216,10542,10542, 9242, - 9224,10542, 9225, 9241,10542, 9232,10542, 9254,10542, 9239, - 9245,10542, 9252, 9247, 9259,10542,10542, 9267, 9250, 9262, - 9278, 9260, 9275, 9266,10542, 9291, 9281, 9277, 9276,10542, - - 9304,10542, 9280, 9306, 9308,10542, 9287, 9289, 9311, 9317, - 9305, 9301, 9324, 9314, 9328, 9319, 9331, 9326, 9322, 9330, - 9329, 9344, 9351, 9357, 9361,10542,10542,10542, 9353, 9347, - 9368, 9369, 9370, 9380, 9358,10542, 9374, 9382, 9378, 9371, - 9396, 9394, 9393,10542, 9387, 9386, 9391, 9395, 9402, 9400, - 9409, 9406,10542, 9424, 9428, 9430, 9427, 9420, 9435, 9437, - 9441, 9444, 9445, 9436, 9439, 9453, 9451,10542,10542, 9450, - 9442,10542, 9460, 9470,10542, 9454,10542, 9452, 9462, 9463, - 9464, 9487,10542, 9475, 9467, 9476, 9485,10542, 9478, 9497, - 9496, 9504,10542, 9489, 9513, 9490, 9500, 9516, 9523,10542, - - 10542, 9508, 9518,10542, 9530, 9527, 9522, 9543, 9535, 9531, - 9541, 9537,10542, 9540, 9546, 9533, 9545, 9556, 9563, 9570, - 10542, 9569, 9560, 9562, 9564,10542, 9567, 9583, 9590, 9574, - 9588,10542, 9600, 9594, 9586, 9611,10542, 9598, 9620, 9606, - 10542,10542,10542, 9624, 9628, 9625,10542,10542,10542,10542, - 9630, 9626, 9617, 9637,10542, 9627,10542,10542, 9639, 9650, - 9661, 9640, 9663, 9664,10542, 9660, 9662, 9670, 9654, 9659, - 10542,10542, 9674, 9656, 9658, 9677, 9679, 9666, 9687,10542, - 10542, 9669, 9701, 9706, 9703, 9698,10542, 9697, 9711, 9717, - 9709, 9719, 9722, 9723, 9714, 9721, 9742, 9732, 9736, 9730, - - 9737, 9739, 9753, 9756, 9743, 9765, 9772, 9767, 9768, 9771, - 9759, 9770,10542,10542, 9776,10542, 9777, 9781,10542, 9766, - 10542, 9791, 9796, 9805, 9806,10542, 9807, 9809, 9810, 9812, - 9787,10542, 9811, 9815, 9816, 9817, 9818, 9801,10542, 9804, - 9822, 9808, 9824, 9814, 9837, 9840, 9854, 9858,10542, 9844, - 9860,10542,10542, 9843, 9862, 9842, 9871, 9848,10542, 9870, - 9867, 9849, 9869, 9864, 9884, 9887,10542, 9898, 9896,10542, - 10542, 9908, 9891,10542,10542, 9881, 9889,10542,10542,10542, - 10542,10542,10542,10542,10542, 9910, 9914,10542,10542, 9900, - 9919, 9920, 9921,10542, 9922,10542, 9901, 9929, 9939, 9925, - - 10542, 9936,10542, 9930, 9944, 9949, 9956, 9946, 9959, 9951, - 9948, 9966, 9952, 9965, 9947, 9987, 9985, 9993, 9978, 9995, - 9982,10002, 9983,10008,10542,10542,10542,10542, 9992,10011, - 10007,10009,10015,10020,10016,10032,10022,10017,10036,10045, - 10046,10027,10038,10060,10042,10049,10057,10067,10054,10070, - 10071,10542,10075,10076,10063,10085,10542,10077,10542,10068, - 10542,10542,10093,10095,10097,10080,10111,10113,10100,10102, - 10098,10116,10110,10542,10128,10542,10542,10542,10109,10119, - 10542,10120,10127,10542,10125,10144,10132,10137,10140,10141, - 10157,10158,10156,10542,10542,10154,10152,10146,10169,10177, - - 10180,10185,10183,10189,10190,10172,10198,10542,10200,10197, - 10203,10542,10201,10187,10204,10207,10216,10213,10217,10210, - 10542,10218,10542,10220,10230,10243,10222,10232,10245,10253, - 10247,10260,10542,10229,10263,10257,10266,10270,10256,10279, - 10277,10265,10284,10293,10299,10294,10298,10283,10303,10288, - 10542,10309,10300,10542,10312,10313,10314,10323,10330,10542, - 10324,10328,10329,10336,10338,10345,10542,10343,10349,10346, - 10542,10354,10542,10542,10356,10358,10363,10362,10366,10542, - 10542,10542,10422,10429,10436,10443,10450,10457,10464, 102, - 10471,10478,10485,10492,10499,10506,10513,10520,10527,10534 + 131, 137, 112, 118, 123, 142, 616, 527, 96,10717, + 10717,10717, 160, 185, 116, 183, 229, 132, 175, 173, + 232, 50, 66, 120, 263, 275, 159, 323, 134, 375, + 416, 286, 308, 283, 126, 258, 516,10717,10717,10717, + 95, 496,10717,10717,10717, 187, 471, 490,10717,10717, + 10717, 238, 449,10717,10717,10717, 104, 401,10717, 351, + 10717, 194, 369, 379, 381,10717,10717,10717, 375, 309, + 10717,10717,10717, 146, 307, 392, 177, 0, 405, 0, + 0, 201, 270, 233, 230, 310, 259, 290, 371, 178, + + 335, 396, 413, 415, 330, 358, 417, 368, 442, 402, + 453, 423, 448, 451, 450, 454, 412, 481, 476, 469, + 480, 503, 494, 475, 463, 381, 504, 502, 511, 512, + 514, 515, 530, 531, 532, 551, 543, 345, 544, 561, + 540, 542, 554, 591, 559, 581, 577, 596, 595, 373, + 579, 599, 569, 608, 603, 622, 616, 621, 629, 624, + 281, 180, 273, 339, 268, 668, 273, 228, 222, 210, + 678, 682, 0, 650, 152, 690, 188, 128, 672, 663, + 680, 660, 670, 665, 683, 675, 692, 674, 679, 699, + 676, 697, 702, 727, 705, 709, 716, 250, 743, 787, + + 732, 722, 745, 720, 747, 748, 738, 731, 761, 758, + 766, 721, 754, 767, 785, 765, 794, 798, 835, 810, + 786, 789, 256, 816, 825, 258, 802, 418, 845, 829, + 792, 833, 91, 851, 843, 856, 857, 862, 848, 863, + 865, 867, 880, 852, 879, 882, 892, 889, 884, 888, + 881, 910, 908, 900, 917, 911, 922, 923, 919, 928, + 912, 929, 945, 924, 946, 957, 959, 939, 967, 951, + 950, 970, 965, 981, 980, 977, 960, 984, 976, 974, + 987, 982, 1000, 990, 1007, 1023, 1024, 1016, 1020, 1029, + 1015, 1014, 1017, 1022, 1019, 1037, 1011, 1042, 1050, 1052, + + 1058, 167, 1043, 1064, 1066, 1055, 1072, 1075, 1070, 1080, + 1081, 1049,10717, 1088, 1082, 1108, 1102, 1111, 1106, 1112, + 1114, 1116, 1117, 1098, 1103, 1099, 1115, 1123, 1129, 1131, + 1130, 1133, 1135, 1163, 1147, 1166, 1155, 1171, 1170, 1156, + 1205, 1172, 1157, 1180, 1250, 1174, 1176, 1194, 1207, 1220, + 320, 1208, 1178, 1237, 1203, 1204, 1243, 1239, 1247, 1258, + 1273, 1262, 1264, 1272, 1286, 1288, 1290, 1284, 1259, 1289, + 1232, 1306,10717, 1292, 1305, 1245, 1316, 1330, 1337, 1324, + 1281, 1355, 1317, 1322, 1319, 1327, 1351, 1403, 1451, 1339, + 1360, 1346, 1357, 1366,10717, 1392, 1382, 1500, 1387, 1391, + + 1410, 1407, 1405, 1398, 1431, 1432, 1409, 1352, 1438, 1423, + 1350, 1448, 1465, 1459, 1457, 1460, 1478, 1458, 1490, 1483, + 1365, 1505, 1491, 1496, 1507, 1529, 1501, 1520, 1532, 1546, + 1530, 1531, 1533, 1538, 1541, 1559, 1547, 1564, 1558, 1568, + 1569, 1556, 1565, 1574, 1582, 1589, 1604, 1649, 1609, 1596, + 1593, 1602, 1601, 1620, 1617, 1615, 1614, 1616, 1629, 1630, + 1651, 1595, 1415, 1653, 1642, 1659, 1664, 1668, 1656, 1675, + 1679, 1683, 1691, 1689, 1685, 1686, 1695, 1706, 1687, 1698, + 1712, 1716, 1714, 1723, 1732, 1719, 1728, 1439,10717, 1743, + 1741,10717, 1727, 1744, 1736, 1749, 1739, 1756, 1745, 1750, + + 10717, 1773, 1763, 1774, 1778, 1768, 1779, 1771, 1783, 1792, + 1772, 1803, 1799, 1790, 1800, 1807, 1801, 1805, 1809, 1827, + 1819, 1830, 1822, 1826, 1836, 1831, 1832, 1841, 1846, 1834, + 1857, 1842, 1903,10717, 1859, 1860, 1865, 1862, 1869, 1886, + 1878, 1893, 1905, 1885, 1920, 1924, 1926, 1953, 1927, 1912, + 1930, 1936, 1941, 1963, 1874, 1965, 1956, 1962, 1960, 1972, + 1957, 1955, 1989, 1969, 1987, 1980, 1991,10717, 1999, 2005, + 2007, 1875, 1998, 2000, 1993, 2003, 1986, 2004, 2022, 2024, + 2016, 2021, 2030, 2033, 2045, 2052, 2046, 2057, 2064, 2049, + 2050, 2048, 2051, 2060, 2067, 2086, 2047, 2069, 2085, 2082, + + 2083, 158, 2076, 2099, 2100, 2091, 2106, 2089, 2087, 2092, + 2112, 2116, 2101, 2103, 2114, 2118, 2113, 2127, 2133, 2129, + 2131, 2145, 2134, 2148, 2141, 2156, 2144, 2160, 2161, 2143, + 2158, 2170, 2172, 2164, 2178, 2195, 2182, 2193, 2184, 2188, + 2205, 2208, 2209, 2197,10717, 2219, 2217, 2215, 2234, 2236, + 2225, 2242, 2227, 2230, 2244, 2245, 2254, 2229, 2262, 2255, + 2261, 2268, 2256, 2252, 2274, 2275, 2282, 2272, 2286, 2293, + 2299, 2287, 2302, 2301, 2297, 2298, 2304, 2311, 2308, 2313, + 2317, 2339, 2333, 2321, 2332, 2325, 2355, 2334, 2338, 2352, + 2358, 2343, 2360, 2370, 2356, 2366, 2373, 2374, 2387, 2361, + + 2365, 2401, 2391, 2394, 2384, 2408, 2393, 2411, 2398, 2397, + 2423, 2426, 2428, 2407, 2431, 2425, 2421, 2434, 2436, 2442, + 2440, 2461, 2450, 2467, 2452, 2456, 2454, 2463, 2468, 2477, + 2471, 2483, 2487, 2488, 2493, 2486, 2498, 2502, 2494, 2518, + 2520, 2513, 2522, 2515, 2523, 2531, 2532, 2533, 2530, 2549, + 2550, 2554, 2538, 2564, 2566, 2560, 2565, 2558, 2559, 2575, + 2568, 2579, 2585, 2594, 2599, 2587, 2595, 2593, 2606, 2596, + 2592, 2615, 2637, 2616, 2620, 2618,10717, 2622, 2623, 2629, + 2612, 2630, 2639, 2628, 2640, 2649, 2652, 2655, 2645, 2644, + 2650, 2696,10717, 2668,10717,10717, 1473, 2667,10717,10717, + + 2677, 2687,10717, 2680, 2694, 2690, 2676, 2720, 2711, 2721, + 2719, 2713, 2723, 2714, 2679, 2764, 2732, 2728, 2742, 2735, + 2750, 2743, 2769, 2770, 2759, 2779, 2772, 2788, 2798, 2822, + 2797, 2806, 2793, 2814, 2817, 2816, 2820, 2824, 2709, 2825, + 2826, 2836, 2833, 2812, 2839, 2834, 2856, 2847, 2853, 2869, + 2850, 2859, 2851, 2761, 2874, 2872, 2881,10717, 2882, 2880, + 2875, 2884, 2885, 2895, 2883, 2896, 2889, 2898, 2909, 2913, + 2918, 2906, 2919, 2908, 2916, 2925, 2930, 2920, 2912, 2915, + 2941, 2940, 2942, 2958, 2964, 2944, 2947,10717, 2951, 2954, + 2946, 2967, 2971, 2976, 2977, 2961, 2959, 2974, 2987, 3013, + + 2978, 2994, 2997, 2996, 3007, 2993, 3008, 3022,10717, 3027, + 3018, 3009, 3023, 3010, 3036, 3039, 3042, 3024, 3044, 3038, + 3049, 3057, 3052, 3048, 3053, 3068, 3066, 3065, 3063, 3069, + 3079, 3090, 3073, 3096, 3102, 3084, 3093, 3106, 3099, 3108, + 3104, 3100, 3117, 3112, 3114, 3123, 3126, 3131, 3142, 3133, + 3128, 3143, 3157, 3150, 3137, 3153, 3161, 3141, 3170, 3172, + 3181, 3175, 3164, 3174, 3184, 3176, 3185, 3168, 3189, 3201, + 3215, 3191, 3203, 3221, 3198, 3209, 3211, 3227, 3216,10717, + 3200, 3223,10717, 3228, 3225, 3236, 3282, 3234, 3268, 3261, + 3252, 3270, 3248, 3274, 3262, 3272, 3275, 3292, 3281, 3301, + + 3297, 3313, 3300, 3316, 3314, 3318, 3308, 3332, 3325, 3320, + 3327, 3350, 3333, 3352, 3263, 3356, 3362, 477, 3369, 3343, + 3348, 3353, 3398, 3364, 3363, 3360, 3366, 3380, 3383, 3392, + 3395, 3370, 3402, 3401, 3411, 3405, 3407, 3432, 3423, 3396, + 3426, 3422, 3428, 3452, 3450, 3436,10717, 3463, 3457, 3447, + 3465, 3448, 3473, 3467, 3459,10717, 3462, 3476, 3464, 3481, + 3486, 3477, 3497, 3489, 3487, 3490, 3494, 3511, 3516, 3512, + 3513, 3524,10717, 3499,10717, 3517, 3507, 3521, 3536, 3537, + 3534, 3535, 3532, 3540, 3551, 3560,10717,10717, 3561, 3564, + 3562, 3573, 3575, 3577, 3570, 3580, 3572,10717, 3578, 3586, + + 10717, 3607, 3588, 3587, 3596, 3589, 3602, 3601, 3612, 3605, + 3629, 3606, 3632, 3616, 3635, 3627,10717, 3643, 3639, 3628, + 3645, 3646, 3647, 3648, 3655, 3656, 3652,10717, 3659, 3669, + 3674, 3668, 3686, 3693, 3688, 3676, 3695, 3699, 3684, 3687, + 3690, 3701, 3692, 3713, 3714, 3723, 3725, 3729, 3728, 3731, + 3740,10717, 3733, 3721, 3722, 3748, 3741, 3744, 3745, 3750, + 3757, 3752, 3755, 3761, 3773, 3767, 3775, 3765, 3781, 3768, + 3758, 3795, 3784, 3791, 3798, 3785, 3792, 3797, 3803, 552, + 3810, 3807, 3808, 3788,10717, 3819, 3817, 3824, 3834, 3836, + 3822, 115, 3831, 3835, 3840, 3848, 3820, 3849, 3857, 3851, + + 3865, 3875, 3858, 3868, 3879, 3877, 3869, 3872, 3884, 3878, + 3888, 3887, 3896, 3897, 3899,10717, 3894, 3905, 3904, 3910, + 3921, 3908, 3924,10717, 3932, 3941, 3939, 3933, 3946, 3947, + 3954, 3931, 3958, 3955,10717, 3967, 3956, 3966, 3952, 3981, + 3973, 3979, 3970,10717, 3992, 3991, 3993, 3984, 4002, 3997, + 4000, 3995, 4006, 4011, 4023, 4017, 4033, 4027, 4022, 4024, + 4025, 4036, 4031, 4044, 4020, 4054, 4056, 4052, 4050, 4059, + 4063, 4066, 4062, 4069, 4096, 4077,10717, 4099, 4080, 4086, + 4090, 4088, 4093, 4101, 4104, 4134, 4091, 4105, 4117, 4120, + 4161, 4125, 4131, 4144, 4148, 4136, 4145, 4150, 4146, 4155, + + 4158, 4171, 4163, 4197, 4179, 4176, 4188, 4209, 4205, 4186, + 4190, 4207, 4204, 4196, 4221, 4219, 4233, 4215, 4226, 4227, + 4259, 4238, 4235, 4254, 4260, 4245,10717, 4247, 4265, 4244, + 4266, 4276, 4294, 4281, 4239, 4291, 4283, 4289, 4282, 4286, + 4300, 4304, 4318, 4303, 4312, 4308, 4321, 4323, 4324, 4327, + 4311, 4330, 4331, 4340, 4344, 4343, 4347, 4360,10717, 4363, + 4364, 4346, 4367, 4368, 4357, 4372, 4374, 4373, 4385, 4386, + 4387, 4383, 4389, 4371, 4394, 4391, 4390, 4414, 4413, 4418, + 4405,10717, 4424, 4410, 4415, 4421, 4416, 4434, 4436, 4451, + 4455, 4454, 4461, 4460, 4446, 4463, 4467, 4457,10717, 4472, + + 4473, 4471, 4475, 4477, 4484, 4486, 4468, 4508, 4489,10717, + 4507, 4492, 4504, 4500, 4497, 4495, 4526, 4528, 4519, 4522, + 10717, 4531, 4534, 4520, 4523, 4539, 4542, 4541, 4537, 4552, + 4546, 4558, 4557, 4564, 4530, 4565, 4569,10717, 4568, 4602, + 4586, 4581, 4585, 4580, 4591, 4601, 4617, 4596, 4608, 4597, + 10717, 4631, 4623, 4628, 4641, 4615, 4621, 4633, 4635, 4648, + 4652, 4638, 4643, 4654, 4644,10717, 4655, 4658, 4670, 4671, + 4673, 4674, 4668, 4678, 4681, 4686, 4690, 4680, 4691, 4695, + 4697, 4707, 4704, 4718, 4708, 4713, 4720, 4719, 4724, 4715, + 4735, 4729, 4731, 4753, 4765, 4747, 4762, 4764, 4760, 4751, + + 4748, 4768, 4770, 4775, 4777, 4778, 4781,10717, 4783, 4780, + 4789, 4794, 4787, 4804, 4800, 4806, 4816, 4802, 4811, 4827, + 4809, 4828, 4853, 4856, 4814, 4836, 4833, 4838, 4849, 4861, + 4843, 4848, 4851, 4840, 4867, 4855, 4870, 4871, 4865, 4876, + 4882, 4875, 4892, 4885, 4896, 4887, 4888, 4897, 4902, 4908, + 4899, 4910, 4926, 4933, 4911, 4923, 4928, 4939, 4941, 4946, + 4952, 4931, 4947, 4950, 4948, 4974,10717, 4954, 4960, 4955, + 4964, 4969, 4990, 4989, 5000, 4983, 4991, 5005, 4997, 5009, + 5010, 4988, 5001, 5017, 5003, 5011, 5022,10717, 5015,10717, + 5039, 5024, 5038, 5046, 5044, 5028,10717, 5052,10717, 5051, + + 5056, 5041, 5042, 5060,10717, 5059, 5040, 5070, 5055, 5072, + 5079, 5078, 5073, 5077, 5097, 5081, 5082, 5100, 5089, 5108, + 5103, 5085, 5111, 5112, 5119, 5114, 5129, 5121, 5115, 5139, + 5124, 5146, 5127, 5138, 5141, 5151, 5145, 5162,10717, 5150, + 5166, 5168, 5170, 5171, 5165, 5172, 5184, 5174, 5180, 5191, + 5189, 5201, 5192, 5202, 5209, 5211, 5216, 5214, 5223, 5219, + 5228, 5215, 5231, 5232,10717, 5226, 5244, 5238, 5239,10717, + 5249, 5236, 5255, 5267, 5259, 5251, 5262, 5271, 5278, 5270, + 5263, 5265, 5304, 5296, 5294, 5290,10717, 5302, 5298, 5289, + 5305, 5313, 5300, 5323, 5333, 5334, 5318, 5341, 5338, 5343, + + 5331, 5329, 5335, 5332, 5350, 5360, 5362, 5368, 5359, 5372, + 5355, 5371, 5373, 5379, 5365, 5370, 5381, 5366, 5374, 5388, + 5393, 5395, 5386, 5389, 5415, 5416, 5405, 5420,10717, 5413, + 5421, 5417, 5431, 5408, 5422, 5436, 5423, 5450, 5458, 5452, + 10717, 5439, 5442, 5463, 5455, 5469, 5457, 5460, 5449, 5475, + 5482, 5477, 5496, 5498, 5489,10717, 5497,10717, 5481, 5508, + 5513, 5514, 5509, 5504, 5523, 5515, 5516, 5527, 5540, 5542, + 5525, 5530, 5553, 5541, 5543, 5552, 5544, 5572, 5538, 5555, + 5571, 5575, 5569, 5573, 5570, 5574, 5580, 5579, 5609, 5600, + 5601,10717,10717, 5587, 5597, 5616, 5620, 5602, 5621, 5632, + + 5634, 5629, 5626, 5607, 5642, 5628, 5671,10717, 5640, 5655, + 5650, 5669, 5661, 5656, 5660, 5679, 5685, 5681, 5677, 5689, + 5687,10717, 5680, 5683, 5695, 5690, 5698, 5712, 5697,10717, + 5718,10717, 5704, 5710, 5713, 5720, 5714, 5724, 5722, 5725, + 5730, 5740, 5744, 5763, 5749, 5769, 5762, 5753, 5768, 5752, + 5755, 5756, 5774, 5764, 5783, 5776, 5770, 5787,10717, 5788, + 5789, 5790, 5801, 5792, 5802, 5803, 5811, 5795,10717, 5813, + 5814, 5828, 5815, 5822, 5826, 5825, 5834, 5829, 5843, 5852, + 5845, 5853, 5850, 5851,10717, 5847, 5849, 5870, 5855, 5865, + 5875, 5868, 5882, 5871, 5888,10717, 5894, 5892, 5905, 5903, + + 5895, 5902, 5908, 5886, 5898, 5896, 5909, 5912, 5919, 5928, + 5930, 5925, 5938, 5936, 5929, 5948, 5954, 5935, 5961, 5921, + 5947,10717, 5955, 5964, 5965, 5962, 5946, 5977, 5980, 5989, + 5997, 5999, 5981, 6000, 6002, 5988, 5991, 5992, 6014, 6016, + 6007, 6019,10717, 6030, 6015, 6036, 6021, 6027, 6010, 6042, + 6038, 6031, 6047, 6050, 6040, 6043, 6048, 6056, 6065, 6063, + 6078, 6084, 6067, 6081, 6080, 6086, 6082, 6090, 6094, 6107, + 10717, 6089, 6092, 6105, 6113, 6111, 6116, 6091, 6126, 6121, + 6123, 6136, 6119, 6150, 6132, 6133, 6153, 6156, 6137,10717, + 10717, 6161, 6140, 6160,10717, 6164, 6149, 6171, 6166, 6159, + + 6176, 6174, 6168, 6179, 6192, 6195, 6181, 6208, 6205, 6184, + 6197,10717, 6219, 6215, 6223, 6218, 6221, 6230, 6225,10717, + 6214, 6234, 6239, 6244, 6242, 6241, 6243, 6240, 6250, 6246, + 6261, 6254, 6248, 6278, 6235, 6287, 6269, 6277, 6280,10717, + 6275, 6271, 6298, 6294, 6285, 6291, 6302,10717, 6296, 6304, + 6312, 6318, 6319, 6326, 6323, 6329, 6327, 6334, 6320, 6335, + 6339, 6347, 6337, 6351, 6353, 6368, 6354, 6360, 6362, 6356, + 6377, 6381, 6384,10717, 6383, 6390, 6366, 6398, 6391,10717, + 6397, 6412, 6395,10717, 6410, 6394, 6409, 6404, 6428,10717, + 6415, 6422, 6417, 6431, 6413, 6439, 6423, 6440, 6446, 6433, + + 6437, 6443, 6449,10717, 6450, 6444, 6464,10717, 6451, 6465, + 6473, 6480, 6481, 6466, 6487, 6477, 6489, 6479, 6488,10717, + 6493, 6499,10717, 6500, 6490, 6504,10717, 6506, 6507, 6517, + 6509, 6514, 6530, 6532, 6525, 6511, 6520, 6533, 6521, 6524, + 6549, 6551, 6559, 6545, 6552, 6547, 6544,10717, 6572, 6550, + 6566, 6578, 6562, 6580, 6585, 6579, 6576, 6593, 6583,10717, + 10717, 6601,10717, 6610, 6588, 6600, 6603,10717, 6602, 6608, + 6631, 6615, 6633, 6636, 6625, 6623, 6645, 6640,10717, 6647, + 6650,10717, 6630, 6649, 6659, 6642, 6657, 6663, 6661, 6669, + 6678, 6668, 6680, 6682, 6683, 6688, 6675, 6684, 6702, 6704, + + 6695, 6730,10717, 6703, 6711, 6712, 6713, 6708, 6721, 6739, + 6738, 6727,10717, 6750, 6735, 6740, 6751, 6745,10717, 6762, + 10717, 6757, 6764, 6768, 6779, 6767, 6770, 6676, 6772,10717, + 6785, 6774, 6793, 6777, 6791, 6807,10717, 6800, 6806, 6798, + 6804, 6801, 6815, 6819, 6813, 6817, 6850, 6827,10717, 6820, + 6838, 6843, 6837, 6840, 6846, 6844, 6849, 6863, 6856, 6858, + 6854, 6881, 6874, 6866, 6879, 6890, 6883, 6893, 6876,10717, + 6896, 6902, 6907, 6901, 6931, 6903, 6923, 6921,10717, 6924, + 6927, 6908, 6938,10717, 6934, 6936, 6946, 6875, 6935, 6949, + 6950, 6959, 6954, 6958, 6942, 6973,10717, 6976, 6977, 6970, + + 6982, 6986, 6983, 6980,10717,10717, 7002,10717, 6995, 6997, + 6996, 7009, 7005, 7017, 7012, 7022, 7033, 7016, 7018, 7036, + 7041, 7029,10717, 7032, 6868, 7028, 7070, 7057, 7067, 7063, + 10717, 7064, 7054,10717,10717, 7071, 7081, 7076, 7075, 7078, + 7077, 7065,10717, 7091, 7090, 7086, 7088, 7106, 7105,10717, + 7115, 7100, 7117, 7104,10717, 7101, 7125, 7112, 7114, 7131, + 7122, 7127, 7139, 7145, 7133, 7137, 7157, 7153, 7160, 7151, + 7147, 7158, 7163, 7152, 7178, 7180, 7179, 7181,10717, 7186, + 7172, 7182, 7185, 7188, 7190, 7200, 7195, 7213, 7202, 7231, + 7235,10717, 7217,10717, 7220, 7222, 7228, 7237, 7245, 7242, + + 7243, 7250, 7241, 7247, 7259, 7263, 7255, 7251, 7277, 7257, + 7270, 7272, 7275, 7290,10717, 7289, 7292, 7280, 7300, 7296, + 7309, 7310, 7306,10717, 7319, 7314, 7320, 7317, 7325, 7326, + 7312, 7330, 7327, 7342, 7328, 7344, 7348, 7350, 7346, 7353, + 7358, 7347, 7363, 7351, 7369,10717, 7374, 7366, 7375, 7368, + 7380, 7376, 7377, 7396, 7404, 7382, 7392, 7385, 7395,10717, + 7401, 7410, 7413, 7240,10717, 7414, 7403, 7412, 7421, 7438, + 7417, 7427, 7428, 7437, 7456,10717, 7449, 7431, 7443, 7439, + 7441, 7454, 7460, 7462, 7466, 7465, 7480, 7492,10717, 7490, + 7479, 7498, 7499, 7500, 7486, 7501, 7502, 7507, 7515, 7509, + + 10717, 7519, 7528, 7539, 7525, 7526, 7550, 7527, 7534, 7561, + 7552, 7553, 7538, 7546, 7565, 7554, 7555, 7560, 7580, 7584, + 7556, 7577, 7583, 7590,10717, 7578,10717, 7579, 7591, 7601, + 7608, 7613, 7603, 7618, 7604, 7628,10717, 7616, 7617, 7615, + 7636, 7625,10717, 7626, 7631, 7639, 7644,10717, 7659, 7652, + 7649, 7655, 7637, 7671,10717, 7668, 7670, 7675, 7690, 7692, + 7679, 7691, 7687, 7702, 7681, 7695, 7685, 7710, 7697, 7699, + 7700,10717, 7712, 7718, 7723, 7720, 7728, 7726, 7732, 7722, + 7730, 7744, 7738,10717, 7749, 7736, 7746, 7747, 7750, 7768, + 7755, 7753, 7784, 7780, 7769, 7787, 7771, 7773, 7782, 7785, + + 7783, 7803,10717, 7793, 7802, 7816, 7811, 7813, 7814, 7823, + 10717, 7815,10717, 7812, 7819, 7834, 7841, 7836,10717, 7851, + 7832, 7852, 7830, 7857,10717,10717, 7861, 7839, 7860, 7867, + 7864,10717,10717, 7869,10717, 7859,10717, 7862, 7874,10717, + 10717, 7870, 7879, 7880, 7887,10717, 7888, 7904, 7895,10717, + 7910,10717, 7885, 7891, 7912, 7900, 7897, 7918,10717, 7902, + 7925, 7914, 7922, 7930,10717, 7917, 7938, 7936, 7956, 7940, + 7939,10717, 7959, 7961, 7943, 7952, 7950,10717, 7974, 7973, + 7977, 7960, 7967, 7979, 7985, 7991, 7970, 7994, 7995, 8005, + 7996, 8004, 8009, 8013, 8000, 8025, 8026, 8028, 8017, 8031, + + 8012, 8040, 8037, 8046, 8048, 8042, 8039, 8050, 8041, 8057, + 8055, 8063, 8060, 8070, 8080, 8072, 8085, 8081, 8084, 8082, + 8075, 8087, 8076, 8097, 8100, 8104, 8101, 8089, 8105, 8116, + 8106, 8112, 8114, 8132, 8123, 8137, 8139, 8131, 8140,10717, + 8127, 8147, 8153, 8157, 8154, 8165, 8166, 8151, 8177, 8178, + 10717, 8182,10717, 8184, 8172, 8175, 8181, 8174,10717, 8187, + 8197, 8196, 8199, 8211, 8201, 8223, 8202, 8212, 8213, 8232, + 10717, 8237, 8235, 8229, 8239, 8227, 8244,10717, 8242, 8253, + 8247, 8249, 8254, 8248, 8258, 8259, 8266, 8263, 8264, 8285, + 8280, 8295, 8296, 8278, 8290, 8291,10717, 8301, 8302, 8314, + + 8303, 8309, 8304, 8307, 8306, 8310, 8313, 8312, 8318, 8323, + 8333, 8340, 8329, 8347, 8353, 8357, 8356, 8361,10717, 8345, + 10717, 8354, 8350, 8374, 8346, 8370, 8367, 8384, 8372, 8376, + 10717,10717, 8378, 8382, 8401, 8406, 8393, 8394, 8407, 8399, + 8402, 8411,10717, 8403, 8409, 8426, 8419, 8440, 8428,10717, + 8433, 8427, 8430, 8435, 8436, 8452,10717, 8446, 8455, 8457, + 8465, 8469, 8453, 8471, 8473, 8468, 8470, 8475, 8474, 8481, + 10717, 8482,10717,10717,10717, 8488, 8497, 8485, 8490, 8498, + 8505, 8509, 8501, 8514, 8517, 8519, 8500, 8516,10717, 8529, + 10717,10717, 8530,10717, 8534, 8528, 8543, 8532, 8533, 8545, + + 8555,10717, 8549,10717, 8546, 8560, 8553, 8571, 8574, 8572, + 8566, 8583, 8579, 8584, 8570, 8576, 8601, 8595, 8604, 8587, + 8603, 8607, 8609,10717,10717, 8606, 8617, 8615, 8625, 8621, + 8632, 8624, 8628, 8635, 8636, 8631, 8634, 8642, 8633, 8629, + 8648, 8652, 8658, 8647,10717, 8664, 8667, 8675,10717, 8661, + 10717, 8677, 8681, 8684, 8665, 8674, 8694, 8697, 8692, 8698, + 8691, 8685,10717,10717, 8705, 8701, 8709,10717,10717, 8708, + 8711, 8717, 8720, 8726, 8722, 8721,10717, 8732, 8734, 8744, + 8736, 8746, 8742, 8752, 8756,10717, 8747,10717, 8760, 8761, + 8776, 8766, 8782, 8786, 8771, 8767, 8800, 8796, 8789, 8774, + + 8801,10717, 8795, 8792,10717, 8813, 8807, 8811, 8802, 8816, + 8814, 8821,10717, 8824, 8817, 8839, 8822, 8846, 8850,10717, + 8853, 8851, 8849, 8847,10717, 8858,10717, 8840, 8859, 8857, + 8870, 8863,10717, 8841, 8872, 8873, 8878,10717, 8871, 8889, + 8894, 8898, 8882, 8890,10717, 8904, 8896,10717, 8888, 8907, + 8909, 8911, 8897, 8913, 8905, 8915, 8929, 8931, 8927, 8940, + 10717,10717, 8934, 8941, 73, 8952, 8926, 8928, 8930, 8945, + 8964, 8937, 8959, 8965,10717,10717, 8961,10717, 8972, 8971, + 10717, 8956, 8979, 8968, 8967, 8992, 8986, 8983, 8973, 9002, + 8991, 9012, 9006, 8998, 9008,10717, 9026, 9027, 9009, 9034, + + 9036, 9039, 9044, 9047, 9050, 9022, 9041, 9032, 9030, 9049, + 9055, 9057, 9061, 9065, 9072, 9066, 9067, 9071,10717, 9090, + 9095, 9097, 9088, 9101, 9096, 9099, 9092,10717, 9105, 9109, + 9106, 9107,10717, 9111, 9126, 9131, 9120, 9132, 9133,10717, + 9127, 9121, 9125, 9146, 9147, 9130, 9144, 9136, 9159, 9166, + 10717, 9157, 9171, 9160,10717, 9173,10717,10717,10717, 9176, + 9165, 9175,10717, 9185, 9182, 9174, 9177,10717, 9190, 9194, + 9201, 9216, 9193,10717,10717,10717, 9200, 9208, 9209,10717, + 9204, 9219,10717, 9217,10717, 9212,10717, 9236, 9237, 9246, + 9221,10717, 9244, 9240, 9245, 9254,10717, 9234, 9238, 9250, + + 9257, 9263, 9243, 9270,10717, 9284, 9273, 9282, 9288, 9274, + 9279, 9277, 9289, 9281, 9300, 9295, 9296,10717, 9303, 9308, + 9312, 9323, 9309, 9314, 9316,10717, 9318,10717, 9332,10717, + 9333, 9335, 9336, 9350, 9343, 9326, 9345, 9353, 9362, 9351, + 9363, 9365, 9359, 9369, 9358, 9374, 9382, 9378,10717,10717, + 9404, 9386,10717, 9396, 9403, 9406,10717, 9391,10717, 9407, + 10717, 9392, 9399,10717, 9411, 9401, 9420,10717,10717, 9421, + 9426, 9413, 9437, 9418, 9436, 9431,10717, 9453, 9442, 9432, + 9439, 9455,10717, 9465,10717, 9447, 9466, 9470,10717,10717, + 9449, 9459, 9462, 9472, 9464, 9468, 9490, 9476, 9491, 9481, + + 9510, 9477, 9495, 9493, 9511, 9504, 9518, 9522, 9515,10717, + 10717,10717, 9512, 9506, 9534, 9530, 9529, 9540, 9523,10717, + 9539, 9547, 9549, 9536, 9563, 9552, 9560,10717, 9550, 9546, + 9553, 9559, 9565, 9556, 9568, 9576,10717, 9588, 9593, 9594, + 9595, 9587, 9599, 9598, 9606, 9607, 9608, 9609, 9597, 9592, + 9613, 9611,10717,10717, 9623, 9614,10717, 9629, 9632,10717, + 10717, 9620,10717, 9624, 9626, 9633, 9627, 9641,10717, 9655, + 9635, 9644, 9650,10717, 9638, 9665, 9667, 9670, 9668,10717, + 9660, 9685, 9666, 9662, 9679, 9691,10717,10717, 9677, 9683, + 10717, 9700, 9697, 9689, 9712, 9705, 9701, 9714, 9710,10717, + + 9716, 9721, 9711, 9713, 9729, 9723, 9739,10717, 9738, 9730, + 9732, 9743,10717, 9737, 9751, 9757, 9750, 9764,10717, 9776, + 9760, 9724, 9778,10717, 9765, 9786, 9782,10717,10717,10717, + 9788, 9793, 9796,10717,10717,10717, 9784,10717, 9797, 9801, + 9798, 9804,10717, 9803,10717,10717, 9814, 9836, 9838, 9819, + 9840, 9825,10717, 9816, 9823, 9842, 9831, 9833,10717,10717, + 9851, 9852, 9834, 9835, 9859, 9857, 9848, 9850,10717,10717, + 9846, 9861, 9879, 9863, 9874,10717, 9867, 9882, 9892, 9891, + 9895, 9902, 9903, 9890, 9899, 9912, 9913, 9727, 9908, 9910, + 9907, 9915, 9931, 9919, 9941, 9916, 9939, 9944, 9949, 9935, + + 9948,10717,10717, 9954, 9942,10717, 9957, 9952,10717, 9946, + 10717, 9959, 9967, 9970, 9974,10717, 9978, 9982, 9985, 9987, + 9963,10717, 9983, 9993,10717, 9995, 9990, 9984, 9980,10717, + 9988, 9998, 9994,10002, 9991,10011,10016,10007,10004,10717, + 10017,10036,10717,10717,10019,10038,10021,10044,10031,10717, + 10039,10055,10040,10048,10033,10043,10046,10717,10050,10069, + 10717,10717,10080,10070,10717,10086,10717,10064,10072,10717, + 10717,10717,10717,10717,10717,10717,10717,10088,10091,10717, + 10717,10082,10098,10100,10101,10717,10102,10717,10081,10097, + 10099,10096,10717,10118,10717,10111,10124,10131,10137,10125, + + 10141,10133,10128,10126,10138,10123,10155,10163,10164,10151, + 10158,10165,10175,10167,10110,10168,10182,10717,10717,10717, + 10717,10184,10169,10157,10191,10193,10204,10201,10208,10202, + 10190,10209,10214,10217,10199,10215,10228,10220,10226,10235, + 10233,10223,10245,10252,10254,10717,10256,10244,10239,10263, + 10717,10249,10717,10250,10717,10717,10269,10272,10266,10261, + 10283,10287,10270,10262,10279,10289,10292,10717,10303,10717, + 10717,10717,10717,10288,10285,10717,10290,10314,10717,10293, + 10317,10307,10310,10311,10308,10328,10334,10329,10717,10717, + 10332,10330,10343,10342,10341,10363,10364,10366,10367,10369, + + 10357,10368,10717,10377,10373,10380,10717,10379,10389,10375, + 10392,10393,10386,10395,10402,10717,10396,10717,10417,10409, + 10420,10407,10413,10424,10427,10438,10433,10717,10404,10448, + 10431,10455,10460,10457,10459,10444,10467,10464,10470,10468, + 10471,10473,10482,10476,10483,10717,10479,10485,10717,10487, + 10506,10494,10496,10516,10717,10518,10503,10505,10519,10525, + 10527,10717,10526,10535,10529,10717,10532,10717,10717,10543, + 10531,10538,10539,10541,10717,10717,10717,10597,10604,10611, + 10618,10625,10632,10639, 100,10646,10653,10660,10667,10674, + 10681,10688,10695,10702,10709 } ; -static const flex_int16_t yy_def[3701] = +static const flex_int16_t yy_def[3796] = { 0, - 3682, 1, 3683, 3683, 3684, 3684, 3685, 3685, 3686, 3686, - 3687, 3687, 3688, 3688, 3689, 3689, 3682, 3690, 3682, 3682, - 3682, 3682, 3691, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3692, 3682, 3682, 3682, - 3692, 3693, 3682, 3682, 3682, 3693, 3694, 3682, 3682, 3682, - 3682, 3694, 3695, 3682, 3682, 3682, 3695, 3696, 3682, 3697, - 3682, 3696, 3696, 3698, 3682, 3682, 3682, 3682, 3698, 3699, - 3682, 3682, 3682, 3699, 3690, 3690, 3682, 3700, 3691, 3700, - 3691, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3692, - 3692, 3693, 3693, 3694, 3694, 3682, 3695, 3695, 3696, 3696, - 3697, 3697, 3696, 3698, 3698, 3682, 3699, 3699, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3696, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3696, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3696, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3696, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3682, 3682, 3690, 3682, 3682, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3696, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3682, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3696, 3696, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3696, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3682, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - - 3690, 3690, 3696, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3696, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3682, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3696, 3690, 3682, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3682, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3682, 3690, 3682, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3682, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3696, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3696, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3682, 3682, 3690, 3690, 3690, 3690, 3690, 3682, 3682, - 3690, 3682, 3690, 3682, 3690, 3690, 3682, 3682, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3682, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3696, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3682, 3682, 3682, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3682, 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3696, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3682, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3682, 3690, 3690, 3690, 3682, 3682, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3682, 3690, 3690, 3696, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - - 3682, 3690, 3682, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3682, 3682, 3682, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3682, 3682, 3682, 3690, 3690, 3690, 3682, - - 3690, 3690, 3682, 3690, 3682, 3690, 3682, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3682, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3682, 3690, - 3690, 3682, 3690, 3690, 3682, 3690, 3682, 3690, 3682, 3690, - 3690, 3682, 3690, 3690, 3690, 3682, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3682, - - 3690, 3682, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3682, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3682, 3690, - 3690, 3682, 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - - 3682, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3682, 3682, 3682, 3690, 3690, 3690, 3682, 3682, 3682, 3682, - 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, - 3682, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, - 3682, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3682, 3690, 3682, 3690, 3690, 3682, 3690, - 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3682, 3682, 3690, 3690, 3690, 3690, 3690, 3682, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3682, - 3682, 3690, 3690, 3682, 3682, 3690, 3690, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3690, 3690, 3682, 3682, 3690, - 3690, 3690, 3690, 3682, 3690, 3682, 3690, 3690, 3690, 3690, - - 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3682, 3682, 3682, 3682, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3682, 3690, 3682, 3690, - 3682, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3690, 3682, 3682, 3682, 3690, 3690, - 3682, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3682, 3682, 3690, 3690, 3690, 3690, 3690, - - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, - 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, 3690, - 3682, 3690, 3690, 3682, 3690, 3690, 3690, 3690, 3690, 3682, - 3690, 3690, 3690, 3690, 3690, 3690, 3682, 3690, 3690, 3690, - 3682, 3690, 3682, 3682, 3690, 3690, 3690, 3690, 3690, 3682, - 3682, 0, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682 + 3777, 1, 3778, 3778, 3779, 3779, 3780, 3780, 3781, 3781, + 3782, 3782, 3783, 3783, 3784, 3784, 3777, 3785, 3777, 3777, + 3777, 3777, 3786, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3787, 3777, 3777, 3777, + 3787, 3788, 3777, 3777, 3777, 3788, 3789, 3777, 3777, 3777, + 3777, 3789, 3790, 3777, 3777, 3777, 3790, 3791, 3777, 3792, + 3777, 3791, 3791, 3793, 3777, 3777, 3777, 3777, 3793, 3794, + 3777, 3777, 3777, 3794, 3785, 3785, 3777, 3795, 3786, 3795, + 3786, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3787, 3787, 3788, 3788, 3789, 3789, 3777, 3790, 3790, 3791, + 3791, 3792, 3792, 3791, 3793, 3793, 3777, 3794, 3794, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3791, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3791, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3791, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3791, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3777, 3777, 3785, 3785, 3777, 3777, + + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3791, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3791, 3791, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3791, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, + + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3791, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3791, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3777, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3791, 3785, 3777, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3777, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3777, 3777, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3791, 3785, 3785, 3785, 3785, + 3777, 3785, 3785, 3777, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3791, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3777, 3777, 3785, 3785, 3785, 3785, + 3785, 3777, 3777, 3785, 3777, 3785, 3777, 3785, 3785, 3777, + 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3777, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3791, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3777, 3777, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3777, 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3791, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3777, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3777, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3777, 3785, 3785, 3785, 3777, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3777, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3777, 3785, 3785, 3791, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3777, 3777, 3785, 3777, 3785, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3777, 3785, 3785, 3785, 3777, 3785, 3777, 3777, 3777, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3777, 3777, 3777, 3785, 3785, 3785, 3777, + 3785, 3785, 3777, 3785, 3777, 3785, 3777, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3777, + 3785, 3785, 3777, 3785, 3785, 3785, 3777, 3785, 3777, 3785, + 3777, 3785, 3785, 3777, 3785, 3785, 3785, 3777, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3777, 3785, 3785, 3785, 3777, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3777, 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3777, 3785, 3785, 3777, 3785, 3785, 3777, + 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3777, 3785, 3785, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3777, 3777, 3777, + 3785, 3785, 3785, 3777, 3777, 3777, 3785, 3777, 3785, 3785, + 3785, 3785, 3777, 3785, 3777, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, 3777, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3777, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3777, 3777, 3785, 3785, 3777, 3785, 3785, 3777, 3785, + 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3777, 3777, 3785, 3785, 3785, 3785, 3785, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3777, 3777, 3785, 3785, 3777, 3785, 3777, 3785, 3785, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3785, 3785, 3777, + 3777, 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, 3785, + 3785, 3785, 3777, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3777, 3777, + 3777, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, + 3777, 3785, 3777, 3785, 3777, 3777, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3777, + 3777, 3777, 3777, 3785, 3785, 3777, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3777, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + + 3785, 3785, 3777, 3785, 3785, 3785, 3777, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, 3785, + 3785, 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3777, 3785, + 3785, 3785, 3785, 3785, 3777, 3785, 3785, 3785, 3785, 3785, + 3785, 3777, 3785, 3785, 3785, 3777, 3785, 3777, 3777, 3785, + 3785, 3785, 3785, 3785, 3777, 3777, 0, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777 } ; -static const flex_int16_t yy_nxt[10609] = +static const flex_int16_t yy_nxt[10784] = { 0, 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, 18, 18, 22, 24, 25, 26, 27, 28, 29, 18, @@ -1646,1169 +1678,1188 @@ static const flex_int16_t yy_nxt[10609] = 24, 25, 26, 27, 28, 29, 18, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 18, 18, 18, 45, 48, 49, 50, 48, - 49, 50, 53, 54, 53, 54, 55, 119, 55, 58, - 59, 60, 61, 120, 22, 58, 59, 60, 61, 86, - 22, 64, 65, 66, 64, 65, 66, 87, 160, 160, + 49, 50, 53, 54, 53, 54, 55, 120, 55, 58, + 59, 60, 61, 121, 22, 58, 59, 60, 61, 86, + 22, 64, 65, 66, 64, 65, 66, 87, 161, 161, - 1368, 88, 85, 51, 119, 86, 51, 167, 167, 56, - 120, 56, 170, 75, 76, 77, 78, 62, 22, 75, - 76, 77, 78, 62, 22, 81, 82, 83, 67, 97, + 85, 88, 351, 51, 120, 86, 51, 168, 168, 56, + 121, 56, 171, 75, 76, 77, 78, 62, 22, 75, + 76, 77, 78, 62, 22, 81, 82, 83, 67, 98, 86, 67, 19, 20, 21, 69, 70, 71, 19, 20, - 21, 69, 70, 71, 81, 82, 83, 121, 108, 177, - 177, 79, 72, 159, 415, 86, 97, 79, 72, 86, - 137, 90, 84, 90, 90, 86, 90, 170, 109, 178, - 73, 86, 90, 86, 121, 108, 73, 176, 87, 72, - 159, 84, 88, 86, 130, 72, 112, 137, 110, 162, - 86, 175, 162, 173, 113, 109, 98, 170, 188, 91, - - 92, 93, 111, 99, 94, 114, 170, 100, 187, 95, - 101, 130, 86, 112, 86, 110, 86, 86, 96, 168, - 173, 113, 86, 98, 86, 188, 166, 92, 93, 111, - 99, 94, 114, 165, 100, 187, 95, 101, 85, 162, - 85, 85, 162, 85, 163, 96, 102, 161, 115, 85, - 103, 116, 189, 104, 181, 105, 106, 254, 117, 164, - 118, 164, 164, 294, 164, 86, 107, 90, 86, 90, - 90, 86, 90, 102, 86, 115, 122, 103, 116, 189, - 104, 181, 105, 106, 123, 117, 180, 118, 126, 86, - 124, 86, 127, 107, 125, 86, 156, 160, 160, 148, - - 157, 149, 86, 122, 158, 172, 128, 178, 129, 86, - 150, 123, 176, 180, 86, 126, 151, 124, 179, 127, - 175, 125, 86, 156, 152, 86, 148, 157, 149, 167, - 167, 158, 170, 128, 153, 129, 131, 150, 154, 155, - 132, 182, 86, 151, 133, 179, 332, 86, 168, 206, - 134, 152, 169, 135, 169, 169, 86, 169, 86, 184, - 136, 153, 86, 131, 195, 154, 155, 132, 182, 86, - 174, 133, 174, 174, 166, 174, 206, 134, 86, 85, - 135, 85, 85, 86, 85, 336, 184, 136, 138, 1212, - 85, 195, 139, 90, 183, 90, 90, 207, 90, 185, - - 165, 86, 140, 141, 90, 142, 86, 193, 194, 197, - 196, 163, 186, 161, 86, 138, 86, 86, 86, 139, - 86, 183, 263, 86, 207, 338, 185, 198, 86, 140, - 141, 91, 142, 143, 193, 194, 144, 196, 190, 186, - 199, 86, 200, 145, 191, 202, 192, 146, 147, 263, - 342, 201, 86, 86, 198, 86, 208, 86, 210, 86, - 143, 209, 86, 144, 86, 190, 344, 199, 86, 200, - 145, 191, 202, 192, 146, 147, 203, 204, 201, 86, - 86, 211, 86, 208, 205, 210, 216, 3682, 209, 218, - 212, 3682, 86, 213, 86, 177, 177, 86, 86, 219, - - 3682, 3682, 3682, 203, 204, 221, 214, 215, 211, 222, - 217, 205, 227, 3682, 86, 226, 218, 212, 86, 220, - 213, 86, 224, 228, 229, 223, 219, 225, 86, 86, - 86, 232, 221, 214, 215, 86, 222, 217, 86, 227, - 230, 231, 226, 86, 235, 86, 220, 234, 233, 224, - 228, 229, 223, 86, 225, 86, 236, 237, 232, 86, - 86, 242, 241, 3682, 3682, 247, 86, 230, 231, 86, - 86, 235, 238, 243, 234, 233, 239, 86, 3682, 86, - 86, 244, 240, 236, 237, 248, 86, 86, 242, 241, - 245, 250, 247, 249, 86, 255, 246, 253, 3682, 238, - - 243, 86, 251, 239, 86, 259, 252, 346, 244, 240, - 86, 86, 248, 349, 256, 86, 260, 245, 250, 261, - 249, 268, 255, 246, 253, 86, 264, 262, 269, 251, - 86, 257, 259, 252, 258, 86, 86, 86, 265, 86, - 86, 256, 270, 260, 272, 86, 261, 266, 268, 273, - 86, 271, 370, 264, 262, 269, 3682, 86, 257, 267, - 86, 258, 86, 86, 3682, 265, 86, 274, 3682, 270, - 164, 272, 164, 164, 266, 164, 273, 169, 271, 169, - 169, 275, 169, 276, 86, 90, 267, 90, 90, 282, - 90, 170, 278, 174, 274, 174, 174, 277, 174, 279, - - 287, 86, 280, 86, 284, 86, 283, 86, 275, 281, - 285, 86, 86, 286, 288, 86, 282, 292, 291, 278, - 86, 86, 86, 172, 277, 86, 279, 287, 289, 280, - 293, 284, 86, 283, 290, 86, 281, 285, 295, 86, - 286, 288, 296, 304, 292, 291, 303, 305, 3682, 308, - 310, 373, 306, 309, 307, 314, 86, 293, 86, 297, - 86, 290, 86, 312, 3682, 86, 86, 311, 3682, 296, - 304, 86, 86, 303, 86, 86, 308, 310, 86, 86, - 309, 307, 314, 86, 315, 316, 297, 298, 317, 321, - 318, 313, 299, 379, 311, 86, 86, 300, 86, 322, - - 323, 86, 86, 301, 302, 319, 86, 329, 320, 3682, - 86, 315, 316, 3682, 298, 317, 321, 318, 313, 299, - 86, 86, 86, 333, 300, 86, 322, 323, 3682, 86, - 301, 302, 319, 330, 329, 320, 324, 331, 337, 325, - 86, 326, 339, 334, 345, 86, 341, 3682, 86, 86, - 333, 352, 86, 327, 335, 328, 340, 343, 86, 3682, - 330, 380, 86, 324, 331, 337, 325, 86, 326, 3682, - 382, 345, 347, 341, 86, 86, 350, 348, 352, 86, - 327, 335, 328, 340, 343, 351, 353, 354, 356, 357, - 86, 86, 360, 86, 3682, 358, 355, 86, 359, 347, - - 362, 86, 86, 350, 348, 361, 86, 86, 86, 86, - 86, 86, 351, 353, 354, 356, 357, 86, 366, 360, - 86, 363, 358, 355, 364, 359, 367, 362, 86, 365, - 374, 368, 361, 369, 3682, 86, 377, 86, 86, 375, - 86, 371, 372, 381, 86, 366, 376, 378, 363, 383, - 86, 86, 384, 367, 86, 385, 86, 374, 368, 386, - 369, 86, 387, 377, 86, 86, 375, 86, 371, 372, - 381, 86, 389, 376, 378, 390, 383, 400, 3682, 384, - 392, 86, 385, 393, 86, 388, 86, 395, 394, 396, - 397, 398, 391, 401, 86, 86, 3682, 86, 404, 402, - - 86, 403, 390, 170, 86, 86, 3682, 392, 86, 86, - 393, 411, 388, 86, 395, 394, 396, 397, 398, 391, - 399, 86, 405, 86, 86, 86, 402, 406, 403, 407, - 86, 408, 409, 410, 86, 86, 414, 412, 86, 3682, - 86, 413, 419, 86, 86, 417, 416, 399, 418, 405, - 426, 86, 421, 86, 406, 86, 407, 422, 408, 409, - 410, 86, 86, 414, 412, 420, 86, 423, 413, 419, - 424, 86, 417, 416, 86, 418, 86, 86, 425, 421, - 86, 428, 86, 427, 422, 86, 86, 429, 86, 430, - 3682, 433, 420, 434, 423, 435, 86, 424, 439, 431, - - 436, 438, 3682, 440, 3682, 425, 3682, 86, 86, 86, - 427, 442, 86, 86, 429, 86, 432, 86, 433, 441, - 434, 86, 86, 443, 437, 439, 431, 86, 438, 445, - 440, 444, 86, 86, 446, 447, 449, 86, 442, 448, - 86, 453, 86, 432, 86, 86, 441, 86, 454, 452, - 443, 437, 86, 450, 455, 479, 445, 464, 444, 463, - 462, 446, 447, 449, 86, 86, 448, 471, 86, 86, - 451, 3682, 86, 86, 3682, 454, 452, 86, 86, 86, - 450, 455, 86, 488, 464, 472, 463, 462, 473, 3682, - 476, 86, 474, 475, 471, 477, 3682, 451, 456, 86, - - 478, 457, 492, 86, 86, 486, 458, 459, 460, 461, - 86, 480, 472, 3682, 481, 473, 86, 86, 482, 474, - 475, 86, 86, 86, 86, 456, 3682, 478, 457, 492, - 86, 483, 486, 458, 459, 460, 461, 465, 480, 466, - 489, 481, 487, 86, 490, 482, 484, 485, 3682, 491, - 3682, 467, 468, 469, 3682, 470, 86, 495, 483, 494, - 86, 86, 86, 499, 465, 493, 466, 489, 3682, 487, - 86, 490, 86, 484, 485, 86, 491, 86, 467, 468, - 469, 86, 470, 496, 495, 498, 494, 497, 3682, 506, - 520, 86, 493, 505, 86, 86, 504, 86, 500, 3682, - - 501, 3682, 3682, 86, 507, 512, 510, 508, 511, 502, - 496, 3682, 498, 509, 497, 86, 503, 86, 86, 519, - 505, 86, 518, 504, 86, 500, 86, 501, 513, 86, - 86, 507, 512, 510, 508, 511, 502, 521, 517, 3682, - 509, 514, 535, 503, 515, 3682, 516, 3682, 86, 518, - 534, 86, 86, 3682, 539, 513, 86, 86, 537, 86, - 536, 3682, 552, 538, 521, 517, 86, 86, 514, 535, - 86, 515, 540, 516, 522, 86, 523, 534, 3682, 542, - 86, 539, 524, 551, 3682, 537, 525, 536, 541, 552, - 538, 526, 86, 553, 527, 86, 86, 3682, 554, 540, - - 86, 522, 557, 523, 559, 555, 542, 3682, 170, 524, - 551, 558, 556, 525, 562, 541, 86, 3682, 526, 86, - 561, 527, 528, 560, 529, 86, 86, 575, 86, 557, - 3682, 559, 555, 563, 86, 568, 564, 530, 558, 556, - 531, 86, 532, 86, 533, 566, 86, 561, 86, 528, - 560, 529, 565, 569, 567, 3682, 3682, 86, 3682, 86, - 563, 570, 568, 564, 530, 86, 572, 531, 86, 532, - 3682, 533, 543, 544, 573, 580, 578, 86, 86, 565, - 569, 567, 545, 546, 547, 548, 549, 571, 570, 550, - 574, 86, 576, 572, 86, 579, 86, 86, 577, 543, - - 544, 573, 86, 578, 581, 86, 86, 86, 86, 545, - 546, 547, 548, 549, 571, 582, 550, 574, 86, 576, - 586, 583, 579, 584, 585, 577, 86, 86, 587, 588, - 3682, 581, 589, 590, 3682, 591, 592, 593, 3682, 86, - 86, 600, 582, 86, 595, 86, 614, 586, 583, 598, - 596, 3682, 86, 86, 594, 587, 588, 86, 86, 589, - 590, 86, 591, 592, 593, 597, 599, 86, 600, 601, - 602, 595, 603, 86, 86, 86, 598, 596, 86, 86, - 86, 594, 616, 615, 617, 86, 604, 605, 618, 619, - 628, 621, 597, 599, 3682, 623, 601, 602, 606, 603, - - 607, 86, 620, 622, 86, 86, 86, 86, 86, 616, - 615, 617, 86, 604, 605, 618, 624, 86, 621, 86, - 626, 86, 623, 3682, 625, 606, 86, 607, 608, 620, - 622, 86, 629, 633, 627, 630, 609, 610, 86, 631, - 611, 612, 632, 624, 613, 634, 86, 626, 86, 86, - 86, 625, 635, 636, 86, 608, 86, 86, 86, 629, - 633, 627, 630, 609, 610, 86, 631, 611, 612, 637, - 640, 613, 634, 638, 86, 86, 641, 642, 643, 635, - 636, 639, 644, 86, 645, 86, 86, 3682, 646, 648, - 86, 86, 647, 86, 650, 651, 637, 640, 649, 86, - - 638, 652, 3682, 641, 642, 643, 86, 86, 639, 644, - 86, 645, 86, 86, 86, 646, 648, 86, 653, 647, - 86, 650, 651, 655, 654, 649, 656, 657, 652, 86, - 658, 660, 86, 661, 659, 662, 86, 86, 664, 666, - 665, 663, 86, 668, 86, 653, 86, 86, 86, 86, - 655, 654, 86, 656, 657, 86, 86, 658, 660, 669, - 661, 659, 662, 667, 670, 664, 666, 665, 663, 672, - 86, 671, 86, 673, 3682, 86, 3682, 681, 674, 677, - 675, 678, 3682, 676, 680, 679, 669, 689, 3682, 86, - 667, 86, 683, 86, 86, 86, 86, 86, 671, 86, - - 673, 86, 86, 86, 684, 674, 677, 675, 678, 86, - 676, 680, 679, 682, 689, 686, 86, 687, 688, 683, - 86, 691, 692, 86, 690, 3682, 694, 685, 86, 706, - 693, 705, 696, 695, 86, 86, 86, 86, 86, 86, - 682, 86, 686, 86, 687, 688, 86, 86, 691, 692, - 707, 690, 86, 694, 685, 708, 706, 693, 705, 696, - 695, 697, 86, 709, 711, 3682, 698, 710, 699, 712, - 3682, 86, 715, 3682, 700, 86, 701, 707, 86, 702, - 703, 3682, 708, 3682, 86, 3682, 704, 86, 697, 86, - 709, 711, 86, 698, 710, 699, 712, 716, 713, 715, - - 720, 700, 714, 701, 721, 718, 702, 703, 719, 3682, - 723, 726, 724, 704, 722, 86, 86, 717, 86, 86, - 86, 725, 86, 86, 716, 713, 727, 720, 728, 714, - 730, 731, 718, 86, 732, 719, 86, 723, 726, 724, - 729, 722, 86, 86, 717, 86, 734, 733, 725, 86, - 741, 738, 735, 727, 86, 728, 86, 730, 731, 86, - 86, 732, 737, 736, 740, 3682, 745, 729, 86, 86, - 742, 86, 86, 734, 733, 739, 86, 741, 738, 735, - 743, 744, 747, 86, 86, 746, 749, 748, 86, 737, - 736, 740, 751, 750, 86, 86, 753, 742, 86, 86, - - 86, 86, 739, 86, 170, 86, 752, 743, 744, 747, - 86, 754, 746, 749, 748, 755, 756, 757, 86, 751, - 750, 758, 759, 753, 760, 761, 3682, 762, 763, 86, - 3682, 3682, 3682, 752, 764, 86, 86, 86, 754, 766, - 86, 86, 755, 756, 86, 765, 86, 770, 773, 759, - 767, 86, 761, 86, 762, 763, 86, 768, 86, 771, - 769, 764, 86, 86, 772, 774, 766, 86, 86, 775, - 776, 777, 765, 778, 770, 773, 779, 767, 780, 782, - 783, 3682, 784, 781, 768, 3682, 86, 769, 86, 785, - 786, 86, 86, 787, 789, 788, 86, 86, 86, 794, - - 86, 86, 86, 790, 3682, 793, 782, 783, 86, 784, - 86, 791, 86, 86, 86, 86, 785, 786, 86, 792, - 787, 789, 788, 798, 796, 86, 795, 86, 86, 799, - 790, 86, 793, 86, 797, 807, 800, 801, 791, 3682, - 3682, 3682, 86, 86, 803, 86, 792, 86, 802, 86, - 798, 796, 804, 795, 86, 808, 799, 805, 806, 809, - 86, 797, 86, 800, 801, 86, 86, 86, 86, 814, - 822, 803, 86, 815, 824, 802, 817, 86, 86, 804, - 3682, 816, 808, 810, 805, 806, 809, 86, 811, 818, - 86, 812, 813, 820, 823, 819, 814, 821, 86, 86, - - 815, 824, 86, 817, 825, 828, 86, 86, 816, 86, - 810, 86, 86, 827, 829, 811, 818, 86, 812, 813, - 820, 823, 819, 830, 821, 832, 826, 86, 831, 86, - 833, 825, 828, 3682, 86, 86, 86, 86, 834, 835, - 827, 829, 836, 837, 86, 86, 86, 845, 838, 839, - 830, 842, 832, 826, 841, 831, 86, 833, 840, 843, - 86, 86, 86, 846, 86, 834, 835, 86, 844, 86, - 837, 86, 847, 848, 849, 838, 839, 86, 842, 86, - 850, 841, 3682, 86, 86, 840, 843, 851, 852, 855, - 846, 857, 853, 854, 859, 844, 86, 86, 3682, 847, - - 856, 863, 86, 858, 86, 86, 86, 850, 86, 86, - 860, 86, 86, 862, 851, 852, 855, 3682, 866, 853, - 854, 871, 861, 86, 86, 86, 86, 856, 863, 867, - 858, 864, 86, 868, 86, 86, 865, 860, 872, 873, - 862, 876, 874, 86, 875, 866, 86, 869, 870, 861, - 877, 86, 878, 86, 881, 86, 867, 86, 879, 3682, - 868, 882, 3682, 86, 86, 872, 873, 86, 876, 874, - 86, 875, 86, 880, 869, 870, 86, 877, 885, 878, - 883, 889, 86, 886, 890, 879, 86, 887, 882, 888, - 884, 86, 86, 891, 892, 893, 894, 897, 907, 3682, - - 880, 895, 86, 86, 86, 86, 86, 883, 889, 86, - 86, 890, 896, 86, 887, 898, 888, 884, 86, 86, - 891, 892, 893, 894, 900, 899, 902, 3682, 895, 86, - 86, 904, 901, 903, 906, 86, 86, 909, 86, 896, - 905, 86, 898, 86, 86, 914, 86, 908, 910, 911, - 86, 900, 899, 902, 86, 86, 912, 86, 904, 901, - 903, 906, 86, 86, 909, 913, 916, 905, 86, 915, - 917, 3682, 914, 86, 908, 910, 911, 86, 86, 86, - 918, 919, 920, 912, 922, 923, 921, 3682, 924, 86, - 86, 3682, 913, 916, 86, 925, 915, 917, 86, 930, - - 3682, 928, 927, 926, 3682, 3682, 86, 918, 919, 920, - 86, 922, 923, 921, 86, 924, 86, 86, 86, 929, - 931, 86, 925, 933, 934, 932, 930, 935, 928, 927, - 926, 86, 86, 86, 938, 936, 937, 86, 939, 86, - 942, 3682, 946, 3682, 86, 3682, 929, 931, 940, 86, - 933, 934, 932, 941, 935, 86, 86, 86, 86, 943, - 86, 938, 936, 937, 944, 939, 945, 942, 947, 949, - 948, 950, 86, 86, 86, 940, 952, 955, 958, 954, - 941, 86, 86, 951, 86, 86, 943, 953, 86, 959, - 170, 944, 86, 945, 86, 947, 949, 948, 950, 956, - - 86, 86, 960, 952, 86, 86, 954, 957, 962, 961, - 951, 86, 963, 3682, 953, 964, 959, 86, 965, 86, - 86, 966, 967, 86, 968, 86, 956, 969, 971, 960, - 970, 86, 3682, 86, 957, 981, 961, 86, 86, 963, - 86, 972, 964, 86, 973, 965, 86, 86, 966, 967, - 86, 86, 3682, 982, 969, 971, 86, 970, 983, 985, - 984, 3682, 981, 86, 86, 3682, 987, 986, 972, 3682, - 3682, 973, 974, 3682, 993, 975, 86, 989, 994, 976, - 982, 86, 977, 86, 86, 983, 985, 984, 86, 978, - 979, 86, 980, 987, 986, 990, 988, 86, 991, 974, - - 86, 993, 975, 3682, 989, 994, 976, 86, 995, 977, - 992, 996, 1005, 1004, 1028, 86, 978, 979, 3682, 980, - 86, 86, 990, 988, 86, 991, 86, 1006, 3682, 1007, - 1008, 3682, 3682, 86, 86, 995, 1010, 992, 86, 1005, - 1004, 86, 1012, 86, 997, 998, 1009, 999, 1015, 86, - 1000, 3682, 1011, 86, 1006, 1001, 1007, 1008, 1013, 86, - 86, 1002, 1003, 1010, 86, 1014, 86, 1017, 1023, 1012, - 86, 997, 998, 1009, 999, 1015, 1016, 1000, 86, 1011, - 1020, 1018, 1001, 1021, 1022, 1013, 1019, 86, 1002, 1003, - 86, 86, 1014, 1024, 1017, 1023, 86, 1030, 1026, 1025, - - 86, 1027, 1029, 1016, 3682, 3682, 1031, 1020, 1032, 86, - 1021, 1022, 86, 86, 86, 1035, 3682, 1036, 1043, 86, - 1024, 86, 86, 86, 1030, 1026, 1025, 86, 1027, 1029, - 1033, 86, 1034, 1031, 86, 1032, 1037, 86, 1038, 1045, - 86, 1039, 1035, 86, 1036, 1040, 1041, 1042, 86, 1044, - 86, 86, 86, 1046, 86, 1048, 1049, 1033, 1047, 1034, - 1050, 86, 1051, 1037, 1053, 1038, 86, 86, 1039, 86, - 86, 86, 1040, 1041, 1042, 1054, 1044, 86, 1055, 1052, - 1056, 1058, 1048, 3682, 1057, 86, 86, 1050, 86, 1051, - 1059, 1060, 1062, 1061, 1063, 3682, 86, 86, 1067, 1064, - - 86, 86, 1054, 1065, 86, 86, 1052, 1056, 1058, 86, - 86, 1057, 86, 1069, 1070, 1066, 86, 86, 86, 1062, - 1061, 1063, 86, 86, 86, 1067, 1064, 1068, 1071, 1072, - 1065, 1073, 86, 1076, 1074, 86, 3682, 1075, 3682, 1077, - 86, 1070, 1066, 86, 1080, 86, 1078, 86, 1079, 86, - 1081, 86, 1083, 3682, 1068, 1071, 86, 86, 1082, 3682, - 1076, 1074, 86, 86, 1075, 86, 1077, 1084, 1085, 86, - 86, 1080, 1090, 1078, 86, 1079, 1086, 1081, 1087, 1083, - 86, 1091, 1093, 1088, 1089, 1082, 86, 3682, 1092, 1094, - 86, 1099, 86, 86, 1084, 1085, 86, 86, 86, 1090, - - 86, 1098, 1101, 1086, 1095, 1103, 1096, 3682, 1091, 1093, - 86, 1089, 86, 86, 1097, 1092, 1094, 1100, 86, 1102, - 1104, 1112, 1107, 86, 86, 86, 86, 86, 1098, 1101, - 86, 1095, 1103, 1096, 1105, 1106, 1109, 1113, 3682, 86, - 86, 1097, 86, 1111, 1100, 1110, 1102, 1104, 1108, 1107, - 1114, 86, 86, 86, 86, 86, 1115, 1118, 1116, 86, - 1117, 1105, 1106, 1109, 1113, 86, 86, 86, 1120, 1119, - 1111, 1121, 1110, 86, 1122, 1108, 1125, 1114, 86, 1124, - 1133, 86, 1123, 1115, 1118, 1116, 86, 1117, 86, 1127, - 86, 1134, 1126, 86, 86, 1120, 1119, 1128, 1121, 86, - - 1129, 86, 1130, 1125, 86, 86, 1124, 1131, 86, 1123, - 86, 1132, 86, 1135, 86, 1136, 1127, 1137, 86, 1126, - 1139, 1138, 1140, 86, 1128, 1148, 86, 1129, 86, 1130, - 86, 1142, 1141, 1149, 1131, 1143, 3682, 1150, 1132, 86, - 1135, 1145, 1153, 1144, 1137, 1146, 3682, 86, 1138, 1147, - 86, 86, 86, 1152, 86, 86, 1155, 86, 1142, 1141, - 1151, 86, 1143, 86, 1150, 86, 1154, 86, 1145, 86, - 1144, 3682, 1146, 86, 86, 86, 1147, 1156, 1157, 1158, - 1152, 1165, 1172, 86, 1161, 1163, 86, 1151, 1164, 1162, - 1166, 1167, 1159, 1154, 1160, 86, 86, 86, 86, 1209, - - 86, 1168, 1169, 86, 1156, 1157, 1158, 86, 1165, 1172, - 86, 86, 1163, 1171, 1182, 1164, 170, 1166, 1167, 1159, - 1173, 1160, 1170, 86, 1174, 86, 86, 86, 1168, 1169, - 86, 86, 1183, 3682, 3682, 1181, 1184, 86, 3682, 3682, - 1171, 1182, 1189, 3682, 86, 1186, 1185, 1173, 86, 1170, - 3682, 1174, 1175, 1188, 1176, 1187, 3682, 1210, 1177, 1183, - 1178, 86, 1181, 86, 86, 1179, 86, 86, 86, 1189, - 1180, 1190, 1186, 1185, 1197, 1193, 86, 1194, 1191, 1175, - 1188, 1176, 1187, 1192, 86, 1177, 86, 1178, 1195, 86, - 86, 1200, 1179, 86, 1201, 1198, 1202, 1180, 1190, 1204, - - 1196, 1197, 1193, 1206, 1194, 1199, 86, 1203, 1207, 86, - 86, 86, 86, 86, 1208, 1195, 86, 86, 1200, 1205, - 1211, 1201, 1198, 1202, 1213, 86, 1204, 1196, 1214, 86, - 1206, 1215, 1199, 86, 1203, 1207, 86, 86, 1224, 86, - 1216, 1208, 1225, 1230, 1226, 1227, 1205, 86, 3682, 86, - 1228, 3682, 1229, 86, 3682, 1214, 86, 86, 1215, 1236, - 86, 3682, 86, 3682, 86, 1224, 1246, 1216, 1217, 1225, - 1230, 1226, 1227, 1218, 86, 1219, 86, 1228, 1231, 1229, - 1233, 1220, 1234, 1232, 1237, 3682, 1221, 1222, 86, 86, - 86, 86, 1235, 1223, 86, 1217, 86, 1238, 86, 3682, - - 1218, 1243, 1219, 86, 1240, 1231, 86, 1233, 1220, 1234, - 1232, 1237, 86, 1221, 1222, 86, 1239, 1241, 1242, 1235, - 1223, 1250, 1245, 1244, 1238, 86, 86, 86, 86, 86, - 1247, 1240, 1248, 1249, 1251, 86, 1252, 3682, 1254, 1257, - 86, 1256, 3682, 1239, 1241, 1242, 86, 3682, 1250, 1245, - 1244, 1255, 86, 1253, 86, 86, 86, 1247, 86, 1248, - 1249, 86, 1259, 1252, 1258, 1254, 86, 3682, 1256, 86, - 86, 86, 1260, 1262, 1261, 1264, 1263, 1265, 1255, 1266, - 1253, 86, 86, 86, 1267, 1269, 86, 3682, 1268, 1259, - 86, 1258, 1274, 1275, 86, 86, 1270, 86, 86, 1260, - - 1262, 1261, 1264, 1263, 1265, 86, 1266, 86, 1271, 1272, - 1273, 1267, 86, 1278, 86, 1268, 86, 86, 1276, 1274, - 1277, 86, 86, 1270, 1280, 86, 86, 1279, 1281, 3682, - 1282, 1283, 1285, 86, 1284, 1271, 1272, 1273, 1286, 86, - 1278, 1287, 1290, 3682, 1288, 1276, 86, 1277, 1289, 86, - 86, 1280, 86, 86, 1279, 1281, 86, 1282, 1283, 86, - 86, 1284, 86, 1293, 86, 1295, 1294, 1291, 1287, 1290, - 86, 1288, 1292, 1296, 1297, 1289, 1298, 86, 1303, 1300, - 1299, 1301, 1302, 86, 1305, 1309, 3682, 86, 86, 86, - 1293, 86, 1295, 1294, 86, 86, 1307, 86, 1304, 86, - - 1296, 1297, 1306, 1298, 1308, 86, 1300, 1299, 1301, 1302, - 86, 86, 1309, 1310, 86, 1311, 86, 86, 86, 1312, - 1315, 86, 1313, 1307, 1314, 1304, 1316, 3682, 1317, 1306, - 1318, 1308, 1320, 1319, 1322, 86, 1323, 86, 86, 1333, - 1310, 86, 1311, 86, 86, 86, 1312, 1315, 86, 1313, - 86, 1314, 1321, 1316, 86, 1317, 1324, 1318, 1325, 1320, - 1319, 1327, 1326, 86, 1329, 3682, 86, 86, 1328, 1330, - 1331, 86, 86, 86, 86, 1334, 86, 86, 1332, 1321, - 1335, 1336, 1337, 1324, 1338, 1325, 86, 86, 1327, 1326, - 1340, 1329, 86, 1339, 86, 1328, 1330, 1331, 1344, 1341, - - 1346, 1342, 1345, 86, 86, 1332, 1343, 86, 1336, 1337, - 86, 1351, 86, 86, 1347, 86, 86, 1348, 1349, 86, - 1339, 86, 86, 1352, 86, 1350, 1341, 86, 1342, 1345, - 86, 1353, 86, 1343, 86, 86, 1359, 1354, 1351, 1355, - 86, 1347, 1356, 1362, 1348, 1349, 1358, 86, 1357, 1360, - 1352, 86, 1350, 86, 86, 86, 1363, 3682, 1353, 1361, - 3682, 86, 1366, 86, 1354, 86, 1355, 1367, 86, 1356, - 1362, 86, 1364, 1358, 1365, 1357, 86, 86, 1370, 1369, - 86, 86, 1371, 86, 1373, 1374, 1361, 86, 86, 1366, - 86, 1372, 86, 86, 1367, 1375, 86, 1376, 1377, 1364, - - 1378, 1365, 1379, 1383, 1380, 1370, 1369, 170, 1381, 1371, - 1382, 1373, 86, 1384, 86, 86, 86, 1386, 1372, 86, - 86, 86, 1375, 86, 1376, 1377, 1385, 1378, 1387, 1379, - 1383, 1380, 86, 86, 1388, 1381, 1389, 1382, 3682, 1390, - 86, 1392, 1393, 1391, 1395, 86, 3682, 1397, 3682, 86, - 1394, 1396, 1400, 1385, 86, 86, 86, 3682, 86, 86, - 86, 1388, 3682, 1389, 86, 86, 1390, 86, 1392, 1393, - 1391, 1395, 86, 1398, 1397, 1399, 1401, 1394, 1396, 86, - 1403, 1402, 3682, 86, 1404, 86, 1405, 1406, 1412, 86, - 86, 1413, 86, 86, 1410, 3682, 1407, 3682, 1408, 1414, - - 1398, 1409, 1399, 1401, 1411, 86, 3682, 1403, 1402, 86, - 86, 1404, 1416, 1405, 1406, 1412, 1415, 86, 86, 86, - 1419, 1410, 1420, 1407, 1417, 1408, 1414, 1421, 1409, 86, - 86, 1411, 86, 1418, 1423, 86, 86, 1422, 86, 1416, - 1424, 1426, 86, 1415, 86, 1425, 1428, 1419, 1427, 1420, - 3682, 1417, 86, 1433, 1421, 1429, 86, 86, 86, 1430, - 1418, 1432, 86, 1431, 1422, 3682, 86, 1424, 1426, 1434, - 86, 3682, 1425, 86, 1441, 1427, 86, 86, 3682, 1435, - 1433, 86, 1429, 86, 1437, 1436, 1430, 86, 1432, 1438, - 1431, 86, 86, 1440, 86, 1442, 1434, 86, 1439, 1443, - - 1445, 1441, 1444, 1446, 1448, 86, 1435, 86, 86, 86, - 86, 1437, 1436, 86, 1449, 1451, 1438, 3682, 3682, 1447, - 1440, 86, 1442, 1454, 86, 1439, 1443, 1445, 1450, 1444, - 1446, 86, 1452, 86, 3682, 86, 86, 1453, 86, 1455, - 1457, 1449, 1451, 1458, 86, 86, 1447, 86, 3682, 1456, - 1454, 86, 86, 1459, 1460, 1450, 1461, 1462, 1463, 1452, - 86, 1465, 1464, 1467, 1453, 1466, 1455, 1457, 86, 86, - 86, 1473, 86, 1470, 1468, 86, 1456, 86, 86, 1469, - 1459, 86, 1471, 1461, 1462, 1463, 86, 86, 1465, 1464, - 1467, 1472, 1466, 1481, 1482, 86, 1483, 86, 1473, 3682, - - 1470, 3682, 3682, 1484, 1487, 86, 86, 86, 3682, 1471, - 3682, 1485, 86, 1488, 3682, 1496, 1486, 1489, 1472, 1474, - 1481, 1482, 1490, 1475, 86, 1495, 1476, 1477, 86, 86, - 1484, 1478, 86, 86, 86, 86, 86, 1479, 1485, 86, - 1488, 1480, 1496, 1486, 1489, 86, 1474, 1492, 86, 1490, - 1475, 1491, 1495, 1476, 1477, 1497, 3682, 86, 1478, 1493, - 1498, 1494, 1500, 1505, 1479, 3682, 1499, 3682, 1480, 1501, - 1504, 1503, 1502, 86, 1492, 1506, 86, 1508, 1491, 86, - 86, 1507, 3682, 86, 86, 1517, 1493, 86, 1494, 1500, - 86, 1509, 86, 1499, 86, 86, 1501, 1504, 1503, 1502, - - 86, 3682, 1516, 86, 1508, 86, 1520, 86, 1507, 1515, - 3682, 86, 1517, 1518, 1519, 86, 1521, 3682, 1509, 1510, - 1522, 3682, 86, 1525, 1511, 3682, 1512, 1523, 1513, 1516, - 1514, 86, 86, 1520, 86, 1524, 1515, 86, 1528, 86, - 1526, 86, 86, 1521, 86, 1527, 1510, 1522, 1530, 1532, - 1525, 1511, 1536, 1512, 1523, 1513, 86, 1514, 1529, 3682, - 1531, 1533, 1524, 86, 1535, 1528, 1534, 86, 1537, 86, - 86, 1538, 86, 86, 86, 1530, 1532, 86, 1539, 1540, - 1541, 1543, 3682, 1542, 86, 1529, 86, 1531, 1533, 1544, - 1548, 1535, 86, 1534, 86, 1537, 86, 86, 1538, 86, - - 1547, 1550, 86, 1545, 1551, 1539, 1540, 1541, 1543, 86, - 1542, 1546, 86, 86, 1549, 1552, 1544, 86, 1553, 1555, - 1556, 1558, 86, 1559, 1554, 3682, 86, 1547, 86, 86, - 1545, 1551, 86, 1560, 1564, 1569, 1557, 86, 1546, 86, - 86, 1549, 1552, 86, 1566, 1553, 1555, 86, 86, 86, - 1559, 1554, 1561, 1562, 86, 86, 1563, 1565, 86, 86, - 1560, 86, 86, 1557, 86, 1567, 1568, 86, 1570, 1571, - 3682, 1566, 1572, 86, 1574, 1578, 1573, 1576, 1577, 1561, - 1562, 3682, 1575, 1563, 1565, 86, 1579, 86, 86, 86, - 86, 86, 1567, 1568, 86, 1570, 1571, 86, 86, 1572, - - 86, 1574, 1578, 1573, 1576, 1577, 1580, 1581, 86, 1575, - 1583, 1582, 3682, 1579, 1584, 1586, 1590, 1585, 1591, 1594, - 3682, 3682, 1587, 3682, 86, 86, 1588, 3682, 3682, 86, - 1592, 1589, 86, 1580, 1581, 86, 1595, 1583, 1582, 86, - 86, 1584, 1586, 86, 1585, 86, 86, 1593, 86, 1587, - 86, 86, 86, 1588, 86, 1597, 1596, 1592, 1589, 1598, - 1599, 1601, 1600, 1595, 86, 1603, 1604, 86, 1602, 86, - 86, 86, 1605, 86, 1593, 1606, 86, 170, 1607, 1608, - 1609, 3682, 1597, 1596, 86, 86, 86, 1599, 1601, 1600, - 1610, 1612, 1603, 1604, 1613, 1602, 1611, 3682, 86, 1605, - - 86, 86, 1615, 86, 1614, 1616, 1608, 86, 1617, 1618, - 86, 1619, 86, 86, 86, 86, 86, 1610, 1612, 86, - 1621, 1613, 1622, 1611, 1620, 3682, 1623, 1630, 1624, 1615, - 86, 1614, 1616, 86, 86, 1617, 1618, 1625, 1619, 1626, - 1629, 1640, 86, 1628, 1627, 86, 86, 1621, 1631, 86, - 86, 1620, 86, 1623, 1630, 1624, 1632, 1633, 86, 1635, - 1634, 86, 1636, 3682, 1625, 1639, 1638, 1629, 86, 86, - 1628, 86, 1637, 86, 1641, 1631, 3682, 1643, 86, 1642, - 1645, 86, 1644, 1632, 1633, 1647, 1635, 1634, 86, 1636, - 86, 86, 1639, 1638, 86, 86, 1648, 86, 1649, 1637, - - 1650, 1641, 1646, 86, 1651, 3682, 1642, 1645, 1652, 86, - 1653, 1655, 1647, 86, 1654, 86, 1658, 1656, 86, 1657, - 86, 86, 86, 1648, 86, 1649, 86, 1650, 86, 1646, - 1659, 1651, 86, 1662, 1663, 1652, 1660, 1653, 1655, 1661, - 1664, 1654, 86, 1658, 1656, 86, 1657, 86, 1665, 86, - 1667, 86, 1668, 86, 1670, 1666, 86, 1659, 3682, 1676, - 1671, 1663, 86, 1660, 86, 86, 1661, 1664, 86, 1672, - 1669, 1675, 1681, 1682, 1673, 1665, 86, 1667, 86, 1668, - 86, 1670, 1666, 86, 1674, 86, 1676, 1671, 1677, 86, - 86, 86, 1678, 1690, 1680, 1679, 1672, 1669, 1675, 1683, - - 86, 1673, 86, 1684, 86, 86, 1685, 1686, 1688, 1689, - 86, 1674, 86, 1687, 86, 1677, 1691, 1692, 1693, 1678, - 86, 1680, 1679, 1697, 86, 86, 1683, 1701, 86, 86, - 1684, 86, 1694, 86, 1686, 1688, 1689, 1698, 1699, 3682, - 1687, 3682, 86, 1700, 86, 1693, 1704, 3682, 86, 86, - 86, 1695, 86, 1696, 1701, 1702, 86, 1703, 86, 1694, - 86, 1705, 1707, 1708, 1698, 1699, 86, 1706, 86, 86, - 1700, 1711, 1713, 1704, 86, 1710, 1712, 1714, 1695, 1709, - 1696, 86, 1702, 86, 1703, 86, 1715, 86, 1705, 1707, - 1708, 1716, 86, 86, 1706, 3682, 1719, 1717, 1720, 1718, - - 1721, 1723, 1710, 86, 86, 86, 1709, 86, 86, 1722, - 86, 1724, 1725, 1715, 86, 1727, 86, 86, 1716, 1728, - 86, 1726, 86, 1719, 1717, 1720, 1718, 1721, 1723, 1730, - 86, 86, 1729, 86, 86, 1732, 1722, 1731, 1733, 1725, - 1739, 1734, 1727, 86, 1735, 86, 1728, 1736, 1726, 86, - 1737, 1741, 86, 86, 1740, 86, 86, 1738, 86, 1729, - 86, 86, 1732, 86, 1731, 86, 1742, 1739, 1734, 3682, - 86, 1735, 1743, 1746, 1736, 1744, 1747, 1737, 1741, 1745, - 1748, 1740, 1749, 86, 1738, 1750, 1752, 86, 86, 3682, - 3682, 1751, 86, 1742, 1759, 3682, 86, 1753, 86, 1743, - - 1746, 1763, 1744, 86, 86, 86, 1745, 86, 86, 1749, - 1755, 1754, 1750, 1752, 1756, 86, 86, 1758, 1751, 1760, - 1764, 1759, 1761, 1762, 1753, 86, 86, 1757, 86, 86, - 1765, 86, 1768, 1766, 86, 86, 1769, 1755, 1754, 1767, - 1776, 1756, 86, 1774, 1758, 86, 1760, 1764, 1770, 1761, - 1762, 1771, 1772, 86, 1757, 1777, 1773, 1782, 86, 86, - 1766, 86, 86, 1769, 86, 86, 1767, 1779, 1778, 1775, - 1774, 86, 86, 86, 86, 1770, 86, 86, 1771, 1772, - 1780, 1783, 86, 1773, 1781, 1784, 1786, 3682, 86, 86, - 1785, 1790, 1787, 1788, 1779, 1778, 1775, 3682, 1789, 1791, - - 3682, 3682, 86, 86, 86, 86, 1793, 1780, 1783, 86, - 86, 1781, 86, 86, 86, 86, 1792, 1785, 1790, 1787, - 1788, 1794, 1796, 86, 86, 1789, 1791, 1795, 86, 1797, - 1798, 3682, 1800, 1793, 86, 86, 1799, 1801, 86, 1802, - 1805, 1804, 3682, 1792, 1803, 86, 3682, 1809, 1794, 1796, - 86, 1808, 86, 86, 1795, 1810, 1797, 1798, 86, 1800, - 86, 1811, 86, 1799, 86, 86, 1802, 1805, 1804, 86, - 1806, 1803, 86, 1807, 1809, 1812, 1813, 86, 1808, 1815, - 86, 1814, 1810, 86, 1816, 1817, 86, 86, 1811, 1819, - 86, 1818, 1820, 1821, 1823, 1822, 3682, 1806, 3682, 86, - - 1807, 86, 1812, 86, 86, 86, 1815, 1824, 1814, 1825, - 86, 1816, 1817, 1826, 1827, 86, 1819, 86, 1818, 1820, - 1821, 86, 1822, 86, 1828, 170, 1829, 3682, 1834, 1830, - 1831, 86, 1832, 86, 1824, 86, 1825, 86, 1835, 86, - 1826, 1827, 1833, 1836, 86, 86, 1838, 3682, 1839, 1840, - 86, 1828, 1842, 1829, 86, 1834, 1830, 1831, 1843, 1832, - 86, 1837, 3682, 1844, 1846, 1835, 86, 1841, 86, 1833, - 1836, 86, 1848, 86, 86, 1839, 1840, 86, 1847, 1842, - 86, 1850, 1845, 1852, 1849, 1843, 86, 1853, 1837, 86, - 1851, 86, 86, 1854, 1841, 86, 86, 1856, 1858, 86, - - 3682, 3682, 86, 1855, 1874, 1847, 86, 1859, 1850, 1845, - 1852, 1849, 86, 86, 1853, 1857, 86, 1851, 3682, 86, - 1854, 1861, 86, 1860, 1856, 1858, 1866, 86, 1862, 1867, - 1855, 86, 86, 86, 1859, 86, 86, 1863, 1868, 1870, - 1864, 1871, 1857, 1872, 1876, 86, 1875, 1873, 1861, 86, - 1860, 86, 1865, 1877, 1869, 1862, 1867, 86, 86, 1881, - 1878, 86, 86, 86, 1863, 1868, 1870, 1864, 1871, 1879, - 1872, 86, 1880, 1875, 1873, 1882, 86, 1884, 1883, 1865, - 1885, 1869, 86, 1886, 1887, 86, 86, 1878, 86, 1888, - 86, 86, 86, 1889, 1890, 86, 1879, 86, 86, 1880, - - 1891, 1892, 1882, 1895, 1884, 1883, 3682, 1885, 86, 1893, - 1886, 1887, 1894, 86, 1897, 1896, 1901, 1898, 3682, 1902, - 1899, 86, 86, 86, 86, 86, 86, 1891, 86, 86, - 86, 1900, 86, 86, 86, 1903, 1893, 86, 86, 1894, - 1904, 1897, 1896, 1901, 1898, 1906, 1902, 1899, 86, 86, - 1905, 1907, 86, 1908, 1909, 1910, 1911, 1913, 1900, 1912, - 3682, 86, 1903, 3682, 3682, 3682, 3682, 1904, 86, 1918, - 86, 86, 1906, 86, 86, 1917, 86, 1905, 1907, 1915, - 1908, 1909, 1910, 1911, 1914, 1916, 1912, 1919, 86, 86, - 86, 86, 86, 86, 1920, 1921, 1918, 1922, 1923, 1930, - - 1925, 1924, 1917, 1926, 1927, 86, 1915, 1929, 86, 3682, - 86, 1914, 1916, 86, 1919, 86, 86, 1931, 3682, 1928, - 86, 1920, 1921, 86, 86, 1923, 1930, 1925, 1924, 86, - 1926, 1927, 86, 1932, 1929, 86, 1933, 1934, 1936, 1939, - 1935, 86, 1937, 1941, 1931, 86, 1928, 1938, 1940, 86, - 1942, 1946, 1944, 1943, 86, 86, 86, 1945, 3682, 1947, - 1932, 86, 3682, 1933, 1934, 1936, 1939, 1935, 86, 1937, - 86, 1949, 86, 86, 1938, 1940, 1951, 86, 86, 1944, - 1943, 86, 1948, 1950, 1945, 1952, 1947, 1954, 1955, 1953, - 86, 86, 3682, 86, 1957, 86, 1962, 1961, 1949, 86, - - 86, 1956, 86, 1951, 1958, 86, 1960, 1959, 3682, 1948, - 1950, 86, 1952, 1964, 1954, 1955, 1953, 1963, 1965, 86, - 86, 1957, 86, 86, 86, 1967, 1966, 1971, 1956, 86, - 1968, 1958, 86, 1960, 1959, 86, 1972, 86, 86, 1975, - 1964, 86, 1969, 1976, 1963, 1965, 1973, 1970, 86, 86, - 1974, 86, 1967, 1966, 1971, 3682, 1993, 1968, 1977, 86, - 1978, 86, 1981, 1972, 1979, 86, 1975, 86, 1980, 86, - 1976, 1985, 1986, 1973, 86, 1988, 1982, 1974, 86, 1983, - 1987, 86, 1984, 1993, 86, 1977, 86, 1978, 86, 1981, - 86, 1979, 1991, 86, 1994, 1980, 1989, 86, 1985, 1986, - - 1992, 1990, 1988, 1982, 1995, 86, 1983, 1987, 1996, 1984, - 1998, 1997, 86, 1999, 2000, 2002, 86, 86, 3682, 1991, - 86, 1994, 2001, 2003, 2006, 2004, 2005, 1992, 86, 3682, - 2010, 1995, 86, 3682, 2007, 86, 86, 86, 1997, 86, - 86, 2000, 2016, 3682, 86, 86, 2011, 86, 86, 2001, - 2003, 2008, 2004, 2005, 2017, 2012, 86, 2009, 2013, 2014, - 2015, 2007, 86, 86, 86, 86, 86, 86, 2025, 2016, - 2021, 2019, 86, 2011, 2018, 86, 2020, 2026, 2008, 86, - 2022, 2017, 2012, 86, 2009, 2013, 2014, 2015, 86, 86, - 86, 2023, 2027, 86, 2028, 2029, 2031, 2021, 2019, 2030, - - 86, 2018, 2032, 2020, 2033, 86, 86, 2022, 86, 86, - 86, 2034, 2024, 2035, 2039, 2036, 86, 2037, 86, 2027, - 86, 2028, 86, 2031, 2038, 86, 2030, 2040, 86, 2032, - 2041, 86, 3682, 86, 86, 2053, 2042, 2044, 2034, 2024, - 2043, 86, 2036, 2045, 2037, 86, 2047, 86, 2046, 3682, - 86, 2038, 2048, 86, 2040, 2057, 2049, 2041, 86, 86, - 2050, 2051, 86, 2042, 2044, 86, 86, 2043, 86, 2052, - 2045, 2055, 2054, 2047, 86, 2046, 170, 2056, 2058, 2048, - 86, 86, 86, 2049, 86, 86, 86, 2050, 2051, 2059, - 2063, 86, 2060, 2061, 2062, 2064, 2052, 86, 2055, 2054, - - 3682, 2066, 86, 2065, 2056, 2058, 2068, 86, 86, 86, - 86, 2067, 2069, 2070, 2073, 2071, 2059, 2063, 86, 2060, - 2061, 2062, 2074, 2072, 3682, 3682, 2076, 86, 2066, 2075, - 2065, 2077, 86, 86, 3682, 3682, 86, 86, 2067, 2069, - 86, 86, 2071, 2079, 86, 2078, 86, 2082, 86, 86, - 2072, 86, 86, 2076, 2080, 86, 2075, 2081, 2077, 2084, - 2083, 2085, 2088, 86, 2090, 2096, 86, 2086, 2087, 86, - 2079, 86, 2078, 3682, 2082, 2089, 86, 86, 2091, 86, - 86, 2080, 86, 2095, 2081, 2092, 2084, 2083, 2085, 2088, - 86, 2090, 2093, 2097, 2086, 2087, 2094, 86, 2098, 86, - - 86, 3682, 2089, 2099, 2103, 2091, 2101, 2100, 86, 86, - 86, 86, 2092, 2106, 86, 86, 2107, 86, 2108, 2093, - 2097, 2102, 2104, 2094, 2105, 2098, 2110, 2115, 86, 86, - 2099, 2103, 2111, 2101, 2100, 86, 2112, 2109, 2116, 86, - 2106, 2113, 86, 86, 86, 86, 2114, 86, 2102, 2104, - 2117, 2105, 86, 86, 86, 2119, 2118, 2120, 86, 2111, - 2121, 86, 3682, 2112, 2109, 2116, 86, 2122, 2113, 2123, - 2125, 86, 2126, 2114, 2124, 2128, 2129, 2135, 2127, 86, - 86, 3682, 86, 2118, 2120, 2130, 2131, 86, 86, 86, - 2133, 86, 86, 2132, 2122, 2143, 2123, 86, 86, 2126, - - 86, 2124, 86, 2129, 2134, 2127, 3682, 2140, 86, 86, - 2141, 2142, 2130, 2131, 86, 86, 86, 2133, 86, 86, - 2132, 2136, 2137, 2138, 2146, 2144, 86, 86, 2139, 2150, - 3682, 2134, 86, 2145, 2140, 2147, 86, 2141, 2142, 2152, - 86, 2148, 86, 2155, 86, 2153, 2149, 2151, 2136, 2137, - 2138, 2146, 2144, 2154, 2159, 2139, 2150, 86, 2156, 86, - 2145, 86, 2147, 2157, 86, 86, 2152, 2160, 86, 2161, - 86, 2158, 2153, 86, 2151, 86, 86, 86, 2163, 2162, - 2154, 86, 2164, 86, 2165, 2156, 86, 2167, 2172, 2168, - 2157, 86, 2166, 3682, 2160, 86, 2161, 2169, 2158, 86, - - 2170, 2171, 2173, 2176, 2175, 2163, 2162, 86, 86, 2164, - 86, 86, 2174, 2178, 86, 86, 2168, 86, 86, 2166, - 86, 2179, 2186, 86, 2169, 86, 2177, 2170, 2171, 2173, - 86, 2175, 86, 2180, 2181, 86, 2182, 2183, 86, 2174, - 2178, 86, 2185, 2184, 86, 2187, 2189, 3682, 2179, 2186, - 2190, 86, 2188, 2177, 86, 2193, 2191, 2192, 2194, 86, - 2180, 2181, 86, 2182, 2183, 86, 86, 2195, 2196, 2200, - 2184, 2198, 2199, 2189, 86, 2201, 2197, 86, 86, 2188, - 86, 86, 86, 2191, 2192, 86, 86, 86, 86, 86, - 86, 2202, 2203, 86, 2195, 2196, 2200, 2205, 2198, 2199, - - 2206, 86, 2201, 2197, 2204, 86, 2207, 2208, 2209, 2212, - 2210, 3682, 2213, 2215, 86, 86, 86, 86, 2202, 2203, - 86, 2214, 2216, 86, 2205, 86, 2211, 2223, 2220, 2218, - 2224, 2204, 86, 86, 2208, 2209, 2212, 2210, 86, 2213, - 86, 86, 2217, 86, 2219, 86, 2221, 2222, 2214, 2216, - 86, 86, 86, 2211, 2223, 2220, 2218, 86, 2225, 2226, - 2228, 2229, 2231, 2230, 2227, 2236, 3682, 86, 86, 2217, - 86, 2219, 86, 2221, 2222, 86, 86, 2232, 3682, 2241, - 2244, 86, 2242, 2237, 2238, 2225, 2226, 86, 2229, 2231, - 2230, 2227, 86, 2233, 2234, 2235, 86, 86, 86, 86, - - 86, 86, 86, 2239, 2232, 2240, 86, 2244, 86, 2242, - 2237, 2238, 2243, 2245, 2248, 2249, 2247, 2250, 2246, 86, - 2233, 2234, 2235, 86, 2253, 86, 2251, 2254, 2256, 86, - 2239, 2252, 2240, 2255, 86, 86, 86, 2257, 2258, 2243, - 2245, 2248, 86, 2247, 86, 2246, 2259, 2261, 2260, 2264, - 86, 2262, 86, 2266, 3682, 2256, 86, 2267, 86, 86, - 2255, 86, 86, 2263, 2257, 86, 2270, 2265, 2268, 2277, - 86, 86, 86, 2259, 2261, 2260, 86, 86, 2262, 2269, - 2274, 86, 2271, 2272, 86, 86, 86, 2275, 170, 2276, - 2263, 2273, 2278, 2270, 2265, 2268, 86, 86, 86, 86, - - 2280, 2279, 86, 2281, 2282, 3682, 2269, 2274, 86, 2271, - 2272, 86, 2283, 2286, 2275, 86, 2276, 2284, 2273, 86, - 2285, 2287, 3682, 2288, 86, 2292, 86, 3682, 2279, 3682, - 2281, 2282, 86, 86, 3682, 86, 86, 86, 2289, 2283, - 2286, 2290, 86, 2293, 2284, 2291, 3682, 2285, 2287, 86, - 2288, 2294, 86, 86, 2295, 2296, 86, 2297, 3682, 2298, - 2300, 86, 2299, 2301, 2304, 2289, 86, 86, 2290, 86, - 2293, 86, 2291, 86, 2302, 2306, 86, 2303, 2294, 86, - 86, 2295, 2296, 2305, 86, 2307, 2298, 2300, 2312, 2299, - 2301, 2311, 86, 86, 86, 2308, 86, 86, 2309, 86, - - 86, 2302, 2306, 2313, 2303, 2315, 86, 2314, 86, 2310, - 2305, 2316, 2307, 2317, 86, 2312, 2321, 2318, 2311, 2319, - 2328, 86, 2308, 86, 86, 2309, 2322, 2326, 86, 86, - 2313, 86, 2315, 2320, 2314, 3682, 2310, 2323, 2316, 86, - 2317, 86, 2327, 86, 2318, 2324, 2319, 86, 86, 2329, - 86, 2325, 86, 2322, 2326, 86, 86, 2330, 2332, 86, - 2320, 2331, 86, 2333, 2323, 2335, 2340, 86, 2334, 2327, - 2336, 2337, 2324, 2338, 2339, 86, 2329, 2342, 2325, 86, - 3682, 2341, 86, 86, 2330, 2332, 86, 86, 2331, 2344, - 86, 2345, 86, 2340, 86, 2334, 86, 2336, 2337, 2346, - - 2338, 86, 2343, 2353, 2342, 2347, 86, 2348, 2341, 86, - 2349, 86, 2350, 2351, 3682, 86, 2344, 86, 2345, 2352, - 86, 86, 86, 2354, 86, 86, 2346, 2364, 86, 2343, - 2353, 2355, 2347, 2363, 2348, 86, 2356, 2349, 2357, 2350, - 2351, 2358, 86, 2362, 2361, 2359, 2352, 86, 86, 2366, - 2354, 86, 2365, 2367, 86, 2369, 86, 3682, 2360, 2368, - 2363, 86, 86, 86, 2374, 2357, 86, 2370, 2358, 2372, - 2362, 2361, 2359, 2371, 2375, 2373, 2366, 86, 86, 2365, - 2367, 86, 2369, 2379, 86, 2360, 2368, 2377, 2378, 86, - 2376, 2374, 86, 2382, 2370, 2384, 2372, 86, 86, 86, - - 2371, 2375, 2373, 86, 2380, 86, 2381, 2386, 86, 2383, - 2379, 2385, 86, 86, 2377, 2378, 86, 2376, 2387, 86, - 86, 2388, 2384, 3682, 86, 86, 2389, 2390, 2391, 2395, - 2392, 2380, 2393, 2381, 86, 2394, 2383, 2398, 2385, 86, - 3682, 86, 86, 86, 2396, 2387, 2397, 2405, 2388, 86, - 86, 86, 86, 2389, 2390, 2391, 2401, 2392, 2399, 2393, - 86, 86, 2394, 2400, 2398, 2403, 86, 2404, 2402, 2410, - 2406, 2396, 2407, 2397, 86, 86, 86, 2408, 86, 2409, - 2411, 2416, 86, 2401, 2412, 2473, 86, 3682, 86, 86, - 86, 2413, 2403, 2418, 2404, 2402, 86, 2406, 3682, 2407, - - 86, 86, 86, 2419, 2408, 2414, 2409, 2411, 86, 86, - 2417, 2412, 2421, 2415, 2422, 2420, 3682, 86, 2413, 86, - 2418, 2423, 2426, 86, 86, 86, 3682, 3682, 2424, 86, - 2419, 2425, 2414, 86, 86, 2430, 2431, 2417, 2428, 2421, - 2415, 2422, 2420, 2429, 86, 2427, 86, 86, 2423, 2426, - 86, 86, 2432, 2433, 86, 2424, 2434, 2436, 2425, 2435, - 2440, 3682, 2430, 2431, 2439, 3682, 2441, 86, 86, 3682, - 86, 86, 2427, 2437, 3682, 86, 3682, 2477, 86, 2432, - 2433, 86, 86, 2434, 2436, 2438, 2435, 86, 2442, 2443, - 2444, 2439, 86, 2441, 2445, 2446, 86, 86, 86, 2447, - - 2437, 86, 2448, 2449, 2450, 2452, 2451, 2454, 86, 86, - 3682, 86, 2438, 86, 2453, 2442, 2443, 2444, 86, 86, - 2464, 2445, 2446, 2458, 86, 86, 2447, 86, 2455, 2448, - 2449, 2450, 2452, 2451, 2454, 2456, 86, 86, 2459, 2460, - 2461, 2453, 86, 2462, 86, 86, 2463, 86, 2457, 86, - 2458, 86, 2466, 2465, 2467, 2455, 86, 3682, 2471, 2469, - 2468, 2470, 2456, 86, 86, 2459, 2460, 2461, 86, 2472, - 2462, 86, 86, 2463, 2478, 2457, 2479, 86, 2480, 86, - 2465, 2467, 86, 86, 2474, 2471, 2469, 2468, 2470, 170, - 2475, 2481, 2482, 2487, 2486, 2476, 2472, 86, 86, 2483, - - 86, 2488, 2489, 2479, 2491, 2480, 86, 2490, 2492, 3682, - 2494, 2474, 86, 2484, 2496, 2493, 86, 86, 2481, 86, - 86, 2486, 86, 2495, 2485, 86, 2483, 86, 2488, 2489, - 86, 2497, 2498, 2499, 2490, 2492, 86, 86, 3682, 86, - 2484, 86, 2493, 2502, 2505, 86, 86, 2501, 2500, 86, - 2495, 2485, 2504, 2503, 86, 86, 86, 86, 2497, 2498, - 2499, 2508, 2507, 2506, 86, 86, 86, 2511, 86, 2509, - 2502, 2505, 86, 86, 2501, 2500, 2510, 2512, 2515, 2504, - 2503, 86, 2518, 2513, 2514, 2516, 86, 86, 2508, 2507, - 2506, 86, 2517, 2520, 86, 86, 2509, 86, 2523, 2519, - - 86, 86, 2521, 2510, 2512, 2515, 86, 86, 2522, 2518, - 2513, 2514, 2516, 2524, 2525, 86, 86, 86, 2529, 2517, - 2520, 86, 86, 2526, 2532, 86, 2519, 2531, 2527, 2521, - 2528, 86, 86, 86, 86, 2522, 86, 2533, 2530, 86, - 2524, 2525, 2534, 86, 2535, 2529, 86, 3682, 2536, 2538, - 2526, 2532, 2539, 2537, 2531, 2527, 86, 2528, 2541, 2542, - 2540, 3682, 86, 2549, 2533, 2530, 86, 86, 2543, 2544, - 86, 2535, 2548, 2551, 86, 2536, 2538, 86, 3682, 2539, - 2537, 86, 2550, 86, 2546, 86, 2542, 2540, 2545, 2547, - 86, 86, 86, 2552, 2553, 2543, 2544, 86, 86, 2548, - - 86, 2557, 2562, 86, 2554, 86, 86, 86, 2558, 2550, - 2555, 2546, 2559, 2556, 2560, 2545, 2547, 2561, 86, 2563, - 2552, 2553, 3682, 2564, 2569, 2565, 2566, 2570, 86, 86, - 2572, 2554, 86, 86, 86, 2558, 86, 2555, 86, 2559, - 2556, 2560, 2567, 2568, 2561, 86, 86, 86, 2571, 86, - 2564, 86, 2565, 2566, 86, 2573, 86, 86, 86, 2574, - 2575, 2576, 2577, 2578, 86, 2579, 2580, 3682, 2581, 2567, - 2568, 2582, 86, 2583, 2586, 2571, 2587, 3682, 86, 2589, - 3682, 86, 2573, 86, 86, 2593, 86, 2575, 2576, 86, - 86, 2584, 2579, 2580, 86, 2581, 86, 2585, 2582, 2588, - - 86, 2586, 2590, 86, 86, 86, 86, 86, 2591, 86, - 2592, 86, 2593, 2594, 2596, 2597, 3682, 3682, 2584, 2599, - 2598, 2600, 2602, 86, 2585, 2603, 2588, 2604, 2595, 2590, - 86, 86, 86, 86, 86, 2591, 2609, 2592, 2605, 86, - 2594, 86, 2597, 2601, 86, 2608, 2599, 2598, 2600, 86, - 86, 86, 2606, 2610, 2604, 2595, 86, 86, 2614, 2607, - 2611, 86, 2612, 86, 2613, 2605, 2615, 3682, 86, 2618, - 2601, 86, 2608, 86, 86, 2616, 86, 2617, 86, 2606, - 2610, 2622, 86, 2619, 2624, 86, 2607, 2611, 2620, 2612, - 86, 2613, 86, 2615, 2623, 86, 2618, 2621, 86, 2625, - - 86, 2628, 2616, 2629, 2617, 2630, 3682, 86, 2622, 86, - 2619, 2624, 86, 2631, 2626, 2620, 2627, 2632, 86, 86, - 2633, 2623, 2634, 86, 2621, 2642, 2625, 86, 86, 2636, - 2629, 2638, 2630, 86, 86, 86, 2635, 2637, 86, 2639, - 2631, 2626, 2643, 2627, 2632, 2640, 2644, 2633, 2641, 2634, - 2645, 86, 86, 86, 86, 2646, 2636, 86, 2638, 2647, - 86, 86, 86, 2635, 2637, 2650, 2639, 86, 2648, 2649, - 2651, 86, 2640, 2644, 86, 2641, 2652, 2645, 2657, 86, - 2653, 86, 2654, 86, 2655, 2658, 2647, 86, 2656, 2659, - 86, 86, 2650, 2660, 86, 2648, 2649, 2651, 86, 2664, - - 86, 2661, 86, 2652, 2663, 2657, 86, 2653, 86, 2654, - 2665, 2655, 2662, 3682, 2669, 2656, 86, 86, 2668, 86, - 2660, 86, 86, 3682, 2666, 86, 2664, 2670, 2661, 2675, - 3682, 2663, 2667, 2673, 2677, 3682, 86, 3682, 3682, 2662, - 86, 2669, 86, 2676, 86, 2668, 2671, 2674, 2672, 170, - 86, 2666, 86, 86, 2670, 86, 86, 2678, 86, 2667, - 2673, 2677, 2681, 2682, 2683, 2679, 2680, 2685, 2686, 2688, - 2676, 2687, 86, 2671, 2674, 2672, 86, 86, 86, 2689, - 2690, 2684, 86, 2691, 2678, 2692, 86, 86, 86, 2681, - 2682, 2683, 2679, 2680, 2685, 86, 86, 86, 2687, 2694, - - 2693, 2695, 86, 86, 2696, 2697, 2689, 2690, 2684, 2698, - 2701, 2699, 3682, 2700, 86, 86, 2702, 86, 86, 86, - 86, 2704, 86, 2703, 2706, 2705, 86, 2693, 2695, 86, - 86, 2696, 2697, 2707, 2708, 2709, 2698, 2713, 2699, 86, - 2700, 2710, 86, 2702, 86, 86, 2712, 2711, 2704, 86, - 2703, 86, 2705, 86, 86, 86, 86, 2714, 2715, 86, - 2707, 2708, 2709, 2716, 86, 2717, 2719, 2722, 2710, 86, - 86, 86, 86, 2712, 2711, 2718, 2720, 2723, 2726, 86, - 86, 2721, 86, 2724, 2714, 2715, 2725, 86, 86, 86, - 2716, 2730, 2717, 2719, 2722, 2729, 2731, 86, 2727, 86, - - 2733, 2732, 2718, 2720, 86, 2726, 86, 2728, 2721, 86, - 2724, 86, 86, 2725, 2734, 86, 86, 86, 2730, 2735, - 2736, 2737, 2729, 86, 3682, 2727, 2739, 2733, 2732, 2738, - 2740, 2743, 2741, 3682, 2728, 2742, 86, 2744, 2747, 86, - 86, 2734, 2745, 86, 86, 86, 2746, 2750, 2737, 2748, - 2752, 86, 86, 2739, 86, 86, 2738, 2740, 2743, 2741, - 2749, 86, 2742, 86, 2744, 2747, 86, 2751, 2753, 2745, - 86, 2754, 2755, 2746, 2757, 86, 2748, 86, 2756, 86, - 2758, 86, 86, 86, 2760, 86, 86, 2749, 2759, 86, - 2761, 86, 2762, 86, 2751, 2753, 86, 2764, 86, 2755, - - 2763, 2757, 86, 2765, 2766, 2756, 2767, 2758, 2768, 3682, - 2769, 2760, 2772, 86, 86, 2759, 2771, 2761, 2770, 2762, - 86, 86, 86, 86, 86, 2773, 2774, 2763, 2776, 2775, - 86, 2777, 2778, 2767, 86, 2768, 86, 2769, 86, 2772, - 2779, 86, 86, 2771, 86, 2770, 2780, 2783, 2781, 86, - 86, 3682, 2773, 2774, 2782, 86, 2775, 86, 2777, 2778, - 2784, 86, 2785, 2786, 3682, 2787, 86, 2779, 2788, 2792, - 86, 2789, 86, 2790, 86, 2781, 2791, 2793, 86, 3682, - 2794, 2782, 86, 86, 86, 2802, 2798, 2784, 2795, 2785, - 2786, 86, 2787, 86, 86, 86, 2792, 2796, 2789, 86, - - 2790, 86, 2797, 2791, 2793, 86, 2801, 2794, 86, 2799, - 86, 2800, 86, 2798, 2803, 2795, 86, 86, 86, 2804, - 2805, 3682, 2806, 2807, 2796, 2808, 3682, 2813, 86, 2797, - 2810, 2809, 2818, 2801, 86, 2811, 2799, 86, 2800, 2812, - 2815, 86, 86, 86, 2814, 2819, 86, 86, 86, 2806, - 2807, 86, 2808, 86, 2813, 86, 86, 2810, 2809, 2818, - 2821, 86, 2811, 2816, 2822, 86, 2812, 2815, 2817, 2820, - 86, 2814, 86, 2823, 86, 2824, 2828, 86, 2825, 2826, - 3682, 2830, 2827, 86, 2832, 2829, 2833, 86, 86, 86, - 2816, 86, 2834, 86, 2831, 2817, 2820, 86, 3682, 86, - - 2823, 86, 86, 2828, 86, 2825, 2826, 86, 2830, 2827, - 2836, 86, 2829, 2833, 2835, 86, 2837, 86, 2839, 86, - 2838, 2831, 2840, 86, 2842, 2841, 2844, 86, 2843, 2847, - 86, 86, 3682, 3682, 2845, 2848, 2846, 2836, 86, 170, - 86, 2835, 2850, 2837, 86, 2839, 86, 2838, 86, 2840, - 86, 2842, 2841, 2844, 86, 2843, 2847, 2851, 2852, 2853, - 2849, 2845, 2848, 2846, 86, 2854, 86, 2855, 2859, 2850, - 86, 2856, 3682, 2857, 3682, 2858, 2863, 86, 3682, 2862, - 86, 86, 2861, 86, 2851, 2852, 2853, 2849, 2860, 3682, - 86, 86, 86, 2867, 86, 2859, 2864, 86, 2856, 86, - - 2857, 86, 2858, 2863, 86, 86, 2862, 2865, 2869, 2861, - 2866, 86, 86, 2871, 2868, 2860, 2873, 86, 2870, 2872, - 2867, 86, 86, 2864, 2874, 86, 2875, 2877, 86, 2879, - 2878, 2876, 86, 86, 2865, 2869, 2881, 2866, 3682, 3682, - 2871, 2868, 86, 2873, 86, 2870, 2872, 86, 86, 2880, - 2882, 2874, 2883, 86, 2877, 2884, 86, 2878, 2876, 86, - 2885, 86, 2886, 86, 86, 2890, 2887, 86, 2891, 2888, - 2889, 2892, 2893, 86, 86, 86, 2880, 2882, 86, 2883, - 86, 86, 2884, 2894, 2896, 2895, 2897, 2885, 86, 2886, - 86, 2898, 2890, 2887, 86, 2891, 2888, 2889, 86, 86, - - 2899, 2903, 2902, 2905, 2904, 86, 2900, 2901, 2906, 86, - 2894, 2896, 2895, 86, 86, 86, 86, 86, 86, 2907, - 2908, 2910, 2912, 2914, 2916, 86, 86, 86, 2903, 2902, - 2905, 2904, 86, 2900, 2901, 86, 2909, 86, 2911, 2913, - 3682, 2918, 2915, 86, 86, 86, 2907, 2908, 2910, 2912, - 86, 86, 2917, 2919, 2922, 2920, 3682, 3682, 3682, 86, - 86, 86, 2929, 2909, 86, 2911, 2913, 86, 2918, 2915, - 86, 2921, 2924, 2930, 3682, 2933, 86, 2923, 86, 2917, - 2919, 2922, 2920, 2925, 86, 2926, 86, 2928, 2927, 2929, - 86, 2931, 2932, 86, 86, 86, 86, 2934, 2921, 2924, - - 86, 86, 86, 86, 2923, 2935, 2936, 2939, 2937, 2938, - 2925, 2941, 2926, 86, 2928, 2927, 2940, 86, 2931, 2932, - 86, 86, 2946, 2942, 2934, 2951, 2948, 3682, 86, 86, - 2943, 2947, 2935, 2936, 2939, 2937, 2938, 86, 86, 86, - 2944, 2945, 86, 2940, 86, 2950, 86, 86, 86, 86, - 2942, 2949, 86, 2948, 2952, 2953, 3682, 2943, 2947, 2955, - 2959, 2954, 86, 2958, 2956, 2957, 2961, 2944, 2945, 2960, - 86, 86, 2950, 2963, 86, 86, 3682, 86, 2949, 2970, - 86, 2952, 86, 86, 86, 2964, 2955, 86, 2954, 2962, - 2958, 2956, 2957, 2961, 86, 86, 2960, 2965, 2971, 86, - - 86, 2966, 2967, 2968, 2969, 86, 86, 2972, 2973, 3682, - 2974, 86, 2964, 2976, 2975, 86, 2962, 2977, 3682, 86, - 86, 86, 86, 2978, 2965, 2971, 86, 2980, 2966, 2967, - 2968, 2969, 86, 2981, 2972, 86, 86, 2974, 2979, 86, - 2976, 2975, 86, 2982, 2977, 86, 86, 2983, 2986, 2984, - 2978, 2985, 86, 2987, 2980, 86, 2989, 2988, 2990, 2993, - 2981, 2991, 3682, 86, 86, 2979, 2995, 2992, 86, 86, - 2982, 86, 3682, 2994, 2983, 86, 2984, 2996, 2985, 86, - 86, 86, 86, 2989, 2988, 170, 2993, 2997, 2991, 86, - 2998, 3000, 3001, 2999, 2992, 3002, 3003, 3004, 86, 86, - - 2994, 3005, 86, 3007, 2996, 3008, 3006, 3010, 3011, 86, - 3013, 3682, 3682, 86, 2997, 86, 3009, 2998, 86, 86, - 2999, 86, 3002, 86, 3004, 86, 3012, 86, 86, 86, - 3007, 86, 3008, 86, 3014, 3011, 3015, 3013, 3016, 86, - 3017, 3018, 3019, 3009, 86, 3682, 86, 3020, 86, 3021, - 3022, 3682, 3025, 3012, 3682, 86, 3023, 3024, 3026, 3029, - 3027, 3014, 86, 3015, 86, 3016, 3028, 86, 86, 3019, - 86, 3033, 86, 86, 3020, 3030, 86, 3022, 86, 3025, - 86, 86, 86, 3023, 3024, 3026, 3029, 3027, 86, 86, - 3031, 3032, 3034, 3028, 3035, 3036, 3037, 86, 3033, 3038, - - 3040, 3682, 3030, 3039, 86, 3041, 3042, 86, 86, 86, - 86, 86, 86, 3043, 86, 3044, 86, 3031, 3032, 3034, - 86, 3035, 3036, 3045, 3049, 3046, 3038, 3040, 86, 3047, - 3039, 86, 3041, 3042, 3048, 86, 86, 3050, 3051, 3055, - 86, 3054, 3044, 86, 3056, 3052, 3053, 86, 86, 86, - 3045, 3049, 3046, 86, 3058, 3057, 3047, 86, 86, 3059, - 86, 3048, 86, 3062, 3050, 86, 3055, 3060, 3054, 3061, - 3063, 86, 3052, 3053, 3064, 86, 3066, 3065, 86, 86, - 3069, 3067, 3057, 3070, 3074, 3682, 86, 3682, 3068, 3682, - 3071, 86, 3073, 86, 3060, 86, 3061, 86, 86, 86, - - 3072, 3064, 86, 3066, 3065, 86, 3075, 86, 3067, 86, - 3070, 86, 86, 86, 3076, 3068, 3077, 3071, 86, 3073, - 3078, 3079, 3080, 3081, 3682, 86, 3083, 3072, 3084, 3082, - 3085, 3088, 3086, 3075, 3682, 3091, 3089, 86, 3682, 3094, - 86, 3076, 86, 3077, 86, 3087, 86, 86, 86, 86, - 3081, 86, 3090, 3083, 86, 86, 3082, 3085, 3092, 3086, - 86, 3093, 3091, 86, 3095, 86, 86, 86, 3096, 3097, - 3098, 3100, 3087, 3101, 3102, 3099, 3103, 3682, 3104, 3090, - 3105, 86, 86, 3107, 86, 3092, 3111, 86, 3093, 86, - 3682, 86, 3112, 86, 3106, 86, 3097, 3098, 86, 3108, - - 3101, 3102, 3099, 86, 86, 3104, 86, 86, 3109, 3110, - 86, 3113, 3114, 86, 3122, 3115, 3208, 86, 86, 86, - 3116, 3106, 86, 3118, 3119, 3117, 3108, 86, 3121, 3125, - 3124, 86, 3120, 3682, 86, 3109, 3110, 86, 3113, 86, - 3126, 3123, 3115, 86, 86, 3127, 86, 3128, 86, 86, - 3118, 3119, 86, 86, 3130, 3121, 86, 3124, 3129, 3120, - 86, 3131, 86, 3137, 86, 3132, 3133, 3126, 3123, 3134, - 3135, 86, 3127, 3136, 3128, 86, 86, 3138, 86, 86, - 86, 3130, 3139, 3682, 3144, 3129, 3140, 86, 3131, 3142, - 3137, 86, 3132, 3133, 3141, 86, 3134, 3135, 3143, 3150, - - 3136, 3151, 86, 86, 86, 3152, 86, 3145, 3153, 3139, - 86, 3144, 3146, 3140, 3147, 3149, 3142, 3154, 3156, 3148, - 3682, 3141, 3155, 86, 3682, 3143, 86, 86, 3151, 86, - 3157, 86, 3152, 3158, 86, 3153, 3159, 86, 3160, 86, - 86, 3164, 3149, 86, 3154, 3156, 86, 3161, 86, 3155, - 3162, 86, 86, 3163, 3165, 3166, 3168, 3157, 86, 86, - 3158, 86, 86, 3159, 3167, 3160, 3169, 3682, 3164, 86, - 3170, 86, 3171, 3172, 3161, 86, 3175, 3162, 3174, 3682, - 3163, 3165, 3166, 86, 86, 3173, 3177, 86, 3176, 3178, - 3179, 3167, 3180, 86, 86, 3182, 3181, 3170, 3682, 3171, - - 86, 3186, 3183, 86, 3187, 3174, 86, 3184, 86, 3185, - 86, 86, 3173, 86, 86, 3176, 3178, 86, 86, 3180, - 86, 3188, 86, 3181, 3189, 86, 3192, 3190, 86, 3183, - 3191, 86, 3193, 3196, 3184, 86, 3185, 3197, 86, 86, - 3194, 3199, 86, 3198, 86, 3195, 86, 86, 3188, 3200, - 3202, 3189, 3201, 3192, 3190, 86, 3203, 3191, 3205, 3193, - 3196, 3206, 3207, 86, 3197, 86, 86, 86, 3199, 86, - 3198, 3204, 86, 86, 3211, 3209, 86, 86, 3214, 3201, - 86, 3212, 3210, 3203, 86, 3205, 3213, 3682, 86, 3207, - 86, 3215, 3217, 86, 3216, 3218, 86, 3219, 3204, 86, - - 86, 3211, 3209, 3223, 3221, 3233, 86, 3220, 3212, 3210, - 86, 3226, 3227, 3213, 86, 3222, 86, 86, 3215, 3217, - 3228, 3216, 3218, 86, 3219, 86, 86, 3229, 3231, 86, - 3223, 3221, 3224, 3230, 3220, 3225, 86, 86, 86, 86, - 86, 3232, 3222, 3234, 3235, 86, 3236, 86, 3237, 3238, - 3239, 3242, 3240, 3682, 3229, 3231, 86, 86, 86, 3224, - 3230, 3244, 3225, 86, 86, 86, 86, 3245, 3232, 3241, - 3234, 3235, 3248, 86, 86, 3237, 3238, 3239, 86, 3240, - 3243, 3246, 86, 86, 3247, 3249, 3253, 3682, 86, 3250, - 86, 3254, 3251, 86, 3245, 3252, 3241, 3257, 86, 3248, - - 3255, 86, 86, 86, 86, 86, 86, 3243, 3246, 3256, - 3258, 3247, 3249, 86, 86, 3259, 3250, 3260, 3254, 3251, - 86, 3261, 3252, 86, 3257, 86, 86, 3255, 86, 3262, - 3266, 3263, 3682, 3264, 3265, 3268, 3256, 3258, 86, 86, - 86, 3269, 3259, 3274, 3260, 3267, 86, 3270, 3261, 3271, - 3273, 86, 86, 3275, 3272, 86, 3262, 3266, 3263, 86, - 3264, 3265, 86, 86, 86, 3276, 3277, 3278, 86, 3280, - 3274, 86, 3267, 3279, 3270, 3281, 3282, 3273, 86, 3283, - 86, 86, 3284, 3285, 86, 3286, 86, 3288, 3293, 86, - 3682, 86, 3276, 86, 3278, 3287, 3280, 3289, 86, 86, - - 3279, 86, 3281, 3282, 3290, 86, 86, 3291, 3292, 3284, - 3285, 3294, 3295, 3296, 86, 86, 86, 86, 3682, 86, - 86, 3298, 3287, 3300, 3289, 3297, 86, 3299, 86, 3301, - 86, 3290, 3302, 3303, 3291, 3292, 3304, 3306, 3309, 3295, - 86, 3313, 3682, 86, 86, 86, 3311, 86, 3298, 3307, - 86, 3308, 3297, 86, 3299, 3305, 86, 3310, 86, 3302, - 3303, 86, 3312, 86, 3306, 86, 3315, 86, 86, 86, - 86, 3314, 3316, 3311, 3317, 3320, 3307, 3318, 3308, 3319, - 3682, 3321, 3305, 86, 3310, 3322, 86, 3323, 3324, 3312, - 86, 3325, 86, 3315, 3326, 3327, 86, 86, 3314, 3316, - - 86, 3317, 3328, 3329, 3318, 3332, 3319, 86, 86, 86, - 86, 3333, 3322, 86, 3337, 3324, 3334, 86, 3325, 86, - 3336, 86, 3327, 3330, 3331, 86, 86, 3340, 3335, 3328, - 86, 3338, 86, 86, 86, 86, 3341, 3339, 3333, 86, - 3342, 86, 3343, 3334, 3344, 86, 3345, 3336, 86, 3347, - 3330, 3331, 3346, 3348, 3340, 3335, 3349, 3350, 3338, 86, - 3353, 3351, 3355, 86, 3339, 3682, 86, 86, 3354, 86, - 3356, 3344, 3357, 3345, 86, 86, 86, 3352, 86, 3346, - 86, 86, 3358, 86, 86, 3359, 3360, 3365, 3351, 86, - 86, 86, 86, 86, 3362, 3354, 3361, 3356, 3363, 86, - - 3364, 86, 86, 86, 3352, 3366, 86, 3367, 3371, 86, - 3369, 3368, 3359, 3360, 86, 86, 3372, 86, 3370, 3373, - 3374, 3362, 3375, 3361, 86, 3363, 86, 3364, 86, 86, - 3380, 3376, 3366, 3377, 3367, 86, 86, 3369, 3368, 86, - 3378, 3379, 3381, 86, 3382, 3370, 3373, 86, 3383, 3375, - 3384, 3386, 86, 3387, 3388, 86, 3389, 86, 3376, 3385, - 3377, 86, 86, 3390, 3682, 3391, 86, 3378, 3379, 86, - 86, 3382, 86, 3393, 86, 3383, 86, 3392, 3386, 86, - 86, 3388, 86, 3389, 86, 86, 3385, 3394, 3395, 3396, - 3390, 3397, 3391, 3408, 3398, 86, 3399, 3400, 3682, 86, - - 3393, 86, 86, 86, 3392, 3405, 86, 3404, 86, 86, - 3682, 3401, 3682, 86, 3394, 3395, 3396, 3406, 3397, 3402, - 3403, 3398, 86, 3399, 3400, 86, 3407, 86, 3409, 86, - 3410, 3412, 3405, 86, 3404, 3411, 3413, 86, 3401, 86, - 3414, 3415, 3416, 3417, 3406, 86, 3402, 3403, 3418, 3419, - 86, 3421, 3426, 3407, 3420, 3409, 86, 3410, 3412, 86, - 3422, 3423, 3411, 86, 86, 86, 86, 86, 3415, 86, - 3417, 3424, 3425, 3427, 3428, 3418, 86, 3430, 86, 86, - 3429, 3420, 3432, 3431, 3433, 3434, 3682, 3435, 3436, 86, - 3437, 3439, 3682, 86, 3438, 86, 3440, 86, 86, 86, - - 86, 86, 86, 86, 3430, 86, 3442, 3429, 86, 86, - 3431, 3433, 3434, 86, 3435, 3436, 86, 3437, 86, 3441, - 3443, 3438, 3444, 3440, 3445, 3446, 86, 3447, 3448, 3449, - 3450, 3682, 3451, 3442, 3452, 3453, 86, 86, 3455, 3458, - 86, 3454, 86, 3460, 3459, 86, 3441, 3443, 86, 3444, - 86, 3445, 3446, 86, 3447, 3448, 86, 3450, 86, 3451, - 86, 86, 86, 3456, 3462, 3455, 3457, 3461, 3454, 86, - 3464, 86, 3463, 3465, 3466, 86, 86, 3467, 86, 3468, - 3470, 86, 86, 3471, 3682, 3469, 3472, 3473, 3474, 3475, - 3456, 3462, 86, 3457, 3461, 86, 3477, 3464, 86, 3463, - - 3465, 3466, 3476, 3478, 86, 86, 86, 86, 3479, 86, - 86, 86, 3469, 3472, 3473, 86, 86, 3480, 3481, 3482, - 86, 3483, 3484, 3477, 3485, 3486, 86, 3488, 3489, 3476, - 86, 3493, 3487, 3492, 3494, 86, 3496, 3682, 3490, 3495, - 86, 3497, 3491, 86, 86, 86, 86, 86, 86, 86, - 86, 86, 3486, 86, 86, 86, 86, 86, 3493, 3487, - 3492, 86, 3498, 86, 3499, 3490, 3495, 3500, 3497, 3491, - 3501, 3502, 3503, 3504, 3510, 3511, 86, 3505, 3508, 86, - 3506, 86, 86, 86, 3507, 3509, 3512, 86, 86, 3498, - 3682, 3499, 3682, 86, 3500, 3513, 3682, 86, 3502, 86, - - 3504, 86, 3511, 86, 3505, 3508, 86, 3506, 86, 86, - 86, 3507, 3509, 3512, 3514, 3515, 3516, 3517, 3519, 3520, - 86, 3521, 3513, 86, 3518, 3524, 86, 3522, 86, 3523, - 86, 3525, 3526, 3527, 3528, 86, 3529, 86, 3682, 86, - 86, 3514, 3515, 3516, 3517, 3519, 3520, 86, 3521, 86, - 3530, 3518, 3524, 86, 3522, 3531, 3523, 3532, 86, 86, - 86, 86, 3533, 3529, 86, 3534, 3536, 3535, 86, 86, - 3537, 3682, 3539, 3538, 3545, 86, 3540, 3530, 86, 3541, - 3543, 3682, 3531, 86, 3532, 86, 86, 86, 86, 3533, - 86, 86, 3534, 3536, 3535, 86, 3542, 3537, 86, 3539, - - 3538, 3545, 3544, 3540, 86, 86, 3541, 3543, 3546, 3547, - 3548, 3549, 3550, 3551, 3552, 3553, 3682, 86, 3555, 3557, - 3682, 86, 86, 3542, 86, 3554, 86, 3559, 3561, 3544, - 3558, 86, 86, 3560, 86, 3546, 3547, 3548, 3549, 3550, - 3551, 86, 3553, 3556, 3562, 3555, 86, 86, 86, 3564, - 86, 3565, 3554, 3563, 86, 86, 86, 3558, 3682, 86, - 3560, 86, 3566, 3567, 3568, 3569, 86, 3570, 3571, 3682, - 3556, 86, 3682, 3572, 3573, 86, 3564, 86, 3565, 3574, - 3563, 86, 3576, 3577, 86, 86, 3575, 3578, 86, 3566, - 3567, 3568, 3569, 86, 3580, 3571, 86, 3581, 3583, 86, - - 3572, 3573, 86, 3579, 3582, 3584, 86, 86, 3585, 86, - 86, 3587, 3682, 3575, 86, 86, 86, 3586, 3588, 86, - 3589, 3580, 3594, 3682, 86, 3583, 3590, 3591, 3682, 3592, - 3579, 3582, 86, 3593, 86, 3585, 86, 86, 3587, 86, - 3595, 86, 3596, 3599, 3586, 3682, 3598, 3682, 86, 86, - 86, 3597, 86, 3590, 3591, 86, 3592, 3600, 86, 86, - 3593, 3601, 3603, 3602, 86, 3604, 86, 86, 3608, 3596, - 3599, 86, 3605, 3598, 3606, 3607, 86, 3611, 3597, 86, - 86, 3612, 3610, 86, 3600, 86, 3609, 3614, 3601, 3603, - 3602, 86, 3604, 86, 3613, 86, 86, 86, 3615, 3605, - - 3616, 3606, 3607, 3619, 3611, 3620, 3617, 3618, 86, 3610, - 3682, 86, 3621, 3609, 3622, 3623, 86, 3624, 3625, 86, - 3629, 3613, 86, 3626, 86, 3615, 86, 3616, 86, 86, - 3619, 3632, 3633, 3617, 3618, 3631, 86, 86, 3627, 86, - 86, 3622, 86, 86, 3624, 3625, 86, 3628, 3630, 86, - 3626, 3634, 86, 3637, 3635, 86, 86, 86, 3632, 86, - 3636, 86, 3631, 3638, 3641, 3627, 3640, 3643, 86, 86, - 3639, 86, 3682, 3648, 3628, 3630, 3644, 3651, 3634, 3646, - 3637, 3635, 86, 3647, 86, 3642, 86, 3636, 3645, 3682, - 3638, 3641, 86, 3640, 3643, 86, 86, 3639, 3649, 86, - - 3648, 3652, 86, 3644, 86, 86, 3646, 3653, 3650, 86, - 3647, 3654, 3642, 3655, 3657, 3645, 86, 3656, 86, 3659, - 3658, 3660, 86, 86, 3682, 3649, 3682, 86, 3652, 3662, - 3663, 3661, 86, 86, 3653, 3650, 3667, 86, 86, 86, - 3655, 3657, 86, 3666, 3656, 3664, 3659, 3658, 86, 3670, - 3671, 86, 86, 86, 3665, 3673, 3662, 3663, 3661, 3668, - 3669, 3674, 86, 86, 3672, 3675, 3682, 86, 86, 86, - 3666, 3676, 3664, 3677, 3680, 86, 3670, 86, 3681, 3682, - 3682, 3665, 86, 3682, 86, 86, 3668, 3669, 86, 3678, - 3682, 3672, 3675, 86, 3679, 86, 3682, 86, 3676, 3682, - - 3677, 86, 86, 3682, 3682, 86, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3678, 3682, 3682, 3682, - 3682, 3679, 47, 47, 47, 47, 47, 47, 47, 52, - 52, 52, 52, 52, 52, 52, 57, 57, 57, 57, - 57, 57, 57, 63, 63, 63, 63, 63, 63, 63, - 68, 68, 68, 68, 68, 68, 68, 74, 74, 74, - 74, 74, 74, 74, 80, 80, 80, 80, 80, 80, - 80, 89, 89, 3682, 89, 89, 89, 89, 160, 160, - 3682, 3682, 3682, 160, 160, 162, 162, 3682, 3682, 162, - 3682, 162, 164, 3682, 3682, 3682, 3682, 3682, 164, 167, - - 167, 3682, 3682, 3682, 167, 167, 169, 3682, 3682, 3682, - 3682, 3682, 169, 171, 171, 3682, 171, 171, 171, 171, - 174, 3682, 3682, 3682, 3682, 3682, 174, 177, 177, 3682, - 3682, 3682, 177, 177, 90, 90, 3682, 90, 90, 90, - 90, 17, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682 + 21, 69, 70, 71, 81, 82, 83, 122, 109, 178, + 178, 79, 72, 160, 171, 86, 98, 79, 72, 86, + 138, 90, 84, 90, 90, 86, 90, 179, 110, 797, + 73, 86, 90, 86, 122, 109, 73, 426, 87, 72, + 160, 84, 88, 161, 161, 72, 113, 138, 111, 177, + 163, 176, 131, 163, 114, 110, 99, 86, 86, 91, + + 92, 93, 112, 100, 94, 115, 86, 101, 189, 95, + 102, 96, 86, 113, 86, 111, 180, 86, 97, 131, + 174, 114, 86, 99, 86, 168, 168, 92, 93, 112, + 100, 94, 115, 171, 101, 189, 95, 102, 96, 165, + 86, 165, 165, 180, 165, 97, 103, 174, 116, 171, + 104, 117, 182, 105, 183, 106, 107, 301, 118, 85, + 119, 85, 85, 339, 85, 343, 108, 169, 86, 86, + 85, 86, 86, 103, 167, 116, 123, 104, 117, 182, + 105, 183, 106, 107, 124, 118, 181, 119, 127, 86, + 125, 185, 128, 108, 126, 86, 157, 86, 86, 149, + + 158, 150, 86, 123, 159, 186, 129, 166, 130, 86, + 151, 124, 164, 181, 86, 127, 152, 125, 185, 128, + 162, 126, 86, 157, 153, 86, 149, 158, 150, 86, + 490, 159, 186, 129, 154, 130, 132, 151, 155, 156, + 133, 184, 163, 152, 134, 163, 86, 86, 179, 86, + 135, 153, 90, 136, 90, 90, 190, 90, 246, 86, + 137, 154, 86, 132, 198, 155, 156, 133, 184, 86, + 170, 134, 170, 170, 86, 170, 175, 135, 175, 175, + 136, 175, 177, 190, 86, 246, 187, 137, 139, 199, + 173, 198, 140, 85, 202, 85, 85, 86, 85, 188, + + 231, 266, 141, 142, 85, 143, 90, 86, 90, 90, + 86, 90, 86, 187, 86, 139, 199, 90, 176, 140, + 86, 202, 191, 192, 200, 345, 188, 231, 266, 141, + 142, 193, 143, 144, 205, 86, 145, 194, 214, 195, + 171, 86, 201, 146, 91, 196, 197, 147, 148, 191, + 192, 86, 86, 209, 86, 86, 86, 86, 193, 203, + 144, 205, 86, 145, 194, 214, 195, 211, 204, 201, + 146, 213, 196, 197, 147, 148, 206, 207, 210, 230, + 209, 86, 212, 219, 208, 1245, 203, 86, 169, 86, + 86, 167, 86, 86, 211, 204, 215, 222, 213, 216, + + 221, 229, 86, 206, 207, 210, 230, 220, 86, 212, + 166, 208, 217, 218, 86, 86, 86, 223, 224, 86, + 86, 234, 225, 215, 222, 227, 216, 221, 229, 232, + 228, 238, 235, 86, 220, 164, 233, 236, 226, 217, + 218, 86, 86, 86, 223, 224, 237, 240, 234, 225, + 86, 86, 227, 86, 86, 162, 232, 228, 238, 235, + 239, 1404, 241, 233, 236, 226, 86, 251, 242, 86, + 86, 86, 243, 237, 240, 245, 247, 248, 244, 86, + 252, 86, 86, 86, 257, 253, 249, 239, 258, 241, + 86, 86, 250, 86, 251, 242, 259, 269, 86, 243, + + 86, 260, 245, 247, 248, 244, 254, 252, 86, 261, + 267, 257, 253, 249, 264, 3777, 86, 255, 86, 250, + 86, 256, 270, 259, 269, 265, 262, 273, 260, 263, + 86, 271, 268, 254, 86, 86, 261, 267, 86, 274, + 275, 264, 86, 272, 255, 3777, 277, 86, 256, 270, + 278, 276, 265, 262, 273, 86, 263, 3777, 271, 268, + 86, 86, 3777, 86, 3777, 279, 274, 275, 86, 165, + 272, 165, 165, 277, 165, 178, 178, 278, 276, 170, + 280, 170, 170, 90, 170, 90, 90, 281, 90, 171, + 283, 175, 279, 175, 175, 3777, 175, 284, 288, 86, + + 285, 282, 86, 286, 86, 290, 291, 280, 293, 86, + 287, 3777, 289, 86, 86, 86, 292, 283, 86, 86, + 294, 173, 86, 295, 284, 288, 299, 285, 282, 300, + 286, 86, 290, 291, 296, 293, 86, 287, 86, 289, + 297, 86, 298, 292, 86, 310, 311, 294, 86, 323, + 295, 314, 312, 299, 302, 86, 300, 313, 303, 86, + 86, 86, 317, 318, 315, 316, 86, 297, 319, 298, + 86, 86, 310, 311, 321, 304, 323, 86, 314, 3777, + 324, 3777, 86, 322, 86, 303, 86, 86, 3777, 317, + 318, 315, 316, 86, 325, 328, 320, 86, 3777, 349, + + 86, 321, 304, 305, 86, 86, 86, 324, 306, 326, + 322, 329, 327, 307, 3777, 330, 3777, 338, 337, 308, + 309, 325, 328, 320, 86, 86, 86, 336, 86, 340, + 305, 86, 341, 86, 344, 306, 326, 86, 329, 327, + 307, 86, 330, 342, 338, 337, 308, 309, 331, 86, + 350, 332, 346, 333, 336, 86, 340, 3777, 352, 353, + 3777, 344, 348, 354, 86, 334, 347, 335, 86, 357, + 342, 355, 86, 358, 86, 331, 356, 350, 332, 3777, + 333, 359, 86, 3777, 86, 361, 353, 86, 364, 348, + 86, 86, 334, 347, 335, 86, 86, 360, 355, 365, + + 358, 86, 86, 356, 86, 362, 86, 366, 359, 367, + 368, 369, 361, 371, 363, 364, 370, 372, 86, 86, + 86, 86, 373, 86, 360, 374, 365, 86, 86, 378, + 375, 86, 362, 376, 366, 382, 367, 368, 369, 86, + 371, 363, 381, 370, 383, 377, 384, 86, 3777, 86, + 86, 86, 374, 379, 380, 386, 86, 375, 86, 385, + 376, 86, 86, 86, 388, 387, 389, 86, 86, 381, + 390, 383, 377, 384, 391, 392, 393, 395, 86, 3777, + 379, 380, 386, 394, 86, 86, 385, 398, 396, 86, + 86, 399, 387, 3777, 3777, 401, 86, 390, 86, 86, + + 403, 402, 392, 393, 86, 404, 86, 405, 400, 86, + 394, 397, 3777, 86, 406, 171, 86, 407, 399, 86, + 86, 86, 401, 86, 409, 408, 86, 403, 402, 86, + 410, 411, 404, 412, 405, 400, 414, 413, 397, 86, + 416, 406, 415, 418, 407, 419, 86, 417, 421, 422, + 86, 409, 408, 86, 86, 86, 86, 420, 86, 86, + 412, 86, 86, 86, 413, 423, 424, 416, 86, 415, + 418, 425, 419, 427, 417, 421, 86, 428, 3777, 429, + 437, 86, 86, 430, 420, 431, 434, 3777, 86, 86, + 433, 86, 423, 424, 86, 438, 3777, 86, 425, 432, + + 427, 435, 436, 86, 428, 86, 429, 437, 439, 86, + 430, 86, 431, 434, 86, 440, 441, 433, 442, 86, + 86, 86, 443, 447, 448, 445, 432, 86, 435, 436, + 450, 446, 452, 451, 3777, 439, 454, 86, 86, 444, + 453, 86, 86, 441, 455, 86, 457, 86, 449, 443, + 86, 86, 445, 86, 86, 86, 86, 450, 446, 452, + 451, 456, 86, 454, 458, 459, 444, 453, 86, 86, + 86, 455, 86, 457, 86, 449, 460, 461, 465, 464, + 467, 462, 3777, 3777, 3777, 466, 86, 475, 456, 483, + 492, 458, 459, 474, 86, 86, 86, 476, 463, 3777, + + 3777, 484, 86, 460, 461, 86, 464, 467, 462, 86, + 86, 86, 466, 86, 475, 86, 483, 86, 485, 86, + 474, 486, 487, 491, 476, 463, 468, 488, 484, 469, + 495, 496, 489, 86, 470, 471, 472, 473, 3777, 512, + 3777, 3777, 86, 86, 86, 485, 86, 86, 486, 487, + 491, 3777, 519, 468, 3777, 3777, 469, 495, 496, 86, + 499, 470, 471, 472, 473, 477, 493, 478, 500, 494, + 501, 86, 497, 498, 3777, 503, 86, 504, 86, 479, + 480, 481, 86, 482, 86, 3777, 86, 499, 526, 86, + 502, 510, 477, 493, 478, 500, 494, 86, 86, 497, + + 498, 86, 503, 86, 504, 507, 479, 480, 481, 505, + 482, 86, 86, 506, 508, 509, 511, 502, 510, 513, + 86, 514, 518, 86, 517, 86, 533, 86, 86, 86, + 515, 86, 507, 520, 3777, 532, 505, 516, 531, 534, + 506, 508, 509, 511, 86, 86, 513, 521, 514, 518, + 525, 517, 523, 522, 524, 86, 86, 515, 86, 576, + 520, 86, 532, 86, 516, 531, 86, 3777, 535, 86, + 527, 548, 591, 551, 521, 549, 86, 525, 86, 523, + 522, 524, 579, 528, 552, 86, 529, 3777, 530, 86, + 86, 86, 553, 550, 86, 535, 86, 527, 548, 86, + + 551, 3777, 549, 3777, 86, 86, 3777, 554, 556, 579, + 528, 552, 566, 529, 565, 530, 536, 567, 537, 553, + 550, 86, 568, 555, 538, 569, 86, 645, 539, 572, + 86, 86, 570, 540, 554, 556, 541, 86, 571, 566, + 575, 565, 86, 536, 171, 537, 86, 3777, 86, 86, + 555, 538, 569, 574, 86, 539, 572, 3777, 573, 570, + 540, 578, 86, 541, 542, 571, 543, 575, 577, 3777, + 86, 86, 581, 671, 580, 588, 583, 86, 86, 544, + 574, 582, 545, 1008, 546, 573, 547, 86, 578, 585, + 86, 542, 586, 543, 584, 577, 86, 86, 86, 86, + + 671, 580, 588, 583, 86, 587, 544, 589, 582, 545, + 590, 546, 86, 547, 557, 558, 585, 86, 592, 586, + 594, 584, 86, 593, 559, 560, 561, 562, 563, 86, + 86, 564, 587, 595, 589, 86, 596, 590, 597, 86, + 86, 557, 558, 3777, 86, 592, 86, 594, 598, 599, + 593, 559, 560, 561, 562, 563, 600, 601, 564, 86, + 595, 604, 602, 603, 608, 597, 605, 606, 86, 86, + 86, 86, 86, 607, 612, 598, 599, 86, 609, 610, + 86, 3777, 615, 3777, 613, 86, 86, 616, 604, 602, + 603, 608, 617, 605, 606, 86, 611, 86, 86, 614, + + 607, 612, 618, 86, 86, 609, 610, 86, 86, 615, + 633, 613, 619, 86, 616, 620, 631, 632, 634, 617, + 644, 86, 635, 611, 621, 622, 614, 636, 86, 618, + 639, 640, 86, 638, 86, 86, 623, 633, 624, 619, + 86, 86, 620, 86, 632, 634, 641, 644, 86, 635, + 637, 621, 622, 86, 86, 86, 86, 639, 640, 86, + 638, 3777, 642, 623, 643, 624, 625, 647, 86, 86, + 646, 649, 648, 641, 626, 627, 3777, 637, 628, 629, + 3777, 86, 630, 651, 650, 3777, 3777, 3777, 86, 642, + 86, 643, 86, 625, 647, 86, 653, 646, 86, 648, + + 654, 626, 627, 86, 655, 628, 629, 86, 652, 630, + 651, 650, 656, 657, 86, 663, 659, 658, 86, 660, + 662, 661, 86, 653, 86, 86, 86, 654, 86, 664, + 86, 655, 665, 3777, 86, 652, 667, 86, 666, 656, + 657, 670, 663, 659, 658, 86, 660, 662, 661, 668, + 672, 86, 669, 86, 673, 86, 664, 3777, 86, 665, + 674, 3777, 86, 667, 675, 666, 86, 86, 670, 676, + 677, 86, 678, 679, 681, 86, 668, 680, 86, 669, + 86, 673, 86, 86, 86, 686, 688, 674, 86, 86, + 690, 675, 689, 684, 687, 86, 676, 677, 692, 678, + + 679, 681, 86, 682, 680, 683, 685, 86, 699, 691, + 86, 86, 86, 86, 695, 3777, 696, 86, 86, 689, + 684, 687, 86, 693, 701, 692, 694, 697, 698, 86, + 682, 86, 683, 685, 702, 3777, 691, 700, 86, 86, + 86, 695, 86, 696, 86, 704, 86, 705, 86, 710, + 693, 701, 708, 694, 697, 698, 706, 703, 86, 707, + 709, 86, 713, 712, 700, 86, 86, 715, 711, 86, + 86, 86, 704, 86, 705, 86, 710, 3777, 727, 708, + 86, 86, 764, 706, 703, 86, 707, 709, 714, 713, + 712, 724, 726, 725, 715, 711, 86, 3777, 86, 86, + + 728, 86, 3777, 729, 86, 727, 730, 3777, 86, 731, + 3777, 748, 734, 86, 86, 714, 716, 86, 724, 726, + 725, 717, 732, 718, 86, 86, 733, 728, 3777, 719, + 729, 720, 86, 730, 721, 722, 731, 735, 748, 734, + 743, 723, 86, 716, 86, 744, 3777, 739, 717, 732, + 718, 86, 737, 733, 742, 738, 719, 736, 720, 86, + 740, 721, 722, 86, 735, 86, 86, 743, 723, 86, + 741, 745, 744, 746, 739, 86, 747, 3777, 749, 737, + 86, 742, 738, 750, 736, 753, 751, 752, 754, 755, + 757, 3777, 86, 769, 86, 86, 86, 741, 745, 86, + + 746, 86, 86, 747, 86, 749, 756, 759, 86, 760, + 750, 86, 753, 751, 752, 754, 755, 757, 758, 86, + 761, 762, 765, 763, 767, 86, 86, 766, 86, 768, + 86, 770, 86, 756, 759, 774, 760, 86, 86, 86, + 772, 773, 86, 86, 86, 758, 171, 761, 762, 765, + 763, 767, 771, 776, 766, 86, 768, 777, 770, 778, + 86, 86, 774, 86, 780, 783, 775, 772, 773, 86, + 779, 781, 86, 782, 784, 791, 792, 786, 785, 771, + 776, 793, 787, 798, 86, 86, 86, 86, 86, 86, + 86, 86, 783, 775, 795, 796, 86, 779, 801, 86, + + 782, 784, 791, 86, 786, 785, 86, 788, 86, 787, + 794, 799, 800, 802, 789, 86, 806, 790, 803, 804, + 805, 86, 86, 810, 86, 86, 86, 807, 86, 811, + 86, 86, 809, 808, 788, 812, 816, 794, 86, 86, + 86, 789, 86, 806, 790, 86, 804, 805, 813, 815, + 810, 86, 86, 86, 807, 86, 811, 86, 814, 809, + 808, 818, 812, 817, 819, 820, 86, 821, 86, 822, + 86, 823, 86, 86, 826, 813, 815, 3777, 825, 829, + 86, 830, 86, 86, 86, 814, 827, 86, 818, 3777, + 817, 819, 820, 824, 821, 86, 822, 86, 823, 86, + + 86, 826, 828, 86, 831, 825, 837, 3777, 830, 86, + 832, 86, 836, 827, 838, 833, 839, 86, 834, 835, + 824, 86, 840, 86, 843, 841, 844, 86, 3777, 828, + 846, 831, 86, 837, 86, 842, 86, 832, 845, 836, + 850, 838, 833, 839, 86, 834, 835, 86, 86, 840, + 847, 843, 841, 849, 86, 852, 86, 846, 86, 851, + 853, 857, 842, 854, 86, 845, 86, 850, 86, 86, + 855, 856, 848, 86, 858, 86, 859, 847, 863, 867, + 849, 86, 852, 86, 86, 861, 851, 853, 857, 862, + 854, 86, 860, 86, 86, 86, 865, 855, 856, 848, + + 86, 86, 864, 859, 868, 863, 866, 86, 869, 870, + 871, 86, 861, 86, 86, 872, 862, 873, 874, 860, + 880, 86, 3777, 865, 876, 86, 86, 875, 878, 864, + 877, 868, 86, 866, 881, 869, 86, 86, 86, 879, + 86, 86, 872, 86, 873, 874, 882, 86, 883, 885, + 86, 876, 86, 886, 875, 878, 86, 877, 884, 889, + 86, 881, 887, 890, 86, 894, 879, 888, 904, 891, + 3777, 86, 86, 86, 895, 883, 885, 86, 86, 899, + 886, 896, 86, 892, 893, 884, 889, 897, 898, 905, + 890, 86, 900, 901, 86, 86, 891, 86, 908, 86, + + 86, 895, 902, 909, 86, 86, 899, 910, 896, 86, + 892, 893, 86, 86, 897, 898, 905, 903, 906, 900, + 901, 911, 912, 86, 913, 914, 86, 916, 907, 902, + 86, 915, 86, 86, 910, 3777, 86, 86, 921, 920, + 86, 922, 923, 3777, 903, 906, 86, 86, 911, 912, + 86, 913, 914, 917, 916, 907, 918, 3777, 915, 919, + 86, 924, 86, 925, 86, 86, 920, 86, 922, 923, + 86, 927, 926, 86, 931, 86, 928, 930, 934, 86, + 917, 86, 933, 918, 932, 929, 919, 938, 924, 86, + 925, 86, 3777, 86, 935, 86, 3777, 3777, 927, 926, + + 86, 936, 86, 928, 930, 934, 86, 86, 937, 933, + 86, 932, 929, 939, 938, 940, 86, 944, 941, 946, + 947, 935, 86, 942, 943, 86, 86, 86, 936, 945, + 3777, 948, 86, 86, 3777, 937, 949, 86, 952, 950, + 939, 86, 940, 3777, 944, 941, 946, 947, 954, 953, + 942, 943, 86, 951, 86, 957, 945, 86, 948, 86, + 955, 86, 86, 949, 956, 952, 950, 959, 958, 86, + 86, 86, 86, 960, 961, 954, 953, 86, 3777, 966, + 951, 962, 957, 963, 965, 967, 970, 955, 86, 86, + 964, 956, 969, 86, 959, 958, 968, 86, 86, 86, + + 960, 961, 971, 86, 86, 86, 966, 86, 962, 972, + 963, 965, 967, 974, 86, 973, 975, 964, 86, 969, + 976, 977, 978, 968, 171, 979, 86, 980, 983, 971, + 987, 86, 86, 86, 86, 86, 972, 984, 86, 985, + 974, 3777, 973, 975, 989, 86, 990, 976, 977, 978, + 981, 86, 979, 986, 86, 86, 994, 86, 982, 86, + 988, 86, 86, 991, 984, 992, 985, 86, 86, 86, + 993, 989, 995, 990, 996, 997, 86, 981, 86, 86, + 986, 998, 999, 86, 86, 982, 1023, 988, 86, 86, + 991, 86, 992, 3777, 86, 1007, 1009, 993, 1010, 995, + + 3777, 996, 997, 3777, 1015, 1011, 86, 86, 998, 999, + 1000, 1014, 1013, 1001, 1012, 86, 86, 1002, 86, 86, + 1003, 1056, 1007, 1009, 1017, 1010, 86, 1004, 1005, 86, + 1006, 1015, 1011, 86, 1018, 86, 1016, 1000, 1014, 1013, + 1001, 1012, 1019, 1020, 1002, 1033, 1022, 1003, 86, 1021, + 86, 1017, 86, 86, 1004, 1005, 3777, 1006, 86, 86, + 86, 1018, 86, 1016, 1032, 1035, 1036, 86, 1071, 1019, + 1020, 86, 1033, 1022, 86, 1034, 1021, 1024, 1025, 1037, + 1026, 86, 86, 1027, 3777, 1038, 3777, 1040, 1028, 86, + 1041, 1032, 1035, 1036, 1029, 1030, 1042, 1031, 86, 1043, + + 86, 1039, 1034, 86, 1024, 1025, 1037, 1026, 86, 86, + 1027, 86, 1038, 1045, 1040, 1028, 1048, 1041, 86, 1049, + 1050, 1029, 1030, 1042, 1031, 1044, 1043, 86, 1039, 1046, + 1052, 1051, 86, 1053, 1047, 1054, 86, 86, 3777, 1057, + 1045, 1055, 3777, 1048, 1061, 86, 1049, 1050, 3777, 1060, + 1058, 86, 1044, 86, 1063, 86, 86, 1052, 1051, 86, + 1053, 86, 1054, 86, 86, 86, 1057, 1059, 1055, 1064, + 1062, 1061, 86, 86, 1065, 86, 1060, 1058, 86, 1066, + 1068, 1063, 1067, 1069, 1073, 1070, 86, 1077, 1074, 86, + 86, 1072, 86, 1075, 1059, 86, 1064, 1062, 86, 1076, + + 1082, 1065, 1081, 1083, 1084, 1078, 1066, 1068, 86, 1067, + 1069, 86, 1070, 86, 86, 1079, 1085, 1080, 1072, 86, + 86, 86, 86, 86, 86, 1087, 1076, 1082, 86, 1086, + 1088, 1084, 1078, 1092, 86, 86, 1089, 86, 1091, 1090, + 1096, 1093, 1079, 1085, 1080, 86, 1097, 86, 86, 1094, + 1095, 86, 86, 1098, 86, 86, 1086, 86, 86, 86, + 1092, 1099, 1100, 1089, 86, 1091, 1090, 1096, 1093, 86, + 1101, 1102, 1105, 1097, 1103, 1106, 1094, 1095, 1104, 86, + 86, 86, 1107, 86, 1108, 86, 86, 1112, 1099, 1100, + 86, 1110, 1109, 86, 1111, 1114, 1113, 86, 86, 1105, + + 86, 1103, 1106, 86, 1118, 1104, 86, 1119, 3777, 1107, + 86, 1108, 1115, 86, 1112, 86, 86, 86, 1110, 1109, + 1116, 1111, 1114, 1113, 1120, 1117, 86, 1121, 1122, 1123, + 1128, 1118, 86, 86, 1119, 86, 86, 1125, 1124, 1115, + 1130, 1127, 1129, 1131, 3777, 1126, 86, 86, 86, 86, + 3777, 1120, 86, 1132, 1121, 1122, 1123, 86, 1135, 1137, + 1142, 86, 86, 86, 1125, 1124, 86, 1130, 1127, 1129, + 1131, 1133, 1126, 1139, 1134, 86, 1136, 86, 86, 1141, + 1132, 86, 1140, 86, 1138, 1135, 1137, 86, 86, 1143, + 1144, 86, 86, 1145, 1146, 1147, 86, 1148, 1133, 1150, + + 1139, 1134, 86, 1136, 86, 86, 1141, 86, 86, 1140, + 1149, 1138, 86, 1151, 1152, 1153, 1143, 1144, 86, 3777, + 1145, 1146, 1147, 86, 1148, 1154, 1150, 1155, 1157, 86, + 1163, 1156, 86, 1164, 1159, 86, 1158, 1149, 86, 86, + 1151, 86, 1153, 86, 1161, 86, 1162, 86, 1160, 1166, + 1169, 86, 1154, 86, 1155, 1157, 86, 1165, 1156, 1167, + 1168, 1159, 86, 1158, 1170, 86, 1171, 86, 1172, 3777, + 86, 1161, 86, 1162, 1176, 1160, 86, 1173, 1175, 1178, + 86, 86, 86, 1177, 1165, 1174, 1167, 1168, 1179, 86, + 1180, 1183, 86, 1171, 1181, 1172, 86, 1185, 1186, 1182, + + 86, 1176, 3777, 86, 1173, 1175, 1187, 86, 1184, 86, + 1177, 86, 1174, 86, 86, 86, 1188, 1180, 1193, 1194, + 86, 1181, 1191, 86, 86, 1186, 1182, 1192, 86, 1189, + 86, 1190, 1196, 1187, 1195, 1184, 1201, 86, 1198, 86, + 86, 1197, 86, 1188, 1199, 1193, 1194, 1200, 86, 1202, + 86, 1212, 3777, 1203, 171, 86, 1189, 1204, 1190, 1196, + 86, 1195, 86, 1201, 86, 1198, 86, 86, 1197, 1205, + 1242, 1199, 3777, 86, 1200, 86, 1202, 1214, 1212, 1215, + 1203, 1213, 1216, 3777, 1204, 1217, 3777, 86, 1223, 1219, + 1218, 86, 1221, 1224, 3777, 3777, 1205, 1206, 1220, 1207, + + 86, 86, 86, 1208, 1214, 1209, 1215, 86, 1213, 86, + 1210, 86, 1217, 86, 86, 1211, 1219, 1218, 1222, 1221, + 86, 86, 1225, 1226, 1206, 1220, 1207, 1229, 3777, 1227, + 1208, 86, 1209, 1230, 1234, 1233, 86, 1210, 1232, 86, + 86, 1228, 1211, 1231, 1235, 1222, 1237, 86, 1238, 1225, + 1226, 1240, 86, 86, 1229, 86, 1227, 86, 1236, 86, + 1230, 1234, 1233, 1243, 86, 1232, 86, 1239, 1228, 1241, + 1231, 86, 86, 1237, 1244, 1238, 1246, 1247, 1240, 1248, + 1258, 3777, 86, 1249, 3777, 1236, 1259, 86, 1257, 86, + 1260, 86, 86, 1261, 1239, 86, 1241, 3777, 1265, 86, + + 1262, 86, 86, 86, 1247, 86, 1248, 1258, 86, 86, + 1249, 1250, 1263, 1259, 1270, 1257, 1251, 1260, 1252, 86, + 1261, 1264, 86, 3777, 1253, 1265, 1273, 1262, 1266, 1254, + 1255, 86, 1267, 1269, 86, 86, 1256, 86, 1250, 1263, + 86, 86, 1268, 1251, 86, 1252, 86, 1272, 1264, 1271, + 86, 1253, 1275, 1273, 1274, 1266, 1254, 1255, 1276, 1267, + 1269, 86, 86, 1256, 1277, 86, 1278, 86, 1279, 1268, + 1280, 86, 1281, 1284, 1272, 86, 1271, 3777, 1282, 1275, + 1285, 1274, 1283, 1288, 1286, 1276, 86, 86, 1291, 86, + 1287, 86, 1290, 1278, 3777, 1279, 86, 1289, 86, 1281, + + 1284, 86, 86, 86, 86, 1282, 86, 1292, 1293, 1283, + 1288, 1286, 86, 1296, 1294, 86, 86, 1287, 1298, 1290, + 86, 1295, 1297, 3777, 1289, 86, 86, 1304, 86, 86, + 1301, 1303, 1299, 86, 1292, 1293, 86, 1300, 86, 1306, + 1296, 1294, 1302, 1305, 1309, 1298, 86, 3777, 1295, 1297, + 86, 86, 86, 1308, 1304, 86, 86, 1301, 1307, 1299, + 86, 1311, 1312, 86, 1300, 1310, 1306, 1313, 1314, 1302, + 1305, 86, 3777, 86, 86, 86, 86, 1315, 1316, 86, + 1308, 1317, 1320, 1318, 1321, 1307, 1319, 3777, 1311, 1312, + 86, 1322, 1310, 1326, 1313, 1314, 3777, 1324, 1327, 86, + + 86, 86, 1331, 86, 1315, 1316, 1325, 1323, 1317, 86, + 1318, 86, 86, 1319, 86, 1330, 86, 86, 1322, 86, + 1328, 1333, 1332, 1329, 1324, 86, 86, 86, 86, 1331, + 1334, 1335, 1337, 1325, 1323, 86, 1338, 1336, 1339, 1340, + 86, 86, 1330, 1341, 86, 86, 86, 1328, 1333, 1332, + 1329, 86, 1342, 1343, 1345, 86, 1344, 1334, 1335, 1337, + 3777, 1346, 1347, 1348, 1336, 1339, 86, 86, 86, 1350, + 1341, 86, 1351, 1352, 86, 1349, 1353, 1354, 86, 1342, + 1343, 1345, 86, 1344, 86, 86, 86, 86, 1346, 1347, + 1348, 86, 1356, 1358, 86, 86, 1350, 1355, 86, 1351, + + 1352, 1357, 1349, 1353, 1354, 1359, 1361, 86, 86, 1360, + 1362, 3777, 1363, 86, 1364, 86, 1367, 1368, 1365, 1356, + 1369, 1370, 1366, 86, 1355, 86, 86, 86, 1357, 86, + 1371, 86, 86, 1361, 86, 1374, 1360, 1362, 86, 1363, + 86, 1364, 1372, 1367, 1368, 1365, 1373, 1376, 1375, 1366, + 1377, 1378, 86, 86, 1379, 1380, 1382, 3777, 1381, 3777, + 86, 86, 86, 3777, 86, 1395, 1383, 86, 86, 1372, + 86, 1384, 86, 1373, 1385, 1375, 1388, 1377, 1378, 86, + 86, 1379, 1386, 86, 86, 1381, 1387, 86, 1389, 86, + 1390, 86, 1391, 1383, 86, 1392, 86, 86, 1384, 1394, + + 86, 1385, 1396, 1388, 86, 1393, 86, 86, 1398, 1386, + 1399, 1397, 86, 1387, 86, 1389, 1400, 1390, 1401, 1391, + 86, 1402, 1392, 86, 86, 1408, 1394, 86, 1406, 1410, + 86, 86, 1393, 1403, 86, 1398, 86, 86, 1397, 1407, + 1405, 1419, 86, 1400, 1411, 1401, 86, 86, 1402, 86, + 1409, 1412, 1408, 1413, 1414, 1406, 86, 1415, 86, 86, + 1403, 171, 1416, 86, 1417, 1418, 1407, 1405, 1419, 1421, + 86, 1411, 1423, 86, 86, 86, 1420, 1409, 1412, 86, + 1413, 1414, 1424, 1422, 1415, 1426, 1425, 86, 86, 1416, + 86, 1417, 1418, 1427, 1428, 1429, 86, 86, 1430, 3777, + + 3777, 1431, 1434, 1420, 86, 1432, 1438, 86, 86, 3777, + 1422, 86, 1426, 1425, 86, 1435, 86, 86, 86, 1433, + 1427, 1428, 1429, 86, 1436, 1430, 86, 86, 1431, 1434, + 1437, 1439, 1432, 86, 1440, 86, 86, 1441, 86, 1442, + 1443, 1444, 1435, 86, 86, 1451, 1433, 86, 1448, 86, + 1445, 1436, 1446, 3777, 1449, 1447, 1450, 1437, 1439, 1461, + 86, 1440, 1455, 86, 1441, 1452, 1442, 1443, 1444, 1454, + 86, 86, 86, 1453, 3777, 1448, 1457, 1445, 86, 1446, + 86, 1449, 1447, 1450, 1458, 86, 86, 1459, 1456, 1455, + 1460, 86, 1452, 86, 86, 86, 1454, 86, 1462, 1463, + + 1453, 1465, 1464, 1457, 1466, 86, 86, 3777, 1467, 86, + 1468, 1458, 86, 1471, 1459, 1456, 1469, 1460, 86, 1470, + 86, 1472, 1473, 86, 3777, 1462, 1463, 1487, 1465, 1464, + 86, 86, 86, 1474, 86, 1467, 86, 1468, 1476, 86, + 1471, 86, 1475, 1469, 1478, 86, 1470, 1477, 1472, 1473, + 86, 1480, 1479, 1481, 1484, 1483, 86, 1482, 1485, 86, + 1474, 86, 86, 86, 86, 1476, 86, 1486, 3777, 1475, + 86, 1478, 86, 1490, 1477, 86, 3777, 1491, 1480, 1479, + 1481, 1484, 1483, 86, 1482, 1485, 1488, 1493, 1489, 86, + 1492, 86, 3777, 86, 1486, 86, 1496, 1494, 86, 1495, + + 1490, 86, 86, 1497, 1491, 86, 1499, 1500, 86, 1498, + 1502, 3777, 1501, 1488, 1493, 1489, 86, 1492, 1505, 86, + 1503, 1504, 1509, 1496, 1494, 86, 1495, 86, 1506, 86, + 86, 1510, 86, 1512, 1500, 86, 1498, 1502, 86, 1501, + 86, 1507, 1511, 86, 86, 1505, 1508, 1503, 1504, 1509, + 1520, 1522, 1521, 1524, 3777, 1506, 86, 1526, 1510, 86, + 1512, 1523, 3777, 1527, 86, 3777, 1525, 3777, 3777, 1511, + 86, 1529, 1528, 86, 1513, 86, 1531, 1520, 1514, 1521, + 1524, 1515, 1516, 86, 86, 86, 1517, 86, 1523, 86, + 1527, 3777, 1518, 1525, 86, 1536, 1519, 86, 1529, 1528, + + 86, 1513, 86, 1531, 1530, 1514, 1535, 1539, 1515, 1516, + 86, 1534, 1532, 1517, 1533, 86, 1537, 3777, 86, 1518, + 1538, 3777, 1540, 1519, 1541, 86, 1543, 86, 1544, 86, + 1542, 1530, 1547, 1535, 1539, 86, 86, 1545, 1534, 1532, + 1546, 1533, 1548, 86, 86, 3777, 86, 1538, 86, 1540, + 3777, 1541, 1549, 1543, 86, 1555, 3777, 1542, 86, 1547, + 86, 1556, 3777, 1561, 1545, 86, 86, 1557, 1560, 1548, + 1558, 1559, 86, 1569, 86, 3777, 1563, 86, 86, 1549, + 1550, 3777, 1555, 86, 86, 1551, 86, 1552, 1556, 1553, + 1561, 1554, 1562, 86, 1557, 1560, 1564, 1565, 86, 86, + + 1569, 1566, 1568, 1563, 86, 86, 1567, 1550, 1570, 1571, + 1572, 1576, 1551, 1573, 1552, 86, 1553, 1574, 1554, 1562, + 86, 86, 86, 1564, 1565, 86, 1575, 1578, 86, 1568, + 86, 1577, 1579, 86, 1580, 1570, 1571, 1572, 1581, 86, + 1573, 1585, 86, 86, 1574, 1583, 1584, 86, 1587, 1582, + 86, 86, 1588, 1575, 1578, 1590, 3777, 86, 1577, 1579, + 86, 1580, 86, 86, 1591, 1581, 86, 1586, 1585, 86, + 86, 1589, 1583, 1584, 1592, 1587, 1582, 1595, 1593, 86, + 1597, 1594, 86, 86, 1599, 86, 86, 1600, 1596, 1598, + 1601, 1591, 3777, 3777, 1586, 1605, 86, 1610, 1589, 86, + + 1607, 1592, 86, 86, 1595, 1593, 86, 86, 1594, 1608, + 86, 86, 86, 86, 1600, 1596, 1598, 1601, 1602, 1603, + 1604, 1606, 86, 1609, 86, 86, 86, 1607, 86, 86, + 86, 1611, 1613, 86, 1612, 1614, 1608, 1616, 1618, 1615, + 1617, 3777, 1619, 3777, 86, 1602, 1603, 1604, 1606, 86, + 1609, 1620, 86, 86, 86, 86, 1621, 86, 1611, 1613, + 86, 1612, 1614, 86, 1616, 1618, 1615, 1617, 1622, 1619, + 1623, 1624, 3777, 86, 1625, 86, 1627, 1626, 1620, 1631, + 1632, 1628, 1630, 1621, 1635, 86, 1629, 3777, 1633, 3777, + 86, 1638, 1634, 86, 86, 1622, 86, 1623, 1624, 86, + + 86, 1625, 86, 1627, 1626, 1636, 86, 86, 1628, 1630, + 86, 86, 86, 1629, 86, 1633, 86, 1637, 1638, 1634, + 1639, 1640, 1642, 86, 1641, 86, 1643, 1644, 86, 1645, + 1646, 86, 1636, 1647, 86, 1648, 86, 1649, 1651, 171, + 3777, 3777, 1665, 86, 1637, 1650, 86, 86, 1640, 1642, + 1659, 1641, 1654, 1643, 1644, 1655, 1645, 1646, 86, 86, + 1652, 86, 86, 1656, 1649, 86, 1653, 86, 1657, 86, + 86, 1658, 1650, 86, 1663, 3777, 86, 1659, 86, 1654, + 86, 86, 1655, 1661, 1660, 86, 1667, 1652, 1662, 3777, + 1656, 86, 3777, 1653, 1664, 1657, 86, 86, 1658, 1668, + + 1666, 1663, 1672, 86, 86, 1673, 1674, 86, 86, 1669, + 1661, 1660, 3777, 1667, 1670, 1662, 1671, 1680, 1675, 86, + 86, 1664, 1681, 1682, 86, 86, 1668, 1666, 1676, 1672, + 86, 1677, 1673, 1674, 1678, 86, 86, 1679, 1683, 1684, + 86, 86, 3777, 1671, 1680, 1675, 1688, 86, 1686, 1681, + 1682, 1685, 1691, 1687, 86, 1676, 86, 3777, 1677, 1689, + 86, 1678, 86, 1690, 1679, 1692, 1684, 86, 1694, 1693, + 86, 1696, 86, 1688, 86, 1695, 1697, 86, 1685, 1691, + 86, 1698, 86, 86, 1701, 1705, 1689, 86, 1699, 1702, + 1690, 86, 1692, 86, 86, 1694, 1693, 86, 1696, 1704, + + 1700, 3777, 1695, 1697, 1703, 1706, 1709, 86, 1698, 86, + 86, 1701, 86, 86, 1707, 1699, 1702, 86, 1710, 86, + 86, 1708, 1711, 1714, 1713, 86, 1704, 1700, 1712, 86, + 86, 1703, 1706, 1709, 86, 1715, 86, 1720, 1716, 1717, + 1719, 1707, 1721, 86, 1724, 1710, 86, 86, 1708, 1711, + 1714, 1713, 86, 1718, 86, 1712, 1722, 86, 86, 86, + 1725, 1723, 1715, 86, 1720, 1716, 1717, 1719, 86, 1721, + 86, 1724, 1726, 1727, 86, 1728, 1729, 1734, 1730, 1731, + 1718, 1732, 1735, 1722, 1736, 1733, 86, 86, 1723, 3777, + 86, 1737, 86, 3777, 1738, 1741, 1742, 3777, 3777, 86, + + 1727, 86, 1728, 86, 86, 1730, 1731, 86, 1732, 86, + 1743, 1745, 1733, 1739, 86, 1740, 86, 86, 1737, 86, + 86, 1738, 86, 1742, 1744, 1748, 86, 1747, 86, 1749, + 1746, 1751, 3777, 86, 1750, 1753, 3777, 1743, 1745, 86, + 1739, 86, 1740, 86, 1752, 86, 1759, 1768, 86, 1760, + 86, 1744, 1748, 86, 1747, 86, 1749, 1746, 1751, 1754, + 1755, 1750, 1753, 1757, 1761, 1756, 86, 86, 1758, 1762, + 1763, 1752, 86, 1759, 1765, 86, 1760, 86, 1764, 86, + 1766, 1767, 86, 1774, 1769, 1770, 1754, 86, 86, 3777, + 86, 1761, 86, 1776, 86, 86, 1762, 1763, 1772, 1777, + + 86, 1765, 1771, 1773, 86, 1764, 86, 1766, 1767, 86, + 86, 1769, 1770, 1775, 86, 86, 1778, 1779, 1780, 1781, + 1776, 86, 3777, 3777, 86, 1772, 86, 86, 1782, 1771, + 1773, 86, 1785, 1783, 1784, 86, 86, 1786, 86, 1787, + 1775, 86, 1789, 1778, 1779, 1780, 1781, 86, 1788, 86, + 86, 1792, 1791, 1793, 1790, 1782, 1796, 3777, 3777, 1785, + 1783, 1784, 86, 1794, 1786, 86, 1787, 86, 1795, 1789, + 86, 1798, 86, 1799, 1797, 1788, 3777, 1804, 86, 1791, + 86, 1790, 1805, 1796, 1803, 86, 86, 86, 1800, 86, + 1794, 86, 1801, 86, 86, 1795, 1806, 1807, 1798, 86, + + 1799, 1797, 1808, 86, 1804, 1802, 1809, 1810, 86, 1805, + 1811, 1803, 1813, 86, 1814, 1800, 1812, 3777, 1821, 1801, + 1817, 3777, 86, 1806, 1807, 1815, 1816, 86, 86, 86, + 86, 1818, 1802, 1809, 1822, 1820, 86, 1811, 1819, 86, + 86, 1814, 86, 1812, 86, 1823, 1824, 1817, 86, 86, + 86, 1828, 1815, 1816, 86, 1826, 86, 1825, 1818, 1827, + 1829, 86, 1820, 86, 1830, 1819, 1831, 86, 1832, 1833, + 1834, 3777, 1823, 1837, 1836, 3777, 1839, 86, 86, 86, + 86, 86, 1826, 86, 1825, 86, 1827, 1829, 1835, 1847, + 86, 86, 1841, 1831, 86, 86, 1833, 1834, 86, 86, + + 1837, 1836, 1838, 1839, 1840, 1842, 1843, 1846, 1844, 86, + 1849, 86, 86, 1848, 1845, 1835, 86, 86, 86, 1841, + 86, 86, 1852, 3777, 86, 1854, 3777, 1859, 86, 1838, + 1851, 1840, 1842, 1843, 1846, 1844, 86, 1849, 1850, 86, + 1848, 1845, 86, 1853, 1856, 1855, 1857, 86, 1858, 1852, + 86, 86, 1854, 86, 86, 1860, 1861, 1851, 86, 1862, + 86, 1863, 1869, 86, 1865, 1850, 86, 1866, 86, 1864, + 1853, 1856, 1855, 1857, 3777, 1858, 1867, 86, 86, 1868, + 86, 1870, 1860, 1861, 86, 86, 1862, 1872, 1863, 86, + 86, 1865, 3777, 1871, 1866, 1874, 1864, 3777, 1875, 1873, + + 1878, 86, 1881, 1867, 86, 86, 1868, 86, 1870, 86, + 171, 86, 1880, 86, 1872, 1876, 1877, 1879, 1882, 86, + 1871, 1885, 1874, 86, 1883, 1875, 1873, 1878, 86, 1881, + 86, 86, 1886, 1887, 1884, 1891, 1890, 1889, 1893, 1880, + 86, 86, 1876, 1877, 1879, 1882, 1888, 1892, 86, 1894, + 86, 1883, 1895, 86, 86, 86, 1896, 1898, 86, 1886, + 1887, 1884, 86, 1890, 1889, 86, 1899, 86, 1901, 1897, + 86, 86, 1900, 1888, 1892, 86, 1894, 86, 86, 1895, + 1902, 1904, 3777, 86, 1898, 1903, 1906, 1909, 86, 1905, + 86, 1907, 3777, 1899, 86, 1901, 1897, 1910, 86, 1900, + + 1908, 86, 86, 1914, 86, 1916, 86, 1902, 1904, 86, + 86, 1915, 1903, 1906, 1909, 1919, 1905, 86, 1907, 1911, + 1921, 1917, 1912, 1918, 1910, 1922, 1920, 1908, 86, 86, + 1924, 1927, 1916, 86, 1913, 86, 1923, 86, 1915, 86, + 1925, 86, 1919, 86, 86, 1929, 1911, 1921, 1917, 1912, + 1918, 1926, 86, 1920, 1928, 3777, 1931, 86, 1927, 1932, + 1930, 1913, 86, 1923, 1934, 1935, 1933, 1936, 86, 1937, + 86, 86, 86, 86, 86, 1938, 1939, 86, 1926, 1940, + 86, 1928, 86, 1931, 3777, 1943, 1932, 1930, 1942, 86, + 1941, 1934, 1935, 1933, 86, 1945, 1944, 1948, 86, 86, + + 3777, 86, 1946, 1939, 86, 86, 1949, 86, 1947, 86, + 86, 86, 86, 86, 1950, 1942, 1953, 1941, 86, 1951, + 86, 1952, 1945, 1944, 1948, 86, 1954, 86, 86, 1946, + 1956, 1955, 86, 1949, 86, 1947, 1957, 1959, 1962, 1958, + 1963, 1950, 1961, 1953, 86, 1960, 1951, 86, 1952, 1966, + 1964, 1971, 86, 1954, 86, 86, 86, 1956, 1955, 86, + 86, 86, 86, 1957, 1959, 1967, 1958, 1963, 1965, 1961, + 86, 1969, 1960, 1970, 1972, 86, 1966, 1964, 86, 1974, + 1973, 86, 1975, 1968, 1976, 1978, 1977, 3777, 86, 86, + 3777, 86, 1967, 3777, 86, 1965, 86, 86, 1969, 86, + + 1970, 1972, 86, 1980, 1981, 1979, 1974, 1973, 86, 1975, + 1968, 1976, 1978, 1977, 86, 1982, 86, 1985, 1988, 1983, + 86, 86, 1984, 1989, 1986, 1990, 1991, 1995, 86, 1987, + 1980, 1981, 1979, 1992, 1993, 86, 86, 86, 1994, 3777, + 2000, 1996, 1982, 86, 1985, 1988, 1983, 86, 86, 1984, + 1989, 1986, 86, 86, 86, 86, 1987, 1998, 1997, 1999, + 1992, 1993, 86, 2001, 86, 1994, 86, 2000, 1996, 86, + 2002, 2004, 2003, 2005, 2009, 2006, 2010, 86, 2011, 86, + 86, 86, 86, 86, 1998, 1997, 1999, 2012, 2013, 3777, + 2001, 86, 86, 2007, 86, 2015, 2008, 2002, 2004, 2003, + + 2005, 2009, 2006, 2010, 2016, 2014, 2017, 2018, 86, 86, + 86, 86, 86, 86, 86, 2013, 2019, 2021, 86, 86, + 2007, 2020, 2015, 2008, 2023, 2022, 86, 2024, 3777, 2025, + 2027, 2016, 2014, 2017, 2018, 2026, 86, 2036, 3777, 86, + 86, 86, 2028, 2035, 2021, 2029, 86, 2031, 86, 2030, + 2033, 2023, 2022, 2034, 2024, 86, 2025, 2027, 2038, 86, + 86, 2032, 2026, 2046, 2036, 86, 2041, 86, 86, 2028, + 2035, 86, 2029, 86, 2031, 2037, 2030, 2033, 2039, 86, + 2034, 86, 2042, 2040, 2043, 2038, 2044, 2045, 2032, 86, + 2047, 2048, 2049, 2041, 86, 86, 2052, 2057, 2050, 86, + + 86, 3777, 2037, 2051, 2061, 2053, 3777, 3777, 86, 2042, + 86, 2043, 2054, 2044, 2045, 2055, 86, 2047, 86, 86, + 86, 2056, 86, 2058, 86, 2050, 86, 2059, 86, 86, + 2051, 2067, 2053, 2060, 86, 2063, 86, 86, 2062, 2054, + 2066, 2064, 2055, 86, 2065, 2068, 2070, 2069, 2056, 86, + 2058, 86, 86, 86, 2059, 2071, 2076, 86, 2067, 86, + 2060, 86, 2063, 86, 86, 2062, 2072, 2066, 2064, 86, + 2073, 2065, 2068, 2070, 2069, 2074, 2077, 2078, 2079, 86, + 2080, 3777, 2071, 86, 2081, 2082, 2084, 2083, 86, 2085, + 2086, 86, 86, 2072, 86, 86, 2075, 2073, 2088, 3777, + + 2090, 86, 86, 86, 2078, 2079, 2092, 86, 86, 86, + 2087, 2081, 2082, 86, 2083, 86, 2085, 2089, 2093, 2095, + 2096, 2091, 86, 2075, 2094, 2088, 86, 86, 86, 86, + 2098, 86, 2097, 2092, 86, 2100, 2099, 2087, 2104, 2102, + 86, 86, 86, 2101, 2089, 2093, 2095, 2096, 2091, 2103, + 86, 2094, 86, 86, 171, 2108, 2105, 2098, 2106, 2097, + 2107, 86, 2100, 2099, 86, 86, 2102, 86, 86, 2109, + 2101, 2110, 2111, 86, 2112, 2113, 2103, 2116, 2114, 2117, + 2120, 2115, 86, 2105, 86, 2106, 86, 2107, 86, 86, + 86, 86, 86, 2119, 86, 2118, 2109, 2121, 2110, 2111, + + 2123, 2112, 2113, 2122, 86, 2114, 2117, 86, 2115, 86, + 86, 2124, 2126, 2125, 86, 2127, 2129, 3777, 2131, 2128, + 2119, 86, 2118, 2130, 2121, 86, 2133, 86, 2149, 2135, + 2122, 86, 2132, 86, 86, 86, 2136, 86, 2124, 2134, + 2125, 86, 86, 2129, 86, 2131, 2128, 86, 86, 2137, + 2130, 86, 2139, 2133, 2138, 2140, 2135, 2141, 86, 2132, + 86, 2143, 2147, 2136, 86, 2144, 2134, 86, 86, 86, + 2142, 2146, 2145, 2148, 86, 86, 2137, 86, 2155, 2139, + 2150, 2138, 2140, 2151, 2141, 86, 86, 86, 2143, 2147, + 2154, 2156, 2144, 86, 86, 2152, 2153, 2142, 2146, 2145, + + 86, 86, 2159, 86, 86, 2155, 2157, 2150, 2158, 2160, + 2151, 2161, 2163, 2162, 2170, 2164, 86, 2154, 2156, 86, + 86, 2165, 2152, 2153, 2166, 2167, 2168, 86, 86, 2159, + 86, 86, 2169, 2157, 2171, 2158, 86, 2172, 86, 86, + 2162, 86, 2164, 2174, 2176, 2173, 86, 2177, 2165, 86, + 2179, 2166, 2167, 86, 86, 86, 2175, 2178, 86, 2169, + 86, 2171, 2182, 2180, 2181, 2185, 86, 2183, 3777, 86, + 86, 2176, 2173, 2186, 2177, 86, 2184, 86, 2187, 86, + 2188, 86, 86, 2175, 2178, 2189, 86, 86, 3777, 86, + 2180, 2181, 2185, 2197, 2183, 86, 2202, 3777, 2209, 2194, + + 2186, 2203, 86, 2184, 86, 2187, 86, 2188, 2190, 2191, + 2192, 2195, 2196, 2200, 2198, 2193, 3777, 86, 2204, 86, + 86, 86, 2199, 86, 2201, 86, 2194, 2206, 86, 86, + 86, 86, 2205, 86, 2207, 2190, 2191, 2192, 2195, 2196, + 2200, 2198, 2193, 2208, 86, 2204, 86, 2210, 2213, 2199, + 86, 2201, 86, 2211, 2206, 86, 2212, 2214, 86, 2205, + 86, 2207, 86, 2215, 2216, 86, 2218, 2217, 2219, 2220, + 2208, 86, 86, 2221, 2210, 86, 86, 2222, 2226, 86, + 2211, 2223, 2225, 2212, 2214, 2224, 2230, 2228, 86, 86, + 2215, 2216, 86, 2218, 2217, 86, 2220, 2227, 86, 86, + + 86, 2231, 2229, 86, 2222, 86, 2232, 86, 2223, 2225, + 86, 2233, 2224, 86, 2228, 86, 2234, 2237, 86, 2235, + 86, 2236, 2238, 86, 2227, 2239, 2240, 3777, 2231, 2229, + 2242, 86, 2241, 2232, 86, 3777, 86, 2245, 2233, 2246, + 2244, 2248, 2261, 2234, 86, 2247, 2235, 86, 2236, 2238, + 2243, 2249, 2239, 86, 86, 3777, 3777, 86, 86, 2241, + 86, 2250, 86, 2251, 86, 2255, 2246, 2244, 2252, 86, + 2256, 2254, 2247, 86, 86, 2253, 2257, 2243, 86, 86, + 86, 86, 86, 86, 2258, 86, 2259, 86, 2250, 86, + 2251, 2260, 2255, 86, 2262, 2252, 2265, 2256, 2254, 3777, + + 86, 2263, 2253, 2257, 2264, 2268, 2270, 2267, 86, 3777, + 86, 2258, 2266, 2259, 86, 2269, 86, 86, 2260, 86, + 2275, 2271, 2272, 2265, 86, 2276, 86, 2274, 2263, 2273, + 86, 2264, 2268, 86, 2267, 86, 2277, 86, 2279, 2266, + 2278, 86, 2269, 86, 2280, 2281, 2284, 2275, 2271, 2272, + 2282, 86, 2276, 2285, 2274, 2283, 2273, 86, 86, 86, + 3777, 2286, 86, 2277, 2288, 86, 86, 2278, 86, 2289, + 2287, 2280, 2281, 86, 86, 2292, 86, 2282, 86, 2295, + 2285, 2296, 2283, 2290, 2293, 2291, 86, 2294, 2286, 2297, + 86, 2288, 86, 86, 2298, 86, 2289, 2287, 2303, 86, + + 2299, 86, 2309, 2305, 2300, 86, 2295, 86, 2296, 2306, + 2290, 2293, 2291, 2301, 2294, 2304, 86, 2310, 2302, 2307, + 86, 2298, 86, 86, 2308, 2303, 2312, 2299, 2313, 86, + 86, 2300, 2311, 86, 86, 2314, 86, 86, 2316, 2315, + 2301, 2317, 2304, 86, 2318, 2302, 2320, 2322, 86, 86, + 2319, 86, 86, 2312, 86, 2313, 86, 2321, 2323, 2311, + 2326, 86, 86, 2331, 2324, 2316, 2315, 86, 2317, 2325, + 86, 2318, 86, 2327, 2328, 2329, 86, 2319, 86, 86, + 2332, 2330, 171, 86, 2321, 86, 2333, 2326, 86, 86, + 86, 2324, 2334, 2335, 2337, 2338, 2325, 2340, 2336, 3777, + + 2327, 2328, 2329, 86, 86, 86, 2339, 2332, 2330, 2341, + 2342, 2343, 86, 2333, 2345, 2344, 86, 2346, 86, 86, + 86, 2350, 2338, 2355, 2340, 2336, 86, 86, 86, 86, + 2347, 2348, 86, 2339, 2349, 2351, 2341, 2342, 86, 86, + 2354, 2345, 2344, 86, 2346, 86, 86, 2352, 86, 2353, + 86, 2358, 2356, 86, 2357, 2359, 86, 2347, 2348, 86, + 86, 2349, 2351, 86, 86, 2360, 2362, 2354, 2361, 86, + 2366, 86, 86, 2364, 2352, 2363, 2353, 2365, 2358, 2356, + 2369, 2357, 2359, 86, 86, 2367, 86, 2370, 86, 86, + 86, 86, 2360, 2373, 2372, 2361, 2368, 2366, 86, 2371, + + 2364, 86, 2363, 2375, 2365, 86, 2374, 2369, 2378, 2376, + 2377, 86, 2367, 2379, 2370, 86, 2381, 86, 86, 86, + 2373, 2372, 86, 2368, 86, 2380, 2371, 86, 2382, 2384, + 2375, 2383, 86, 2374, 2385, 2378, 2376, 2377, 2386, 86, + 86, 86, 86, 2381, 2387, 3777, 2388, 86, 3777, 86, + 2389, 2390, 2380, 2391, 86, 2382, 2384, 2392, 2383, 2394, + 2393, 2385, 86, 2395, 86, 2396, 2398, 2397, 2399, 86, + 86, 2387, 86, 2388, 3777, 86, 2400, 2389, 2390, 86, + 2391, 86, 2403, 2442, 86, 3777, 86, 2393, 86, 86, + 2395, 2404, 2396, 2402, 2397, 2399, 86, 2401, 86, 2405, + + 86, 2406, 86, 2400, 2407, 2412, 2408, 86, 86, 2403, + 2409, 2414, 2410, 2411, 86, 86, 2415, 86, 2404, 86, + 2402, 86, 86, 86, 2401, 2424, 2405, 86, 2406, 2413, + 2416, 2407, 2412, 2408, 86, 2421, 2423, 2409, 2425, 2410, + 2411, 86, 86, 86, 2417, 2418, 2422, 86, 2419, 2431, + 86, 86, 86, 2426, 2427, 2428, 2413, 2416, 3777, 2429, + 86, 2420, 2421, 2423, 2434, 2425, 86, 2430, 2433, 86, + 2432, 2417, 2418, 2422, 86, 2419, 2431, 86, 86, 86, + 2426, 2427, 2428, 2435, 86, 2437, 2429, 2436, 2420, 86, + 86, 2434, 2438, 2439, 2430, 2433, 86, 2432, 2440, 2444, + + 2445, 86, 2441, 86, 2443, 2446, 86, 86, 2448, 86, + 2435, 86, 2437, 86, 2436, 2447, 86, 2450, 86, 2438, + 2439, 2449, 2455, 2451, 86, 2440, 2444, 2445, 2452, 2441, + 86, 2443, 86, 2454, 2453, 2448, 2456, 86, 2457, 86, + 86, 2458, 2447, 86, 2450, 86, 86, 2461, 2449, 2465, + 2451, 2462, 86, 2466, 86, 2452, 86, 2459, 86, 86, + 2454, 2453, 2460, 2456, 2463, 2457, 86, 2464, 2458, 2467, + 2470, 2468, 2472, 2471, 2461, 2534, 86, 86, 2462, 86, + 2466, 2469, 86, 86, 2473, 86, 2476, 2501, 86, 86, + 2477, 2463, 2478, 86, 2464, 86, 2467, 86, 2468, 2472, + + 2471, 2474, 86, 2479, 2480, 86, 2482, 86, 2469, 2475, + 2481, 2473, 2483, 86, 86, 86, 3777, 2477, 86, 2478, + 86, 2486, 86, 2484, 3777, 2495, 2485, 2490, 2474, 86, + 2479, 2480, 86, 2482, 2487, 86, 2475, 2481, 2488, 2483, + 86, 86, 86, 2489, 2491, 2492, 86, 86, 2486, 2493, + 2484, 2494, 2495, 2485, 2490, 2496, 2498, 3777, 3777, 2497, + 86, 2487, 86, 86, 3777, 2502, 86, 2500, 2499, 2508, + 86, 2491, 2492, 86, 86, 86, 2493, 86, 2494, 2503, + 2504, 86, 2496, 2498, 2507, 86, 2497, 2505, 86, 86, + 2509, 2506, 2502, 86, 2500, 2499, 2508, 86, 86, 2513, + + 2510, 2511, 2512, 2514, 2515, 3777, 2503, 2504, 3777, 86, + 2516, 2507, 86, 2519, 2505, 86, 86, 2509, 2506, 86, + 2517, 86, 86, 2521, 2525, 86, 2513, 2510, 2511, 2512, + 2514, 2515, 2520, 2518, 86, 86, 86, 2516, 2524, 2522, + 2519, 86, 2523, 2526, 86, 2527, 2528, 2517, 86, 2529, + 2521, 86, 2530, 3777, 2532, 86, 86, 86, 2531, 2520, + 2518, 86, 2535, 2533, 2538, 2524, 2522, 171, 86, 2523, + 2526, 86, 86, 2528, 2539, 86, 2529, 2536, 2540, 2530, + 86, 2532, 2537, 2543, 2541, 2531, 2542, 2548, 3777, 2535, + 2533, 2549, 3777, 86, 2544, 2551, 86, 2547, 2552, 2554, + + 2555, 2550, 86, 86, 86, 2540, 86, 2553, 2545, 86, + 86, 2541, 2557, 2542, 86, 86, 86, 86, 2549, 2546, + 86, 2544, 2551, 2556, 2547, 86, 2554, 86, 2550, 86, + 86, 2558, 2559, 2560, 2553, 2545, 2561, 3777, 2562, 86, + 86, 2565, 2563, 86, 86, 86, 2546, 2564, 2566, 2572, + 2556, 86, 2567, 86, 86, 2568, 86, 3777, 2558, 2559, + 2560, 86, 2570, 2561, 86, 2562, 86, 2571, 2565, 2563, + 86, 2569, 86, 2573, 2564, 2566, 86, 2575, 86, 2567, + 2574, 2576, 2568, 2580, 86, 2577, 86, 2579, 2578, 2570, + 86, 86, 86, 2584, 2571, 2581, 86, 86, 2569, 86, + + 2573, 3777, 86, 2586, 2575, 2582, 2585, 2574, 2576, 2583, + 2580, 86, 2577, 2587, 2579, 2578, 2588, 86, 86, 86, + 86, 86, 2581, 2589, 86, 86, 2590, 86, 2592, 86, + 2586, 2591, 2582, 2585, 86, 2594, 2583, 2593, 2595, 86, + 2587, 86, 2596, 2588, 2597, 2598, 2600, 2666, 2599, 3777, + 2589, 2601, 86, 2590, 2603, 2592, 86, 3777, 2591, 86, + 2604, 86, 2594, 2611, 2593, 2605, 2606, 86, 2610, 2613, + 86, 2597, 2598, 2600, 86, 2599, 86, 2602, 2601, 86, + 86, 86, 86, 2607, 86, 2608, 86, 2604, 2609, 86, + 86, 2612, 2605, 2606, 86, 2610, 86, 2614, 86, 2615, + + 2616, 2619, 86, 2617, 2602, 2620, 2618, 2621, 3777, 86, + 2607, 86, 2608, 2622, 86, 2609, 86, 2623, 2612, 86, + 2624, 2625, 2626, 2627, 2614, 3777, 2615, 2616, 86, 86, + 2617, 86, 2620, 2618, 2621, 86, 2628, 2632, 2633, 86, + 2622, 2631, 2635, 2634, 2623, 86, 2629, 2624, 86, 86, + 2627, 86, 2630, 86, 2637, 2638, 86, 2636, 86, 86, + 2640, 2639, 2641, 2628, 86, 86, 86, 86, 2631, 86, + 2634, 2644, 2642, 2629, 2643, 2646, 2645, 2647, 2650, 2630, + 2652, 86, 2638, 86, 2636, 86, 86, 86, 2639, 86, + 86, 2649, 86, 2654, 2659, 2655, 3777, 86, 2644, 2642, + + 2648, 2643, 86, 2645, 2647, 86, 2651, 86, 86, 2662, + 2653, 2656, 2661, 86, 86, 86, 86, 2657, 2649, 86, + 2654, 86, 2655, 2660, 86, 2665, 3777, 2648, 2663, 2672, + 2668, 86, 2658, 2651, 86, 86, 2662, 2653, 2656, 2661, + 86, 2664, 86, 86, 2657, 2674, 2667, 2669, 2670, 86, + 2660, 86, 86, 86, 2671, 2663, 86, 2668, 2673, 2658, + 86, 2678, 2680, 2679, 2675, 2681, 86, 86, 2664, 2676, + 86, 2682, 2674, 2667, 2669, 2670, 86, 86, 86, 2686, + 86, 2671, 86, 2677, 2683, 2673, 2687, 2684, 86, 2680, + 2679, 2675, 2681, 86, 2688, 86, 2676, 2692, 2682, 86, + + 2685, 86, 3777, 2693, 86, 86, 2686, 2689, 3777, 3777, + 2677, 2683, 3777, 2687, 2684, 2694, 2695, 2696, 86, 86, + 3777, 2688, 2690, 2697, 2691, 86, 2698, 2685, 2700, 86, + 2693, 86, 2701, 2707, 2689, 2699, 2703, 86, 86, 86, + 86, 86, 2694, 2695, 2696, 2704, 86, 2702, 86, 2690, + 2697, 2691, 2706, 2698, 86, 2700, 2705, 2708, 86, 2701, + 2709, 2710, 2699, 2703, 86, 86, 86, 86, 2711, 2712, + 2713, 2715, 2704, 86, 2702, 2714, 2718, 86, 86, 2706, + 2716, 2719, 2722, 2705, 2723, 86, 2717, 2709, 2710, 86, + 2724, 86, 86, 86, 86, 86, 2712, 2713, 2715, 86, + + 86, 2720, 2714, 2718, 86, 2721, 2725, 2716, 2719, 2722, + 2726, 2727, 2728, 2717, 2729, 2730, 86, 86, 86, 86, + 3777, 2735, 86, 86, 2733, 3777, 2731, 2740, 2720, 86, + 86, 2734, 2721, 2725, 2732, 3777, 3777, 2726, 2727, 2728, + 86, 2729, 86, 171, 2738, 2739, 2742, 86, 2735, 2751, + 2743, 2733, 86, 2731, 86, 86, 86, 86, 2734, 2744, + 2736, 2732, 2737, 2741, 86, 86, 2745, 86, 2746, 2748, + 86, 2738, 2739, 2742, 2747, 86, 86, 2743, 86, 2750, + 2753, 2749, 3777, 86, 2752, 2754, 2744, 2736, 86, 2737, + 2741, 86, 2755, 2745, 86, 2746, 2748, 2756, 86, 2757, + + 2758, 2747, 3777, 2759, 2766, 2762, 2750, 86, 2749, 86, + 86, 2752, 2754, 2760, 86, 2761, 2764, 2768, 86, 2755, + 86, 2763, 3777, 2765, 86, 2767, 86, 2758, 2769, 86, + 86, 86, 2762, 2770, 86, 2771, 86, 2772, 86, 86, + 2760, 86, 2761, 2764, 2768, 2773, 2777, 2774, 2763, 86, + 2765, 86, 2767, 2775, 2776, 2769, 2778, 86, 3777, 86, + 2770, 86, 86, 2779, 2772, 86, 2780, 86, 2781, 86, + 2787, 86, 2773, 2777, 2774, 86, 2784, 86, 2782, 2783, + 2775, 2776, 2790, 86, 2785, 86, 86, 2786, 86, 86, + 2779, 2788, 86, 2780, 86, 2781, 3777, 2787, 2789, 3777, + + 2791, 2792, 2795, 2784, 2793, 2782, 2783, 86, 86, 2790, + 86, 2785, 86, 2794, 2786, 2797, 2796, 2798, 2801, 86, + 2802, 86, 86, 86, 86, 2789, 86, 2791, 2792, 2795, + 2799, 2793, 86, 2800, 2803, 3777, 2805, 2804, 2806, 3777, + 2794, 86, 86, 2796, 2798, 2807, 2817, 2808, 3777, 2810, + 86, 86, 86, 86, 86, 86, 2809, 2799, 86, 2812, + 2800, 2803, 86, 2805, 2804, 2806, 2811, 2813, 2814, 86, + 2815, 86, 2807, 86, 2808, 86, 2810, 2816, 86, 2819, + 86, 2821, 3777, 2809, 2818, 2820, 2812, 2825, 2823, 2822, + 86, 86, 2833, 2811, 2813, 2814, 86, 2815, 86, 86, + + 86, 86, 2824, 86, 2816, 2829, 86, 2831, 86, 86, + 2827, 2818, 2820, 86, 2825, 2823, 2822, 2826, 86, 86, + 2828, 2830, 2832, 2834, 86, 2835, 86, 86, 2836, 2824, + 86, 2837, 2829, 2839, 86, 2838, 86, 2827, 2841, 86, + 2840, 86, 2843, 86, 2826, 2844, 2842, 2828, 2830, 86, + 2834, 86, 2835, 86, 2846, 2836, 86, 86, 2837, 2845, + 2839, 86, 2838, 2847, 86, 2841, 2849, 2840, 3777, 86, + 2848, 2850, 2844, 2842, 2852, 86, 2851, 86, 86, 86, + 2855, 2846, 86, 2853, 2854, 2857, 2845, 2856, 2860, 86, + 2859, 86, 3777, 2849, 2858, 86, 2864, 2848, 86, 86, + + 86, 2852, 2862, 2851, 2861, 2863, 86, 2855, 3777, 86, + 2853, 2854, 86, 86, 2856, 2860, 86, 2859, 86, 2866, + 2865, 2858, 2867, 2864, 86, 2871, 2870, 2872, 2868, 2862, + 86, 2861, 2863, 86, 86, 86, 2869, 2873, 2874, 86, + 2875, 2876, 2878, 86, 86, 2877, 2866, 2865, 86, 2867, + 2880, 86, 86, 2870, 2872, 2868, 86, 2879, 3777, 2881, + 3777, 2882, 3777, 2869, 86, 86, 2883, 86, 2876, 2878, + 86, 2884, 2877, 2886, 2885, 2889, 86, 2880, 86, 86, + 86, 86, 2891, 2888, 2879, 86, 2881, 86, 2882, 86, + 2887, 2890, 2892, 2883, 86, 2893, 86, 2894, 2884, 86, + + 2886, 2885, 86, 2896, 2899, 2895, 2897, 2898, 2900, 86, + 2888, 86, 2902, 2904, 86, 86, 3777, 2887, 2890, 86, + 86, 86, 2893, 86, 86, 2903, 86, 2905, 86, 2901, + 2896, 2899, 2895, 2897, 2898, 2900, 86, 2906, 2909, 86, + 86, 2907, 2908, 86, 86, 86, 2911, 2912, 2910, 3777, + 2913, 86, 2903, 86, 2905, 86, 2901, 2917, 2915, 3777, + 2914, 3777, 171, 2924, 2906, 2909, 86, 2916, 2907, 2908, + 86, 86, 2920, 2911, 2912, 2910, 86, 2913, 86, 86, + 2921, 2918, 2922, 2923, 2917, 2915, 86, 2914, 2919, 2925, + 86, 2926, 86, 86, 2916, 2927, 86, 2928, 2930, 2920, + + 3777, 2932, 2929, 3777, 86, 86, 3777, 2921, 2918, 2922, + 2923, 86, 2931, 86, 86, 2919, 86, 86, 2926, 2933, + 86, 86, 2927, 86, 2928, 2930, 86, 2934, 2932, 2929, + 2935, 2936, 2937, 2938, 2940, 86, 86, 2939, 86, 2931, + 86, 86, 2941, 2942, 3777, 2943, 2933, 2945, 2948, 3777, + 86, 86, 86, 2944, 2934, 2946, 2949, 2935, 2936, 2937, + 2938, 2940, 86, 2950, 2939, 2951, 86, 2955, 86, 2941, + 2942, 86, 2943, 2947, 86, 2948, 86, 2952, 86, 2953, + 2944, 86, 2946, 86, 2954, 2956, 86, 86, 86, 2957, + 2950, 2959, 86, 86, 2955, 2960, 2958, 86, 86, 2962, + + 2947, 2961, 86, 86, 2952, 86, 2953, 2963, 2964, 2967, + 2965, 2954, 2956, 2968, 2969, 3777, 2957, 86, 2959, 86, + 2966, 2970, 2960, 2958, 86, 2977, 2962, 2976, 2961, 86, + 86, 2973, 2975, 2971, 86, 86, 2967, 2965, 2974, 2972, + 86, 86, 86, 86, 2978, 86, 86, 2966, 86, 86, + 2979, 86, 86, 86, 2976, 2980, 2981, 86, 2973, 2975, + 2971, 2983, 86, 2982, 2984, 2974, 2972, 2985, 86, 2986, + 2987, 2978, 86, 2988, 3777, 2990, 2989, 2979, 2993, 86, + 3777, 2991, 2980, 2981, 86, 86, 86, 2994, 2983, 86, + 2982, 2984, 86, 86, 2985, 86, 86, 2987, 2992, 2995, + + 86, 2996, 2990, 2989, 2997, 2993, 86, 2998, 2991, 86, + 2999, 86, 3000, 86, 2994, 86, 3001, 86, 3002, 3005, + 3003, 86, 3006, 86, 3004, 2992, 2995, 3008, 2996, 3007, + 3009, 2997, 86, 86, 2998, 3012, 3010, 2999, 86, 3000, + 86, 86, 86, 3001, 3011, 86, 86, 3003, 86, 3006, + 86, 3004, 3013, 3014, 3008, 3018, 3007, 3009, 86, 3016, + 3015, 3017, 3012, 3010, 3020, 86, 86, 86, 3019, 86, + 3021, 3011, 86, 3023, 86, 86, 3022, 3777, 3024, 86, + 3014, 3025, 3018, 3027, 3026, 86, 3016, 3015, 3017, 3029, + 3028, 86, 86, 3033, 86, 3019, 86, 3021, 3030, 3031, + + 3023, 3035, 3038, 3022, 86, 3024, 3032, 86, 86, 86, + 86, 3026, 86, 86, 86, 3034, 3029, 3028, 3036, 3037, + 86, 86, 3042, 3039, 86, 3030, 3031, 86, 3035, 86, + 3040, 3045, 3046, 3032, 3041, 3043, 86, 86, 3044, 86, + 86, 3048, 3034, 3047, 86, 3036, 3037, 3049, 86, 3042, + 3039, 3050, 3053, 86, 3051, 86, 86, 3040, 86, 3046, + 3052, 3041, 3043, 3058, 3054, 3044, 3055, 86, 86, 86, + 3047, 86, 86, 86, 3049, 3056, 3057, 3059, 3050, 3053, + 3060, 3051, 86, 3061, 86, 86, 3062, 3052, 86, 3063, + 3058, 3054, 86, 3055, 86, 3065, 3777, 3064, 3066, 86, + + 3068, 3067, 3056, 3057, 3059, 86, 3069, 3060, 3070, 86, + 86, 86, 3071, 86, 3073, 86, 3063, 3072, 86, 3075, + 3074, 3076, 171, 86, 3064, 3066, 86, 3068, 3067, 3078, + 3079, 3077, 3080, 3069, 86, 3085, 3092, 3081, 3082, 3071, + 86, 3073, 86, 86, 3072, 86, 86, 3074, 86, 3083, + 3084, 3086, 3088, 3087, 86, 3093, 86, 3079, 3077, 3096, + 86, 3089, 3090, 86, 86, 3082, 3091, 86, 86, 3094, + 86, 86, 86, 86, 86, 86, 3083, 3084, 3086, 3088, + 3087, 86, 3095, 3097, 3098, 3100, 86, 86, 3089, 3090, + 3099, 86, 3777, 3091, 3101, 3104, 3094, 86, 3102, 3105, + + 86, 3103, 3111, 86, 86, 3108, 86, 3110, 3113, 3095, + 3097, 3098, 3100, 86, 86, 3106, 86, 3099, 3107, 3109, + 86, 3101, 3104, 86, 86, 3102, 3105, 3114, 3103, 3111, + 86, 86, 3108, 86, 3110, 3112, 86, 86, 3119, 3115, + 86, 3120, 3106, 3116, 86, 3107, 3109, 86, 86, 3117, + 86, 3118, 3121, 3122, 3114, 3123, 86, 3124, 3777, 86, + 86, 86, 3112, 3125, 3128, 86, 3115, 3126, 3120, 3127, + 3116, 86, 3777, 86, 3130, 86, 3117, 3132, 3118, 3121, + 3122, 86, 3123, 86, 3124, 86, 86, 3129, 3133, 3135, + 3125, 86, 3131, 3136, 3126, 86, 3127, 3138, 3777, 86, + + 86, 3130, 3137, 3134, 3132, 86, 86, 3139, 3140, 3141, + 86, 3142, 3777, 86, 3129, 86, 3144, 3145, 3143, 3131, + 3146, 86, 3147, 3777, 3138, 86, 3151, 3148, 86, 3137, + 3134, 86, 3149, 3777, 86, 86, 3141, 3153, 3142, 86, + 86, 86, 3150, 3144, 3145, 3143, 86, 3154, 3152, 3147, + 86, 3155, 86, 86, 3148, 86, 86, 3156, 3157, 3149, + 86, 86, 3158, 86, 3153, 3159, 3161, 3160, 3162, 3150, + 3163, 3777, 3164, 3170, 3154, 3152, 3165, 3167, 86, 86, + 86, 3166, 3168, 3174, 3156, 86, 86, 3169, 86, 86, + 86, 3173, 86, 3161, 3160, 3162, 86, 86, 86, 3164, + + 3170, 3175, 86, 3165, 3171, 3172, 3176, 3178, 3166, 86, + 86, 86, 86, 3177, 3169, 3179, 3180, 86, 3173, 3183, + 3182, 86, 3184, 3185, 3186, 3187, 3181, 86, 86, 86, + 3188, 3171, 3172, 86, 3178, 86, 86, 86, 3191, 3192, + 3177, 3194, 3179, 86, 86, 3189, 86, 3182, 86, 3184, + 86, 3186, 86, 3181, 86, 3190, 3193, 3188, 3195, 3196, + 3199, 3198, 3200, 3201, 3197, 86, 86, 86, 86, 86, + 86, 3202, 3189, 86, 3203, 3204, 86, 3205, 3206, 86, + 86, 3211, 3190, 3193, 86, 3195, 3208, 3199, 3198, 3200, + 3201, 86, 3207, 3209, 3210, 86, 3212, 3213, 86, 3217, + + 86, 3203, 3204, 86, 86, 3206, 86, 86, 3211, 3214, + 86, 86, 86, 3208, 3218, 3216, 3215, 3219, 86, 3207, + 3209, 3210, 86, 3212, 3213, 86, 3217, 3220, 3224, 3223, + 86, 86, 3222, 3225, 3227, 3221, 3214, 86, 3226, 3228, + 3229, 86, 3216, 3215, 3219, 86, 3230, 86, 86, 3231, + 3236, 86, 3232, 3777, 3220, 3224, 3223, 3233, 3237, 3222, + 3234, 86, 3221, 3235, 3238, 86, 86, 3229, 3239, 86, + 3240, 86, 3777, 86, 3242, 86, 3231, 3236, 86, 3232, + 86, 3241, 3244, 86, 3233, 3237, 86, 3234, 86, 86, + 3235, 3238, 3243, 3245, 86, 3239, 86, 3240, 3246, 3247, + + 86, 3242, 3249, 3248, 86, 86, 86, 3250, 3241, 3244, + 86, 86, 3251, 3253, 3254, 3252, 3255, 3257, 3259, 3243, + 3245, 3777, 3256, 3261, 3260, 3246, 3247, 86, 3258, 86, + 3248, 86, 3264, 3268, 86, 86, 86, 3269, 86, 3251, + 86, 3254, 3252, 3255, 86, 86, 86, 3262, 86, 3256, + 86, 3260, 3263, 3265, 3266, 3258, 3777, 3267, 3777, 86, + 86, 3272, 3270, 3274, 86, 86, 86, 3273, 3271, 86, + 86, 86, 86, 3276, 3262, 86, 3280, 3283, 3277, 3263, + 3265, 3266, 3278, 86, 3267, 86, 86, 3777, 3272, 3270, + 3274, 3275, 3279, 3282, 3273, 3271, 86, 3285, 86, 86, + + 3281, 3284, 3289, 3280, 86, 86, 3290, 3288, 3286, 3278, + 86, 3287, 86, 86, 86, 86, 86, 3293, 3275, 3279, + 3282, 86, 3291, 3292, 86, 3295, 3298, 3281, 3284, 86, + 3296, 3777, 86, 86, 3288, 3286, 3297, 3294, 3287, 86, + 86, 3299, 3304, 86, 3293, 3300, 3310, 86, 86, 3291, + 3311, 86, 3295, 3301, 3302, 86, 86, 3296, 86, 3303, + 86, 3305, 3312, 3297, 3294, 3306, 3777, 3308, 3299, 3304, + 3309, 3307, 3300, 86, 3315, 86, 86, 86, 3313, 86, + 3301, 3302, 86, 86, 86, 86, 3303, 3316, 3305, 86, + 3318, 3317, 3306, 86, 3308, 3314, 86, 3309, 3307, 3319, + + 3320, 3315, 86, 3322, 3321, 3313, 3324, 3326, 3328, 86, + 3323, 3325, 86, 86, 3316, 3777, 86, 3318, 86, 3329, + 86, 86, 3314, 86, 3777, 3330, 3319, 86, 86, 3331, + 3322, 3321, 3327, 3324, 86, 86, 3332, 3323, 3325, 86, + 3333, 3334, 86, 3335, 3337, 3777, 3329, 86, 86, 3777, + 3336, 86, 3330, 86, 3343, 86, 3331, 86, 3338, 3327, + 3339, 3340, 86, 3332, 3342, 86, 3341, 3333, 3334, 3777, + 3335, 86, 86, 3345, 86, 86, 3344, 3336, 3349, 3346, + 3350, 3343, 86, 3347, 86, 3338, 3353, 3339, 3340, 86, + 86, 3342, 86, 3341, 3354, 3348, 3352, 86, 86, 3351, + + 3345, 86, 86, 3344, 86, 3349, 3346, 3350, 86, 3355, + 3347, 3356, 3358, 86, 3359, 3360, 3357, 86, 3361, 3363, + 3364, 86, 3348, 3352, 3362, 86, 3351, 3365, 3366, 3367, + 86, 86, 3777, 3369, 3371, 86, 3355, 3368, 86, 3358, + 86, 3359, 86, 86, 3372, 86, 86, 3364, 3374, 3777, + 86, 3362, 86, 3373, 3365, 3366, 3367, 86, 3370, 86, + 86, 3371, 3375, 3378, 3368, 86, 3376, 3380, 3377, 3379, + 86, 86, 3381, 3383, 3387, 86, 86, 3777, 86, 3382, + 3373, 86, 3777, 3385, 3388, 3370, 86, 3384, 86, 3375, + 3378, 3389, 86, 3376, 86, 3377, 3379, 3386, 86, 3393, + + 3390, 86, 3391, 86, 86, 86, 3382, 86, 3397, 86, + 3385, 86, 3394, 3395, 3384, 86, 86, 3396, 3389, 3398, + 86, 3392, 3777, 3400, 3386, 3399, 3393, 3390, 3404, 86, + 86, 3401, 86, 3402, 86, 3397, 3405, 3403, 3406, 3394, + 3395, 3407, 3408, 86, 3409, 86, 3398, 3410, 3392, 86, + 86, 86, 3399, 3411, 86, 3404, 3412, 86, 3401, 3413, + 3402, 86, 86, 3405, 3403, 3406, 3414, 3415, 86, 86, + 3416, 3409, 3419, 86, 3420, 86, 3421, 3424, 86, 86, + 3411, 3417, 3418, 3412, 3423, 86, 86, 3425, 86, 86, + 3422, 86, 86, 3414, 3415, 86, 3426, 3427, 86, 86, + + 3428, 3420, 86, 3421, 86, 3429, 3430, 86, 3417, 3418, + 3434, 3423, 3431, 3432, 3425, 86, 3433, 3422, 3435, 3436, + 3441, 3438, 3439, 3426, 3427, 3777, 86, 86, 3442, 3437, + 3440, 86, 86, 86, 86, 3443, 86, 86, 86, 3431, + 3432, 3445, 3444, 3433, 3446, 86, 86, 86, 86, 3439, + 86, 3447, 86, 86, 3452, 3442, 3437, 3440, 3448, 86, + 3449, 3451, 86, 86, 3450, 86, 86, 3453, 86, 3444, + 3457, 86, 86, 3454, 86, 3455, 3456, 86, 3447, 3459, + 86, 3452, 3460, 86, 3461, 3448, 3458, 3449, 3451, 86, + 3462, 3450, 3463, 3465, 86, 3469, 3466, 3457, 3464, 86, + + 3454, 86, 3455, 3456, 86, 86, 86, 86, 3467, 86, + 3468, 3461, 3470, 3458, 3471, 3472, 86, 3462, 86, 3473, + 3465, 3475, 86, 3466, 86, 3464, 3476, 3477, 86, 3474, + 86, 3497, 3478, 3777, 3551, 3467, 86, 3468, 3479, 86, + 86, 3471, 3472, 3480, 86, 3481, 3482, 3483, 3475, 86, + 86, 86, 86, 86, 3477, 86, 3474, 3484, 3485, 3478, + 86, 3486, 86, 86, 3487, 3479, 86, 3489, 86, 86, + 3480, 86, 3481, 3482, 3483, 3488, 86, 86, 86, 3490, + 3777, 3494, 86, 3493, 3484, 3485, 3491, 3492, 3486, 86, + 86, 3487, 3496, 3495, 3489, 3498, 86, 3499, 3777, 86, + + 3502, 3500, 3488, 86, 86, 3503, 3490, 3501, 3494, 3506, + 3493, 3505, 3504, 3491, 3492, 86, 3509, 86, 3507, 3496, + 3495, 86, 3498, 86, 3499, 86, 3511, 86, 3500, 3508, + 3510, 3516, 86, 3520, 3501, 86, 86, 86, 3505, 3504, + 86, 3519, 86, 86, 3521, 3507, 3512, 3513, 3514, 3515, + 3517, 3518, 3777, 86, 3522, 86, 3508, 3510, 86, 3524, + 3520, 3523, 86, 3525, 86, 3526, 3527, 3528, 3519, 3530, + 86, 3521, 86, 86, 86, 86, 3529, 86, 3531, 86, + 3534, 86, 3532, 3533, 3536, 86, 3524, 86, 3523, 86, + 86, 86, 3526, 3527, 3528, 3535, 86, 3538, 86, 3539, + + 86, 3537, 86, 3529, 3540, 3531, 86, 3534, 3542, 3532, + 3533, 3536, 3541, 86, 3543, 3544, 3546, 3545, 86, 3777, + 3549, 86, 3535, 3559, 3538, 3550, 3539, 3777, 3537, 86, + 86, 86, 3555, 3547, 86, 3542, 3548, 3553, 86, 3541, + 3554, 86, 86, 3546, 3545, 3552, 86, 86, 3556, 86, + 3557, 86, 86, 3558, 86, 86, 3561, 3560, 86, 3555, + 3547, 3562, 3563, 3548, 3553, 3564, 3565, 3554, 3566, 3567, + 86, 3570, 3552, 3568, 86, 3556, 3569, 3557, 86, 3571, + 86, 86, 3572, 86, 3560, 86, 3573, 86, 86, 3563, + 3574, 86, 3564, 86, 3575, 3566, 86, 3576, 86, 3577, + + 3568, 3578, 86, 3569, 3579, 3580, 86, 3581, 3583, 86, + 3586, 3582, 3584, 86, 3588, 3585, 3593, 86, 3589, 86, + 3592, 86, 86, 86, 86, 3587, 86, 86, 3578, 86, + 86, 3579, 86, 86, 86, 3583, 3590, 86, 3582, 3584, + 3591, 86, 3585, 86, 3594, 3589, 86, 3592, 3595, 3596, + 86, 3777, 3587, 3597, 3601, 86, 86, 3599, 86, 3598, + 86, 3600, 3602, 3590, 3605, 3604, 3603, 3591, 3608, 3777, + 86, 3594, 86, 3606, 3607, 86, 3596, 86, 86, 86, + 3597, 3601, 86, 86, 3599, 86, 3598, 86, 3600, 86, + 3609, 3605, 3604, 3603, 86, 3608, 3610, 3611, 3777, 3612, + + 3606, 3607, 3613, 86, 3614, 3615, 3616, 3617, 86, 86, + 3618, 86, 3619, 3620, 3621, 3624, 3622, 3609, 3623, 86, + 86, 86, 3646, 3610, 3611, 86, 3612, 86, 3625, 3613, + 86, 3614, 3615, 3616, 3617, 86, 86, 86, 86, 86, + 86, 86, 3624, 3622, 3626, 3623, 3627, 3628, 3629, 86, + 86, 3630, 3631, 3777, 3632, 3625, 3635, 86, 3633, 3634, + 3637, 3777, 86, 86, 86, 86, 3636, 86, 3641, 3651, + 86, 3626, 86, 3627, 3628, 3629, 86, 86, 3630, 3631, + 86, 3632, 3638, 3635, 3639, 3633, 3634, 3637, 3640, 3643, + 86, 3642, 3644, 3636, 86, 3641, 86, 86, 3645, 3648, + + 3647, 3650, 86, 86, 86, 3653, 86, 86, 86, 3638, + 3649, 3639, 3652, 3655, 86, 3640, 3643, 3654, 3642, 3644, + 3656, 86, 3658, 86, 3659, 3645, 3648, 3647, 3650, 86, + 86, 3660, 86, 3657, 3661, 3664, 3662, 3649, 86, 3652, + 86, 86, 3663, 86, 3654, 3668, 3665, 86, 86, 3658, + 3666, 3659, 3667, 86, 86, 3669, 86, 3670, 3660, 86, + 3657, 3661, 86, 3662, 3671, 86, 3672, 86, 3673, 3663, + 3675, 3674, 86, 3665, 86, 3676, 3677, 3666, 86, 3667, + 3678, 3679, 3669, 86, 86, 3680, 3681, 3686, 86, 86, + 3683, 86, 3682, 86, 3684, 86, 3685, 3675, 3674, 3777, + + 86, 86, 86, 3677, 3689, 86, 3688, 3678, 86, 86, + 3687, 86, 3680, 3681, 3686, 3690, 3693, 3692, 86, 3682, + 3777, 3691, 86, 3685, 86, 3695, 86, 86, 86, 86, + 3694, 86, 86, 3688, 3696, 3698, 3699, 3687, 3697, 3700, + 3777, 3703, 86, 3693, 3692, 3701, 86, 86, 3691, 86, + 86, 3702, 3695, 86, 3707, 3777, 86, 3694, 3708, 3777, + 3705, 3696, 3698, 3699, 3704, 3697, 3700, 86, 86, 86, + 3709, 86, 3701, 86, 3706, 3715, 3777, 3710, 3702, 3777, + 86, 86, 86, 3711, 3712, 3708, 3713, 3705, 3714, 3716, + 3717, 3704, 3718, 3724, 3721, 3719, 86, 3777, 3777, 3777, + + 3777, 3706, 86, 86, 3710, 86, 86, 86, 86, 3727, + 3711, 3712, 86, 3713, 86, 3714, 86, 3717, 86, 86, + 3720, 3721, 3719, 3722, 3723, 86, 3725, 3726, 86, 3728, + 3729, 86, 86, 3730, 86, 86, 3727, 3731, 3732, 3777, + 3735, 86, 3738, 86, 3733, 3777, 86, 3720, 86, 3734, + 3722, 3723, 86, 3725, 3726, 3736, 86, 3729, 3737, 86, + 3730, 3739, 3740, 86, 3731, 3732, 86, 3735, 3741, 3738, + 86, 3733, 86, 3742, 3743, 3745, 3734, 86, 3744, 3746, + 3749, 3747, 3736, 86, 3748, 3737, 3777, 86, 3739, 3740, + 3750, 3755, 3751, 3753, 86, 3741, 86, 3777, 86, 86, + + 3742, 3743, 3745, 86, 3757, 3744, 86, 86, 3747, 86, + 86, 3748, 86, 3752, 3754, 86, 3756, 3750, 86, 3751, + 3753, 86, 86, 3758, 86, 3759, 86, 3760, 3777, 3761, + 3762, 3757, 3765, 86, 3763, 86, 3764, 3766, 3768, 3777, + 3752, 3754, 86, 3756, 86, 86, 3767, 3769, 3770, 3771, + 3758, 3775, 3759, 3776, 3760, 86, 3761, 86, 86, 3765, + 3772, 3763, 3773, 3764, 86, 86, 86, 3777, 86, 3774, + 86, 86, 3777, 3767, 86, 3770, 3771, 86, 86, 3777, + 86, 3777, 86, 3777, 3777, 3777, 3777, 3772, 3777, 3773, + 3777, 3777, 3777, 3777, 3777, 3777, 3774, 47, 47, 47, + + 47, 47, 47, 47, 52, 52, 52, 52, 52, 52, + 52, 57, 57, 57, 57, 57, 57, 57, 63, 63, + 63, 63, 63, 63, 63, 68, 68, 68, 68, 68, + 68, 68, 74, 74, 74, 74, 74, 74, 74, 80, + 80, 80, 80, 80, 80, 80, 89, 89, 3777, 89, + 89, 89, 89, 161, 161, 3777, 3777, 3777, 161, 161, + 163, 163, 3777, 3777, 163, 3777, 163, 165, 3777, 3777, + 3777, 3777, 3777, 165, 168, 168, 3777, 3777, 3777, 168, + 168, 170, 3777, 3777, 3777, 3777, 3777, 170, 172, 172, + 3777, 172, 172, 172, 172, 175, 3777, 3777, 3777, 3777, + + 3777, 175, 178, 178, 3777, 3777, 3777, 178, 178, 90, + 90, 3777, 90, 90, 90, 90, 17, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777 } ; -static const flex_int16_t yy_chk[10609] = +static const flex_int16_t yy_chk[10784] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -2821,1162 +2872,1181 @@ static const flex_int16_t yy_chk[10609] = 7, 7, 7, 33, 7, 8, 8, 8, 8, 32, 8, 9, 9, 9, 10, 10, 10, 19, 51, 51, - 1150, 19, 3690, 3, 32, 33, 4, 67, 67, 5, - 33, 6, 2990, 13, 13, 13, 13, 7, 13, 14, + 3785, 19, 233, 3, 32, 33, 4, 67, 67, 5, + 33, 6, 3065, 13, 13, 13, 13, 7, 13, 14, 14, 14, 14, 8, 14, 15, 15, 15, 9, 25, - 1150, 10, 11, 11, 11, 11, 11, 11, 12, 12, + 233, 10, 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 16, 16, 16, 34, 28, 84, - 84, 13, 11, 45, 295, 25, 25, 14, 12, 34, - 39, 23, 15, 23, 23, 45, 23, 1162, 28, 177, - 11, 28, 23, 39, 34, 28, 12, 176, 87, 11, - 45, 16, 87, 295, 37, 12, 30, 39, 29, 56, - 37, 174, 56, 72, 30, 28, 26, 169, 100, 23, - - 24, 24, 29, 26, 24, 30, 72, 26, 99, 24, - 26, 37, 30, 30, 29, 29, 100, 99, 24, 167, - 72, 30, 26, 26, 24, 100, 166, 24, 24, 29, - 26, 24, 30, 164, 26, 99, 24, 26, 46, 163, - 46, 46, 163, 46, 162, 24, 27, 160, 31, 46, - 27, 31, 101, 27, 94, 27, 27, 145, 31, 62, - 31, 62, 62, 195, 62, 101, 27, 70, 27, 70, - 70, 31, 70, 27, 94, 31, 35, 27, 31, 101, - 27, 94, 27, 27, 35, 31, 93, 31, 36, 145, - 35, 85, 36, 27, 35, 195, 44, 161, 161, 42, - - 44, 42, 35, 35, 44, 70, 36, 80, 36, 93, - 42, 35, 75, 93, 36, 36, 42, 35, 92, 36, - 74, 35, 44, 44, 43, 42, 42, 44, 42, 168, - 168, 44, 68, 36, 43, 36, 38, 42, 43, 43, - 38, 95, 92, 42, 38, 92, 220, 43, 63, 111, - 38, 43, 73, 38, 73, 73, 95, 73, 111, 97, - 38, 43, 38, 38, 104, 43, 43, 38, 95, 104, - 79, 38, 79, 79, 58, 79, 111, 38, 220, 86, - 38, 86, 86, 97, 86, 223, 97, 38, 40, 991, - 86, 104, 40, 89, 96, 89, 89, 112, 89, 98, - - 57, 96, 40, 40, 89, 40, 112, 103, 103, 106, - 105, 52, 98, 47, 40, 40, 103, 223, 105, 40, - 991, 96, 151, 98, 112, 225, 98, 106, 151, 40, - 40, 89, 40, 41, 103, 103, 41, 105, 102, 98, - 107, 106, 108, 41, 102, 109, 102, 41, 41, 151, - 228, 108, 109, 107, 106, 41, 113, 225, 115, 102, - 41, 114, 18, 41, 108, 102, 230, 107, 114, 108, - 41, 102, 109, 102, 41, 41, 110, 110, 108, 113, - 115, 116, 228, 113, 110, 115, 118, 17, 114, 119, - 117, 0, 110, 117, 116, 178, 178, 119, 230, 120, - - 0, 0, 0, 110, 110, 121, 117, 117, 116, 121, - 118, 110, 124, 0, 117, 123, 119, 117, 118, 120, - 117, 120, 122, 125, 126, 121, 120, 122, 123, 121, - 122, 129, 121, 117, 117, 124, 121, 118, 126, 124, - 127, 128, 123, 125, 132, 129, 120, 131, 130, 122, - 125, 126, 121, 132, 122, 130, 133, 134, 129, 128, - 127, 137, 136, 0, 0, 140, 134, 127, 128, 136, - 131, 132, 135, 138, 131, 130, 135, 140, 0, 133, - 138, 139, 135, 133, 134, 141, 141, 137, 137, 136, - 139, 143, 140, 142, 135, 146, 139, 144, 0, 135, - - 138, 142, 143, 135, 139, 148, 143, 232, 139, 135, - 146, 144, 141, 234, 147, 143, 148, 139, 143, 149, - 142, 154, 146, 139, 144, 148, 152, 150, 155, 143, - 149, 147, 148, 143, 147, 150, 154, 152, 153, 232, - 147, 147, 156, 148, 158, 234, 149, 153, 154, 159, - 155, 157, 253, 152, 150, 155, 0, 156, 147, 153, - 157, 147, 159, 153, 0, 153, 158, 173, 0, 156, - 165, 158, 165, 165, 153, 165, 159, 170, 157, 170, - 170, 179, 170, 180, 253, 171, 153, 171, 171, 184, - 171, 173, 181, 175, 173, 175, 175, 180, 175, 182, - - 189, 181, 183, 179, 186, 184, 185, 189, 179, 183, - 187, 182, 186, 188, 190, 180, 184, 193, 192, 181, - 192, 183, 187, 171, 180, 185, 182, 189, 191, 183, - 194, 186, 190, 185, 191, 188, 183, 187, 196, 193, - 188, 190, 196, 199, 193, 192, 198, 200, 0, 202, - 204, 255, 200, 203, 201, 207, 194, 194, 199, 196, - 191, 191, 201, 206, 0, 204, 196, 205, 0, 196, - 199, 202, 198, 198, 205, 203, 202, 204, 207, 200, - 203, 201, 207, 255, 208, 209, 196, 197, 210, 213, - 211, 206, 197, 261, 205, 206, 209, 197, 213, 214, - - 215, 210, 211, 197, 197, 212, 208, 217, 212, 0, - 197, 208, 209, 0, 197, 210, 213, 211, 206, 197, - 212, 214, 215, 221, 197, 261, 214, 215, 0, 217, - 197, 197, 212, 218, 217, 212, 216, 219, 224, 216, - 218, 216, 226, 222, 231, 224, 227, 0, 219, 221, - 221, 237, 227, 216, 222, 216, 226, 229, 237, 0, - 218, 262, 216, 216, 219, 224, 216, 231, 216, 0, - 264, 231, 233, 227, 226, 222, 235, 233, 237, 229, - 216, 222, 216, 226, 229, 236, 238, 239, 240, 241, - 235, 240, 244, 262, 0, 242, 239, 233, 243, 233, - - 246, 239, 264, 235, 233, 245, 236, 238, 241, 242, - 244, 246, 236, 238, 239, 240, 241, 245, 249, 244, - 243, 247, 242, 239, 248, 243, 250, 246, 247, 248, - 256, 251, 245, 252, 0, 250, 259, 256, 252, 257, - 249, 254, 254, 263, 259, 249, 258, 260, 247, 265, - 254, 263, 266, 250, 251, 267, 248, 256, 251, 268, - 252, 257, 269, 259, 265, 266, 257, 260, 254, 254, - 263, 258, 270, 258, 260, 271, 265, 280, 0, 266, - 272, 267, 267, 273, 272, 269, 268, 275, 274, 276, - 277, 278, 271, 281, 269, 275, 0, 277, 284, 282, - - 271, 283, 271, 274, 270, 273, 0, 272, 276, 280, - 273, 291, 269, 278, 275, 274, 276, 277, 278, 271, - 279, 282, 285, 283, 279, 281, 282, 286, 283, 287, - 284, 288, 289, 290, 285, 290, 294, 292, 287, 0, - 286, 293, 299, 291, 288, 297, 296, 279, 298, 285, - 307, 289, 301, 299, 286, 296, 287, 302, 288, 289, - 290, 292, 294, 294, 292, 300, 293, 303, 293, 299, - 304, 297, 297, 296, 298, 298, 301, 300, 305, 301, - 302, 309, 307, 308, 302, 303, 305, 310, 304, 311, - 0, 313, 300, 314, 303, 315, 308, 304, 318, 312, - - 316, 317, 0, 319, 0, 305, 0, 318, 317, 319, - 308, 321, 310, 309, 310, 314, 312, 313, 313, 320, - 314, 311, 312, 322, 316, 318, 312, 315, 317, 324, - 319, 323, 316, 320, 325, 326, 328, 321, 321, 327, - 323, 331, 325, 312, 326, 328, 320, 322, 332, 330, - 322, 316, 324, 329, 333, 345, 324, 337, 323, 336, - 335, 325, 326, 328, 330, 327, 327, 339, 336, 333, - 329, 0, 332, 331, 0, 332, 330, 329, 335, 337, - 329, 333, 345, 352, 337, 340, 336, 335, 341, 0, - 343, 339, 342, 342, 339, 343, 0, 329, 334, 340, - - 344, 334, 356, 341, 356, 350, 334, 334, 334, 334, - 352, 346, 340, 0, 346, 341, 334, 342, 347, 342, - 342, 346, 343, 350, 344, 334, 0, 344, 334, 356, - 347, 348, 350, 334, 334, 334, 334, 338, 346, 338, - 353, 346, 351, 348, 354, 347, 349, 349, 0, 355, - 0, 338, 338, 338, 0, 338, 349, 359, 348, 358, - 351, 338, 353, 363, 338, 357, 338, 353, 0, 351, - 354, 354, 359, 349, 349, 355, 355, 357, 338, 338, - 338, 358, 338, 360, 359, 362, 358, 361, 0, 368, - 377, 360, 357, 367, 361, 363, 366, 362, 364, 0, - - 364, 0, 0, 366, 369, 372, 371, 370, 371, 364, - 360, 0, 362, 370, 361, 367, 364, 377, 372, 376, - 367, 368, 375, 366, 364, 364, 369, 364, 373, 370, - 371, 369, 372, 371, 370, 371, 364, 378, 374, 0, - 370, 373, 382, 364, 373, 0, 373, 0, 375, 375, - 381, 376, 373, 0, 385, 373, 374, 381, 383, 378, - 382, 0, 391, 384, 378, 374, 382, 385, 373, 382, - 383, 373, 387, 373, 379, 384, 379, 381, 0, 388, - 391, 385, 379, 390, 0, 383, 379, 382, 387, 391, - 384, 379, 388, 392, 379, 390, 387, 0, 392, 387, - - 379, 379, 394, 379, 396, 393, 388, 0, 394, 379, - 390, 395, 393, 379, 399, 387, 396, 0, 379, 395, - 398, 379, 380, 397, 380, 392, 393, 410, 398, 394, - 0, 396, 393, 400, 400, 404, 401, 380, 395, 393, - 380, 397, 380, 401, 380, 403, 399, 398, 380, 380, - 397, 380, 402, 404, 403, 0, 0, 404, 0, 410, - 400, 405, 404, 401, 380, 402, 407, 380, 405, 380, - 0, 380, 389, 389, 408, 415, 413, 403, 407, 402, - 404, 403, 389, 389, 389, 389, 389, 406, 405, 389, - 409, 413, 411, 407, 406, 414, 408, 389, 412, 389, - - 389, 408, 409, 413, 416, 412, 416, 415, 414, 389, - 389, 389, 389, 389, 406, 417, 389, 409, 411, 411, - 420, 418, 414, 419, 419, 412, 417, 420, 421, 422, - 0, 416, 423, 424, 0, 425, 426, 426, 0, 421, - 422, 431, 417, 418, 427, 423, 437, 420, 418, 429, - 428, 0, 419, 431, 426, 421, 422, 425, 424, 423, - 424, 426, 425, 426, 426, 428, 430, 427, 431, 432, - 433, 427, 434, 428, 430, 429, 429, 428, 437, 433, - 432, 426, 439, 438, 440, 434, 435, 435, 441, 442, - 451, 444, 428, 430, 0, 446, 432, 433, 435, 434, - - 435, 438, 443, 445, 439, 435, 441, 440, 443, 439, - 438, 440, 444, 435, 435, 441, 447, 451, 444, 446, - 449, 442, 446, 0, 448, 435, 445, 435, 436, 443, - 445, 448, 452, 456, 450, 453, 436, 436, 447, 454, - 436, 436, 455, 447, 436, 457, 449, 449, 450, 453, - 436, 448, 458, 459, 452, 436, 456, 457, 458, 452, - 456, 450, 453, 436, 436, 454, 454, 436, 436, 460, - 462, 436, 457, 461, 455, 459, 463, 464, 465, 458, - 459, 461, 466, 463, 467, 462, 464, 0, 468, 470, - 467, 460, 469, 465, 472, 473, 460, 462, 471, 461, - - 461, 474, 0, 463, 464, 465, 466, 474, 461, 466, - 468, 467, 470, 471, 469, 468, 470, 473, 475, 469, - 472, 472, 473, 478, 476, 471, 480, 481, 474, 476, - 482, 484, 480, 485, 483, 486, 482, 484, 489, 490, - 489, 487, 486, 492, 475, 475, 481, 489, 490, 478, - 478, 476, 483, 480, 481, 485, 487, 482, 484, 493, - 485, 483, 486, 491, 494, 489, 490, 489, 487, 496, - 491, 495, 493, 497, 0, 492, 0, 504, 498, 500, - 499, 501, 0, 499, 503, 502, 493, 511, 0, 495, - 491, 498, 506, 511, 501, 497, 494, 502, 495, 499, - - 497, 496, 503, 500, 507, 498, 500, 499, 501, 504, - 499, 503, 502, 505, 511, 508, 506, 509, 510, 506, - 505, 513, 514, 510, 512, 0, 516, 507, 508, 522, - 515, 521, 518, 517, 514, 522, 507, 516, 521, 509, - 505, 517, 508, 513, 509, 510, 518, 512, 513, 514, - 523, 512, 515, 516, 507, 524, 522, 515, 521, 518, - 517, 519, 523, 525, 527, 0, 519, 526, 519, 528, - 0, 525, 530, 0, 519, 527, 519, 523, 524, 519, - 519, 0, 524, 0, 530, 0, 519, 519, 519, 526, - 525, 527, 528, 519, 526, 519, 528, 531, 529, 530, - - 533, 519, 529, 519, 534, 532, 519, 519, 532, 0, - 535, 538, 536, 519, 534, 538, 532, 531, 533, 531, - 529, 537, 535, 536, 531, 529, 539, 533, 540, 529, - 542, 543, 532, 539, 544, 532, 534, 535, 538, 536, - 541, 534, 541, 543, 531, 537, 546, 545, 537, 544, - 553, 550, 547, 539, 540, 540, 542, 542, 543, 545, - 547, 544, 549, 548, 552, 0, 558, 541, 548, 550, - 555, 553, 546, 546, 545, 551, 552, 553, 550, 547, - 556, 557, 560, 551, 549, 559, 562, 561, 555, 549, - 548, 552, 564, 563, 560, 561, 566, 555, 558, 562, - - 559, 564, 551, 556, 557, 563, 565, 556, 557, 560, - 566, 567, 559, 562, 561, 568, 569, 570, 568, 564, - 563, 571, 572, 566, 573, 574, 0, 575, 576, 565, - 0, 0, 0, 565, 577, 569, 567, 572, 567, 579, - 574, 576, 568, 569, 570, 578, 577, 581, 583, 572, - 580, 575, 574, 571, 575, 576, 573, 580, 581, 582, - 580, 577, 583, 579, 582, 584, 579, 578, 580, 585, - 586, 587, 578, 588, 581, 583, 589, 580, 590, 591, - 592, 0, 593, 590, 580, 0, 592, 580, 591, 594, - 595, 582, 584, 596, 598, 597, 585, 593, 587, 603, - - 588, 596, 586, 599, 0, 602, 591, 592, 589, 593, - 590, 600, 595, 594, 597, 600, 594, 595, 598, 601, - 596, 598, 597, 607, 605, 599, 604, 601, 602, 608, - 599, 603, 602, 604, 606, 616, 609, 610, 600, 0, - 0, 0, 608, 606, 612, 607, 601, 605, 611, 610, - 607, 605, 613, 604, 611, 617, 608, 614, 615, 618, - 613, 606, 609, 609, 610, 615, 612, 616, 614, 620, - 629, 612, 618, 621, 631, 611, 623, 617, 620, 613, - 0, 622, 617, 619, 614, 615, 618, 623, 619, 624, - 622, 619, 619, 626, 630, 625, 620, 627, 631, 621, - - 621, 631, 629, 623, 632, 634, 626, 619, 622, 627, - 619, 624, 630, 633, 635, 619, 624, 625, 619, 619, - 626, 630, 625, 636, 627, 638, 632, 632, 637, 634, - 639, 632, 634, 0, 636, 633, 635, 637, 640, 641, - 633, 635, 642, 643, 639, 638, 641, 651, 644, 645, - 636, 648, 638, 632, 647, 637, 644, 639, 646, 649, - 640, 643, 648, 652, 646, 640, 641, 647, 650, 642, - 643, 645, 653, 654, 654, 644, 645, 649, 648, 651, - 655, 647, 0, 650, 652, 646, 649, 656, 657, 660, - 652, 662, 658, 659, 664, 650, 653, 657, 0, 653, - - 661, 668, 654, 663, 655, 658, 659, 655, 661, 656, - 665, 660, 668, 667, 656, 657, 660, 0, 670, 658, - 659, 673, 666, 662, 666, 663, 664, 661, 668, 671, - 663, 669, 670, 672, 665, 667, 669, 665, 674, 675, - 667, 678, 676, 671, 677, 670, 674, 672, 672, 666, - 679, 677, 680, 673, 682, 672, 671, 675, 681, 0, - 672, 683, 0, 669, 676, 674, 675, 678, 678, 676, - 679, 677, 680, 681, 672, 672, 683, 679, 685, 680, - 684, 688, 681, 685, 689, 681, 682, 686, 683, 687, - 684, 687, 689, 690, 691, 692, 693, 696, 705, 0, - - 681, 694, 684, 691, 692, 693, 688, 684, 688, 694, - 685, 689, 695, 686, 686, 697, 687, 684, 690, 695, - 690, 691, 692, 693, 699, 698, 701, 0, 694, 696, - 705, 703, 700, 702, 704, 701, 699, 707, 697, 695, - 703, 702, 697, 698, 700, 712, 704, 706, 708, 709, - 707, 699, 698, 701, 706, 703, 710, 709, 703, 700, - 702, 704, 710, 708, 707, 711, 714, 703, 712, 713, - 715, 0, 712, 711, 706, 708, 709, 714, 713, 715, - 716, 716, 717, 710, 719, 720, 718, 0, 721, 716, - 717, 0, 711, 714, 718, 722, 713, 715, 720, 727, - - 0, 725, 724, 723, 0, 0, 719, 716, 716, 717, - 724, 719, 720, 718, 721, 721, 723, 725, 722, 726, - 728, 727, 722, 730, 731, 729, 727, 732, 725, 724, - 723, 728, 726, 729, 735, 733, 734, 730, 736, 734, - 739, 0, 743, 0, 731, 0, 726, 728, 737, 732, - 730, 731, 729, 738, 732, 733, 735, 737, 739, 740, - 736, 735, 733, 734, 741, 736, 742, 739, 744, 746, - 745, 747, 740, 738, 743, 737, 749, 752, 754, 751, - 738, 742, 741, 748, 747, 751, 740, 750, 749, 755, - 744, 741, 746, 742, 745, 744, 746, 745, 747, 753, - - 750, 748, 756, 749, 752, 754, 751, 753, 759, 758, - 748, 755, 760, 0, 750, 761, 755, 758, 762, 760, - 756, 763, 764, 763, 765, 753, 753, 766, 768, 756, - 767, 764, 0, 762, 753, 773, 758, 768, 761, 760, - 759, 769, 761, 769, 770, 762, 766, 773, 763, 764, - 767, 770, 0, 776, 766, 768, 765, 767, 779, 782, - 780, 0, 773, 776, 782, 0, 784, 783, 769, 0, - 0, 770, 771, 0, 790, 771, 779, 786, 791, 771, - 776, 780, 771, 790, 784, 779, 782, 780, 783, 771, - 771, 791, 771, 784, 783, 787, 785, 771, 788, 771, - - 786, 790, 771, 0, 786, 791, 771, 785, 792, 771, - 789, 793, 796, 795, 817, 792, 771, 771, 0, 771, - 795, 787, 787, 785, 788, 788, 789, 797, 0, 798, - 799, 0, 0, 797, 796, 792, 801, 789, 798, 796, - 795, 817, 802, 793, 794, 794, 800, 794, 805, 800, - 794, 0, 801, 799, 797, 794, 798, 799, 803, 801, - 805, 794, 794, 801, 802, 804, 803, 807, 812, 802, - 794, 794, 794, 800, 794, 805, 806, 794, 806, 801, - 809, 808, 794, 810, 811, 803, 808, 804, 794, 794, - 812, 807, 804, 813, 807, 812, 811, 819, 815, 814, - - 809, 816, 818, 806, 0, 0, 820, 809, 821, 810, - 810, 811, 819, 808, 820, 824, 0, 825, 832, 813, - 813, 814, 815, 816, 819, 815, 814, 818, 816, 818, - 822, 821, 823, 820, 824, 821, 826, 822, 827, 834, - 823, 828, 824, 825, 825, 829, 830, 831, 826, 833, - 832, 827, 831, 835, 829, 837, 838, 822, 835, 823, - 839, 830, 840, 826, 842, 827, 834, 828, 828, 839, - 840, 833, 829, 830, 831, 843, 833, 837, 844, 841, - 845, 847, 837, 0, 846, 835, 841, 839, 838, 840, - 848, 849, 851, 850, 852, 0, 842, 843, 856, 853, - - 847, 851, 843, 854, 845, 846, 841, 845, 847, 856, - 844, 846, 850, 858, 859, 855, 852, 848, 849, 851, - 850, 852, 853, 854, 855, 856, 853, 857, 860, 861, - 854, 862, 859, 866, 863, 857, 0, 864, 0, 867, - 858, 859, 855, 863, 870, 864, 868, 860, 869, 868, - 871, 866, 873, 0, 857, 860, 861, 867, 872, 0, - 866, 863, 870, 862, 864, 873, 867, 874, 875, 874, - 869, 870, 879, 868, 871, 869, 876, 871, 877, 873, - 872, 880, 882, 877, 878, 872, 875, 0, 881, 883, - 876, 888, 883, 880, 874, 875, 881, 878, 879, 879, - - 882, 887, 890, 876, 884, 892, 885, 0, 880, 882, - 877, 878, 892, 884, 885, 881, 883, 889, 888, 891, - 893, 901, 896, 889, 890, 891, 887, 893, 887, 890, - 885, 884, 892, 885, 894, 895, 898, 902, 0, 894, - 896, 885, 895, 900, 889, 899, 891, 893, 897, 896, - 903, 900, 897, 901, 899, 902, 904, 907, 905, 898, - 906, 894, 895, 898, 902, 903, 905, 904, 909, 908, - 900, 910, 899, 906, 911, 897, 914, 903, 907, 913, - 922, 909, 912, 904, 907, 905, 913, 906, 908, 916, - 912, 923, 915, 910, 914, 909, 908, 917, 910, 915, - - 918, 911, 919, 914, 917, 918, 913, 920, 916, 912, - 919, 921, 922, 924, 920, 925, 916, 926, 921, 915, - 928, 927, 929, 923, 917, 936, 924, 918, 927, 919, - 926, 931, 930, 937, 920, 932, 0, 938, 921, 931, - 924, 933, 941, 932, 926, 934, 0, 925, 927, 935, - 932, 934, 928, 940, 929, 930, 943, 936, 931, 930, - 939, 938, 932, 933, 938, 937, 942, 940, 933, 939, - 932, 0, 934, 942, 941, 935, 935, 944, 945, 946, - 940, 950, 959, 943, 947, 948, 944, 939, 949, 947, - 951, 952, 946, 942, 946, 951, 959, 948, 952, 988, - - 945, 953, 954, 946, 944, 945, 946, 950, 950, 959, - 954, 949, 948, 957, 964, 949, 947, 951, 952, 946, - 960, 946, 956, 953, 961, 956, 957, 960, 953, 954, - 961, 988, 965, 0, 0, 963, 966, 964, 0, 0, - 957, 964, 971, 0, 965, 968, 967, 960, 967, 956, - 0, 961, 962, 970, 962, 969, 0, 989, 962, 965, - 962, 963, 963, 966, 971, 962, 970, 969, 968, 971, - 962, 972, 968, 967, 977, 974, 962, 975, 973, 962, - 970, 962, 969, 973, 972, 962, 977, 962, 976, 989, - 975, 979, 962, 974, 980, 978, 981, 962, 972, 983, - - 976, 977, 974, 985, 975, 978, 979, 982, 986, 981, - 973, 976, 983, 982, 987, 976, 980, 978, 979, 984, - 990, 980, 978, 981, 992, 985, 983, 976, 993, 986, - 985, 994, 978, 993, 982, 986, 987, 984, 997, 994, - 995, 987, 998, 1003, 999, 1000, 984, 990, 0, 995, - 1001, 0, 1002, 997, 0, 993, 992, 999, 994, 1009, - 1000, 0, 1003, 0, 998, 997, 1020, 995, 996, 998, - 1003, 999, 1000, 996, 1002, 996, 1001, 1001, 1004, 1002, - 1006, 996, 1007, 1005, 1010, 0, 996, 996, 1006, 1004, - 1007, 1009, 1008, 996, 996, 996, 1005, 1011, 1020, 0, - - 996, 1016, 996, 1008, 1013, 1004, 1010, 1006, 996, 1007, - 1005, 1010, 1011, 996, 996, 1013, 1012, 1014, 1015, 1008, - 996, 1024, 1018, 1017, 1011, 1012, 1014, 1015, 1016, 1018, - 1021, 1013, 1022, 1023, 1025, 1024, 1026, 0, 1029, 1032, - 1022, 1031, 0, 1012, 1014, 1015, 1017, 0, 1024, 1018, - 1017, 1030, 1031, 1027, 1021, 1023, 1029, 1021, 1026, 1022, - 1023, 1027, 1034, 1026, 1033, 1029, 1025, 0, 1031, 1030, - 1034, 1032, 1035, 1037, 1036, 1039, 1038, 1040, 1030, 1041, - 1027, 1036, 1033, 1038, 1042, 1044, 1037, 0, 1043, 1034, - 1039, 1033, 1051, 1052, 1035, 1040, 1046, 1041, 1043, 1035, - - 1037, 1036, 1039, 1038, 1040, 1042, 1041, 1046, 1048, 1049, - 1050, 1042, 1050, 1055, 1051, 1043, 1049, 1044, 1053, 1051, - 1054, 1048, 1055, 1046, 1057, 1052, 1053, 1056, 1058, 0, - 1061, 1062, 1064, 1054, 1063, 1048, 1049, 1050, 1065, 1056, - 1055, 1066, 1070, 0, 1067, 1053, 1057, 1054, 1068, 1062, - 1058, 1057, 1061, 1070, 1056, 1058, 1067, 1061, 1062, 1066, - 1063, 1063, 1068, 1073, 1064, 1074, 1073, 1071, 1066, 1070, - 1065, 1067, 1071, 1075, 1076, 1068, 1077, 1074, 1082, 1079, - 1078, 1080, 1081, 1077, 1084, 1089, 0, 1076, 1079, 1073, - 1073, 1078, 1074, 1073, 1081, 1080, 1086, 1075, 1083, 1071, - - 1075, 1076, 1085, 1077, 1087, 1083, 1079, 1078, 1080, 1081, - 1082, 1089, 1089, 1090, 1085, 1091, 1084, 1087, 1086, 1092, - 1095, 1091, 1093, 1086, 1094, 1083, 1096, 0, 1097, 1085, - 1098, 1087, 1101, 1100, 1103, 1094, 1104, 1090, 1095, 1114, - 1090, 1092, 1091, 1101, 1093, 1098, 1092, 1095, 1096, 1093, - 1097, 1094, 1102, 1096, 1100, 1097, 1105, 1098, 1106, 1101, - 1100, 1108, 1107, 1104, 1110, 0, 1103, 1106, 1109, 1111, - 1112, 1114, 1110, 1102, 1105, 1115, 1111, 1109, 1113, 1102, - 1116, 1117, 1118, 1105, 1119, 1106, 1107, 1108, 1108, 1107, - 1121, 1110, 1113, 1120, 1112, 1109, 1111, 1112, 1126, 1123, - - 1128, 1124, 1127, 1117, 1118, 1113, 1125, 1115, 1117, 1118, - 1124, 1133, 1116, 1125, 1129, 1120, 1119, 1130, 1131, 1133, - 1120, 1123, 1121, 1134, 1127, 1132, 1123, 1128, 1124, 1127, - 1126, 1135, 1129, 1125, 1132, 1130, 1141, 1136, 1133, 1137, - 1131, 1129, 1138, 1144, 1130, 1131, 1140, 1134, 1139, 1142, - 1134, 1138, 1132, 1136, 1140, 1135, 1145, 0, 1135, 1143, - 0, 1137, 1148, 1139, 1136, 1144, 1137, 1149, 1141, 1138, - 1144, 1143, 1146, 1140, 1147, 1139, 1149, 1148, 1152, 1151, - 1146, 1142, 1153, 1145, 1156, 1157, 1143, 1147, 1151, 1148, - 1153, 1154, 1156, 1154, 1149, 1158, 1152, 1159, 1160, 1146, - - 1161, 1147, 1163, 1167, 1164, 1152, 1151, 1161, 1165, 1153, - 1166, 1156, 1157, 1168, 1158, 1163, 1164, 1170, 1154, 1159, - 1160, 1167, 1158, 1165, 1159, 1160, 1169, 1161, 1171, 1163, - 1167, 1164, 1166, 1169, 1172, 1165, 1173, 1166, 0, 1174, - 1168, 1176, 1177, 1175, 1179, 1172, 0, 1181, 0, 1170, - 1178, 1180, 1185, 1169, 1176, 1177, 1179, 0, 1173, 1180, - 1171, 1172, 0, 1173, 1174, 1175, 1174, 1181, 1176, 1177, - 1175, 1179, 1178, 1182, 1181, 1183, 1186, 1178, 1180, 1185, - 1188, 1187, 0, 1183, 1189, 1182, 1190, 1191, 1195, 1186, - 1187, 1196, 1188, 1190, 1193, 0, 1191, 0, 1191, 1197, - - 1182, 1191, 1183, 1186, 1194, 1189, 0, 1188, 1187, 1191, - 1195, 1189, 1199, 1190, 1191, 1195, 1198, 1193, 1196, 1197, - 1202, 1193, 1203, 1191, 1200, 1191, 1197, 1204, 1191, 1198, - 1194, 1194, 1200, 1201, 1206, 1204, 1199, 1205, 1202, 1199, - 1207, 1209, 1201, 1198, 1203, 1208, 1212, 1202, 1210, 1203, - 0, 1200, 1205, 1217, 1204, 1213, 1210, 1209, 1208, 1214, - 1201, 1216, 1207, 1215, 1205, 0, 1206, 1207, 1209, 1218, - 1215, 0, 1208, 1212, 1224, 1210, 1217, 1213, 0, 1219, - 1217, 1214, 1213, 1216, 1221, 1220, 1214, 1218, 1216, 1222, - 1215, 1219, 1221, 1223, 1224, 1225, 1218, 1220, 1222, 1226, - - 1228, 1224, 1227, 1229, 1231, 1223, 1219, 1226, 1227, 1228, - 1225, 1221, 1220, 1222, 1232, 1234, 1222, 0, 0, 1230, - 1223, 1232, 1225, 1237, 1229, 1222, 1226, 1228, 1233, 1227, - 1229, 1230, 1235, 1234, 0, 1233, 1231, 1236, 1237, 1238, - 1240, 1232, 1234, 1241, 1235, 1236, 1230, 1238, 0, 1239, - 1237, 1239, 1240, 1242, 1244, 1233, 1245, 1246, 1247, 1235, - 1242, 1249, 1248, 1251, 1236, 1250, 1238, 1240, 1245, 1248, - 1246, 1256, 1249, 1253, 1252, 1241, 1239, 1247, 1251, 1252, - 1242, 1253, 1254, 1245, 1246, 1247, 1244, 1250, 1249, 1248, - 1251, 1255, 1250, 1258, 1259, 1254, 1260, 1256, 1256, 0, - - 1253, 0, 0, 1261, 1264, 1255, 1252, 1258, 0, 1254, - 0, 1262, 1259, 1265, 0, 1272, 1263, 1266, 1255, 1257, - 1258, 1259, 1267, 1257, 1272, 1271, 1257, 1257, 1260, 1261, - 1261, 1257, 1271, 1262, 1263, 1265, 1264, 1257, 1262, 1266, - 1265, 1257, 1272, 1263, 1266, 1257, 1257, 1269, 1267, 1267, - 1257, 1268, 1271, 1257, 1257, 1273, 0, 1268, 1257, 1270, - 1274, 1270, 1276, 1281, 1257, 0, 1275, 0, 1257, 1277, - 1280, 1279, 1278, 1269, 1269, 1282, 1277, 1284, 1268, 1280, - 1276, 1283, 0, 1270, 1279, 1289, 1270, 1273, 1270, 1276, - 1275, 1285, 1274, 1275, 1278, 1281, 1277, 1280, 1279, 1278, - - 1284, 0, 1288, 1283, 1284, 1285, 1291, 1282, 1283, 1287, - 0, 1289, 1289, 1290, 1290, 1288, 1293, 0, 1285, 1286, - 1294, 0, 1291, 1297, 1286, 0, 1286, 1295, 1286, 1288, - 1286, 1287, 1294, 1291, 1295, 1296, 1287, 1286, 1299, 1293, - 1298, 1297, 1290, 1293, 1296, 1298, 1286, 1294, 1301, 1303, - 1297, 1286, 1307, 1286, 1295, 1286, 1299, 1286, 1300, 0, - 1302, 1304, 1296, 1300, 1306, 1299, 1305, 1303, 1308, 1304, - 1301, 1309, 1298, 1302, 1305, 1301, 1303, 1306, 1310, 1311, - 1312, 1314, 0, 1313, 1307, 1300, 1309, 1302, 1304, 1315, - 1319, 1306, 1311, 1305, 1308, 1308, 1313, 1310, 1309, 1314, - - 1318, 1321, 1312, 1316, 1322, 1310, 1311, 1312, 1314, 1315, - 1313, 1317, 1316, 1317, 1320, 1324, 1315, 1319, 1325, 1327, - 1328, 1330, 1318, 1331, 1326, 0, 1320, 1318, 1321, 1322, - 1316, 1322, 1326, 1332, 1336, 1341, 1329, 1327, 1317, 1324, - 1325, 1320, 1324, 1329, 1338, 1325, 1327, 1328, 1330, 1331, - 1331, 1326, 1333, 1334, 1338, 1332, 1335, 1337, 1333, 1334, - 1332, 1336, 1335, 1329, 1337, 1339, 1340, 1341, 1342, 1343, - 0, 1338, 1344, 1340, 1347, 1351, 1345, 1349, 1350, 1333, - 1334, 0, 1348, 1335, 1337, 1345, 1352, 1343, 1351, 1339, - 1342, 1349, 1339, 1340, 1348, 1342, 1343, 1344, 1347, 1344, - - 1350, 1347, 1351, 1345, 1349, 1350, 1353, 1354, 1352, 1348, - 1356, 1355, 0, 1352, 1357, 1359, 1364, 1358, 1365, 1368, - 0, 0, 1360, 0, 1359, 1353, 1361, 0, 0, 1354, - 1366, 1362, 1356, 1353, 1354, 1355, 1369, 1356, 1355, 1358, - 1357, 1357, 1359, 1360, 1358, 1362, 1361, 1367, 1364, 1360, - 1365, 1368, 1366, 1361, 1369, 1371, 1370, 1366, 1362, 1372, - 1373, 1376, 1375, 1369, 1370, 1378, 1379, 1373, 1377, 1367, - 1376, 1371, 1380, 1379, 1367, 1381, 1380, 1378, 1382, 1383, - 1385, 0, 1371, 1370, 1375, 1377, 1372, 1373, 1376, 1375, - 1386, 1387, 1378, 1379, 1388, 1377, 1386, 0, 1387, 1380, - - 1383, 1388, 1390, 1386, 1389, 1391, 1383, 1381, 1392, 1393, - 1382, 1394, 1385, 1394, 1391, 1390, 1393, 1386, 1387, 1389, - 1396, 1388, 1397, 1386, 1395, 0, 1398, 1405, 1399, 1390, - 1398, 1389, 1391, 1395, 1392, 1392, 1393, 1401, 1394, 1402, - 1404, 1414, 1396, 1403, 1402, 1401, 1405, 1396, 1406, 1397, - 1399, 1395, 1403, 1398, 1405, 1399, 1407, 1408, 1404, 1409, - 1408, 1406, 1409, 0, 1401, 1412, 1411, 1404, 1407, 1408, - 1403, 1402, 1410, 1414, 1415, 1406, 0, 1417, 1412, 1416, - 1418, 1409, 1417, 1407, 1408, 1420, 1409, 1408, 1418, 1409, - 1410, 1411, 1412, 1411, 1420, 1416, 1421, 1415, 1422, 1410, - - 1423, 1415, 1419, 1419, 1424, 0, 1416, 1418, 1425, 1417, - 1426, 1429, 1420, 1424, 1427, 1425, 1432, 1430, 1421, 1431, - 1422, 1427, 1423, 1421, 1429, 1422, 1430, 1423, 1431, 1419, - 1433, 1424, 1426, 1436, 1437, 1425, 1434, 1426, 1429, 1435, - 1438, 1427, 1432, 1432, 1430, 1434, 1431, 1435, 1439, 1437, - 1441, 1438, 1442, 1433, 1444, 1440, 1439, 1433, 0, 1450, - 1445, 1437, 1441, 1434, 1442, 1436, 1435, 1438, 1440, 1446, - 1443, 1449, 1455, 1456, 1447, 1439, 1444, 1441, 1443, 1442, - 1445, 1444, 1440, 1447, 1448, 1450, 1450, 1445, 1451, 1449, - 1448, 1446, 1452, 1464, 1454, 1453, 1446, 1443, 1449, 1457, - - 1451, 1447, 1453, 1458, 1455, 1456, 1459, 1460, 1462, 1463, - 1452, 1448, 1457, 1461, 1462, 1451, 1465, 1466, 1467, 1452, - 1454, 1454, 1453, 1470, 1461, 1464, 1457, 1474, 1460, 1458, - 1458, 1463, 1468, 1459, 1460, 1462, 1463, 1471, 1472, 0, - 1461, 0, 1474, 1473, 1467, 1467, 1477, 0, 1465, 1466, - 1470, 1468, 1473, 1468, 1474, 1475, 1472, 1476, 1468, 1468, - 1471, 1478, 1480, 1481, 1471, 1472, 1477, 1479, 1475, 1476, - 1473, 1484, 1485, 1477, 1479, 1483, 1484, 1485, 1468, 1482, - 1468, 1480, 1475, 1483, 1476, 1481, 1486, 1478, 1478, 1480, - 1481, 1487, 1482, 1486, 1479, 0, 1490, 1488, 1491, 1489, - - 1492, 1494, 1483, 1484, 1485, 1488, 1482, 1489, 1492, 1493, - 1494, 1495, 1496, 1486, 1490, 1498, 1493, 1487, 1487, 1499, - 1491, 1497, 1498, 1490, 1488, 1491, 1489, 1492, 1494, 1501, - 1497, 1499, 1500, 1500, 1496, 1503, 1493, 1502, 1504, 1496, - 1510, 1505, 1498, 1495, 1506, 1502, 1499, 1507, 1497, 1505, - 1508, 1512, 1506, 1510, 1511, 1507, 1503, 1509, 1508, 1500, - 1511, 1501, 1503, 1512, 1502, 1509, 1513, 1510, 1505, 0, - 1504, 1506, 1514, 1517, 1507, 1515, 1518, 1508, 1512, 1516, - 1519, 1511, 1520, 1515, 1509, 1521, 1523, 1516, 1517, 0, - 0, 1522, 1513, 1513, 1529, 0, 1514, 1524, 1523, 1514, - - 1517, 1533, 1515, 1518, 1520, 1522, 1516, 1519, 1521, 1520, - 1526, 1525, 1521, 1523, 1526, 1524, 1529, 1528, 1522, 1530, - 1534, 1529, 1531, 1532, 1524, 1525, 1528, 1526, 1533, 1531, - 1535, 1530, 1538, 1536, 1532, 1526, 1539, 1526, 1525, 1537, - 1546, 1526, 1534, 1544, 1528, 1536, 1530, 1534, 1540, 1531, - 1532, 1541, 1542, 1537, 1526, 1547, 1543, 1554, 1539, 1542, - 1536, 1544, 1535, 1539, 1538, 1543, 1537, 1551, 1549, 1545, - 1544, 1540, 1546, 1551, 1541, 1540, 1545, 1549, 1541, 1542, - 1552, 1555, 1547, 1543, 1553, 1557, 1560, 0, 1555, 1554, - 1559, 1565, 1561, 1562, 1551, 1549, 1545, 0, 1563, 1566, - - 0, 0, 1552, 1561, 1562, 1566, 1568, 1552, 1555, 1563, - 1553, 1553, 1557, 1560, 1559, 1565, 1567, 1559, 1565, 1561, - 1562, 1569, 1571, 1567, 1568, 1563, 1566, 1570, 1569, 1572, - 1573, 0, 1575, 1568, 1571, 1572, 1574, 1576, 1573, 1577, - 1580, 1579, 0, 1567, 1578, 1575, 0, 1584, 1569, 1571, - 1579, 1583, 1580, 1570, 1570, 1585, 1572, 1573, 1574, 1575, - 1584, 1586, 1578, 1574, 1585, 1577, 1577, 1580, 1579, 1576, - 1581, 1578, 1581, 1582, 1584, 1587, 1588, 1583, 1583, 1590, - 1582, 1589, 1585, 1586, 1591, 1592, 1590, 1587, 1586, 1594, - 1592, 1593, 1595, 1596, 1599, 1597, 0, 1581, 0, 1593, - - 1582, 1596, 1587, 1588, 1589, 1594, 1590, 1600, 1589, 1601, - 1591, 1591, 1592, 1602, 1603, 1595, 1594, 1597, 1593, 1595, - 1596, 1599, 1597, 1601, 1604, 1603, 1605, 0, 1609, 1606, - 1606, 1600, 1607, 1604, 1600, 1602, 1601, 1606, 1610, 1605, - 1602, 1603, 1608, 1611, 1608, 1607, 1613, 0, 1614, 1615, - 1611, 1604, 1617, 1605, 1609, 1609, 1606, 1606, 1618, 1607, - 1610, 1612, 0, 1619, 1621, 1610, 1614, 1616, 1612, 1608, - 1611, 1615, 1624, 1613, 1616, 1614, 1615, 1617, 1623, 1617, - 1618, 1626, 1620, 1629, 1625, 1618, 1629, 1630, 1612, 1620, - 1628, 1623, 1625, 1631, 1616, 1619, 1621, 1633, 1635, 1624, - - 0, 0, 1626, 1632, 1649, 1623, 1633, 1636, 1626, 1620, - 1629, 1625, 1628, 1630, 1630, 1634, 1632, 1628, 0, 1631, - 1631, 1638, 1635, 1637, 1633, 1635, 1641, 1634, 1639, 1642, - 1632, 1649, 1637, 1636, 1636, 1639, 1638, 1640, 1643, 1645, - 1640, 1646, 1634, 1647, 1651, 1647, 1650, 1648, 1638, 1650, - 1637, 1642, 1640, 1652, 1643, 1639, 1642, 1645, 1641, 1656, - 1653, 1640, 1643, 1646, 1640, 1643, 1645, 1640, 1646, 1654, - 1647, 1648, 1655, 1650, 1648, 1657, 1651, 1659, 1658, 1640, - 1660, 1643, 1653, 1661, 1662, 1652, 1659, 1653, 1660, 1663, - 1661, 1656, 1658, 1664, 1665, 1654, 1654, 1657, 1655, 1655, - - 1666, 1667, 1657, 1670, 1659, 1658, 0, 1660, 1662, 1668, - 1661, 1662, 1669, 1668, 1672, 1671, 1676, 1673, 0, 1677, - 1674, 1663, 1666, 1672, 1673, 1664, 1665, 1666, 1674, 1676, - 1670, 1675, 1677, 1667, 1669, 1678, 1668, 1671, 1675, 1669, - 1679, 1672, 1671, 1676, 1673, 1681, 1677, 1674, 1678, 1679, - 1680, 1682, 1680, 1683, 1684, 1686, 1687, 1689, 1675, 1688, - 0, 1683, 1678, 0, 0, 0, 0, 1679, 1681, 1694, - 1686, 1687, 1681, 1688, 1684, 1693, 1682, 1680, 1682, 1691, - 1683, 1684, 1686, 1687, 1690, 1692, 1688, 1694, 1693, 1689, - 1691, 1690, 1692, 1694, 1695, 1696, 1694, 1698, 1699, 1706, - - 1701, 1700, 1693, 1702, 1703, 1699, 1691, 1705, 1706, 0, - 1705, 1690, 1692, 1696, 1694, 1701, 1703, 1707, 0, 1704, - 1695, 1695, 1696, 1700, 1698, 1699, 1706, 1701, 1700, 1702, - 1702, 1703, 1704, 1708, 1705, 1707, 1709, 1710, 1711, 1715, - 1710, 1715, 1713, 1717, 1707, 1708, 1704, 1713, 1716, 1711, - 1718, 1722, 1720, 1719, 1713, 1710, 1709, 1721, 0, 1723, - 1708, 1720, 0, 1709, 1710, 1711, 1715, 1710, 1719, 1713, - 1717, 1725, 1716, 1723, 1713, 1716, 1727, 1718, 1722, 1720, - 1719, 1721, 1724, 1726, 1721, 1728, 1723, 1730, 1731, 1729, - 1724, 1728, 0, 1725, 1733, 1730, 1737, 1736, 1725, 1731, - - 1727, 1732, 1733, 1727, 1734, 1726, 1735, 1734, 0, 1724, - 1726, 1729, 1728, 1739, 1730, 1731, 1729, 1738, 1740, 1732, - 1739, 1733, 1734, 1737, 1735, 1742, 1741, 1745, 1732, 1736, - 1743, 1734, 1740, 1735, 1734, 1741, 1746, 1738, 1742, 1751, - 1739, 1743, 1744, 1752, 1738, 1740, 1749, 1744, 1749, 1745, - 1750, 1746, 1742, 1741, 1745, 0, 1766, 1743, 1753, 1750, - 1754, 1766, 1756, 1746, 1755, 1751, 1751, 1752, 1755, 1753, - 1752, 1758, 1759, 1749, 1744, 1761, 1756, 1750, 1754, 1757, - 1760, 1759, 1757, 1766, 1761, 1753, 1760, 1754, 1756, 1756, - 1755, 1755, 1764, 1758, 1767, 1755, 1762, 1757, 1758, 1759, - - 1765, 1762, 1761, 1756, 1768, 1764, 1757, 1760, 1769, 1757, - 1771, 1770, 1765, 1772, 1773, 1775, 1767, 1768, 0, 1764, - 1770, 1767, 1774, 1776, 1780, 1778, 1779, 1765, 1762, 0, - 1783, 1768, 1778, 0, 1781, 1774, 1773, 1771, 1770, 1779, - 1769, 1773, 1791, 0, 1776, 1772, 1785, 1775, 1781, 1774, - 1776, 1782, 1778, 1779, 1792, 1787, 1780, 1782, 1788, 1789, - 1790, 1781, 1783, 1787, 1791, 1785, 1788, 1789, 1799, 1791, - 1796, 1794, 1792, 1785, 1793, 1782, 1795, 1800, 1782, 1790, - 1797, 1792, 1787, 1796, 1782, 1788, 1789, 1790, 1793, 1794, - 1795, 1798, 1801, 1797, 1802, 1803, 1805, 1796, 1794, 1804, - - 1799, 1793, 1806, 1795, 1807, 1805, 1804, 1797, 1802, 1800, - 1806, 1808, 1798, 1809, 1814, 1810, 1801, 1811, 1798, 1801, - 1810, 1802, 1803, 1805, 1812, 1808, 1804, 1815, 1811, 1806, - 1816, 1807, 0, 1812, 1815, 1829, 1817, 1819, 1808, 1798, - 1818, 1814, 1810, 1820, 1811, 1809, 1822, 1818, 1821, 0, - 1822, 1812, 1824, 1816, 1815, 1833, 1825, 1816, 1817, 1819, - 1826, 1827, 1829, 1817, 1819, 1820, 1821, 1818, 1824, 1828, - 1820, 1831, 1830, 1822, 1825, 1821, 1827, 1832, 1834, 1824, - 1830, 1828, 1833, 1825, 1826, 1832, 1831, 1826, 1827, 1835, - 1840, 1834, 1836, 1837, 1839, 1841, 1828, 1840, 1831, 1830, - - 0, 1843, 1839, 1842, 1832, 1834, 1845, 1836, 1837, 1835, - 1843, 1844, 1846, 1847, 1851, 1849, 1835, 1840, 1842, 1836, - 1837, 1839, 1852, 1850, 0, 0, 1854, 1841, 1843, 1853, - 1842, 1855, 1844, 1845, 0, 0, 1846, 1849, 1844, 1846, - 1847, 1850, 1849, 1857, 1853, 1856, 1851, 1860, 1857, 1852, - 1850, 1854, 1856, 1854, 1858, 1855, 1853, 1859, 1855, 1862, - 1861, 1863, 1866, 1858, 1867, 1872, 1859, 1864, 1865, 1860, - 1857, 1867, 1856, 0, 1860, 1866, 1863, 1862, 1868, 1864, - 1866, 1858, 1861, 1871, 1859, 1868, 1862, 1861, 1863, 1866, - 1865, 1867, 1869, 1873, 1864, 1865, 1870, 1872, 1875, 1873, - - 1868, 0, 1866, 1876, 1880, 1868, 1878, 1877, 1870, 1875, - 1871, 1876, 1868, 1882, 1869, 1877, 1883, 1878, 1884, 1869, - 1873, 1879, 1881, 1870, 1881, 1875, 1886, 1891, 1879, 1880, - 1876, 1880, 1887, 1878, 1877, 1881, 1888, 1885, 1892, 1882, - 1882, 1889, 1888, 1883, 1885, 1884, 1890, 1889, 1879, 1881, - 1893, 1881, 1890, 1886, 1891, 1896, 1894, 1897, 1887, 1887, - 1898, 1892, 0, 1888, 1885, 1892, 1897, 1899, 1889, 1900, - 1902, 1900, 1903, 1890, 1901, 1905, 1906, 1912, 1904, 1903, - 1894, 0, 1893, 1894, 1897, 1907, 1908, 1896, 1906, 1899, - 1910, 1907, 1898, 1909, 1899, 1917, 1900, 1902, 1901, 1903, - - 1904, 1901, 1905, 1906, 1911, 1904, 0, 1914, 1908, 1912, - 1915, 1916, 1907, 1908, 1914, 1909, 1910, 1910, 1916, 1915, - 1909, 1913, 1913, 1913, 1920, 1918, 1911, 1917, 1913, 1924, - 0, 1911, 1918, 1919, 1914, 1921, 1913, 1915, 1916, 1926, - 1919, 1923, 1924, 1929, 1920, 1927, 1923, 1925, 1913, 1913, - 1913, 1920, 1918, 1928, 1933, 1913, 1924, 1921, 1930, 1925, - 1919, 1927, 1921, 1931, 1926, 1928, 1926, 1934, 1934, 1935, - 1931, 1932, 1927, 1923, 1925, 1929, 1930, 1932, 1937, 1936, - 1928, 1933, 1938, 1937, 1939, 1930, 1936, 1943, 1949, 1944, - 1931, 1944, 1940, 0, 1934, 1935, 1935, 1945, 1932, 1940, - - 1947, 1948, 1950, 1953, 1952, 1937, 1936, 1948, 1938, 1938, - 1950, 1939, 1951, 1955, 1943, 1945, 1944, 1952, 1947, 1940, - 1949, 1956, 1964, 1951, 1945, 1955, 1954, 1947, 1948, 1950, - 1953, 1952, 1954, 1957, 1958, 1958, 1959, 1960, 1960, 1951, - 1955, 1956, 1963, 1961, 1964, 1965, 1967, 0, 1956, 1964, - 1968, 1957, 1966, 1954, 1961, 1972, 1969, 1971, 1973, 1966, - 1957, 1958, 1959, 1959, 1960, 1971, 1967, 1974, 1975, 1979, - 1961, 1977, 1978, 1967, 1963, 1980, 1976, 1965, 1977, 1966, - 1978, 1969, 1968, 1969, 1971, 1973, 1975, 1972, 1976, 1974, - 1980, 1981, 1982, 1979, 1974, 1975, 1979, 1984, 1977, 1978, - - 1985, 1982, 1980, 1976, 1983, 1983, 1986, 1987, 1988, 1991, - 1989, 0, 1992, 1994, 1987, 1981, 1991, 1992, 1981, 1982, - 1988, 1993, 1995, 1984, 1984, 1995, 1989, 2003, 2000, 1997, - 2004, 1983, 1985, 1989, 1987, 1988, 1991, 1989, 1986, 1992, - 1994, 1997, 1996, 1993, 1999, 2003, 2001, 2002, 1993, 1995, - 1996, 2000, 1999, 1989, 2003, 2000, 1997, 2004, 2005, 2006, - 2007, 2008, 2010, 2009, 2006, 2015, 0, 2008, 2002, 1996, - 2010, 1999, 2001, 2001, 2002, 2006, 2009, 2011, 0, 2020, - 2024, 2005, 2021, 2016, 2017, 2005, 2006, 2007, 2008, 2010, - 2009, 2006, 2016, 2012, 2013, 2014, 2017, 2015, 2024, 2011, - - 2012, 2013, 2014, 2018, 2011, 2019, 2020, 2024, 2021, 2021, - 2016, 2017, 2022, 2025, 2027, 2028, 2026, 2030, 2025, 2019, - 2012, 2013, 2014, 2026, 2032, 2018, 2031, 2034, 2036, 2025, - 2018, 2031, 2019, 2035, 2035, 2022, 2027, 2037, 2038, 2022, - 2025, 2027, 2028, 2026, 2030, 2025, 2040, 2042, 2041, 2045, - 2036, 2043, 2037, 2047, 0, 2036, 2032, 2048, 2031, 2034, - 2035, 2040, 2042, 2044, 2037, 2044, 2051, 2046, 2049, 2060, - 2038, 2041, 2046, 2040, 2042, 2041, 2049, 2043, 2043, 2050, - 2056, 2045, 2052, 2054, 2048, 2047, 2050, 2058, 2051, 2059, - 2044, 2055, 2061, 2051, 2046, 2049, 2060, 2052, 2054, 2055, - - 2063, 2062, 2056, 2064, 2065, 0, 2050, 2056, 2062, 2052, - 2054, 2058, 2066, 2071, 2058, 2059, 2059, 2067, 2055, 2061, - 2069, 2072, 0, 2073, 2064, 2078, 2065, 0, 2062, 0, - 2064, 2065, 2063, 2066, 0, 2067, 2072, 2071, 2075, 2066, - 2071, 2076, 2069, 2079, 2067, 2077, 0, 2069, 2072, 2073, - 2073, 2080, 2078, 2075, 2081, 2082, 2076, 2083, 0, 2084, - 2086, 2079, 2085, 2087, 2090, 2075, 2084, 2077, 2076, 2086, - 2079, 2087, 2077, 2080, 2088, 2092, 2081, 2089, 2080, 2082, - 2085, 2081, 2082, 2091, 2083, 2093, 2084, 2086, 2098, 2085, - 2087, 2097, 2091, 2092, 2093, 2094, 2090, 2088, 2096, 2089, - - 2097, 2088, 2092, 2099, 2089, 2101, 2098, 2100, 2094, 2096, - 2091, 2102, 2093, 2103, 2100, 2098, 2109, 2104, 2097, 2105, - 2118, 2099, 2094, 2104, 2096, 2096, 2111, 2116, 2103, 2102, - 2099, 2101, 2101, 2106, 2100, 0, 2096, 2112, 2102, 2116, - 2103, 2105, 2117, 2109, 2104, 2113, 2105, 2106, 2112, 2119, - 2111, 2114, 2118, 2111, 2116, 2117, 2113, 2120, 2122, 2119, - 2106, 2121, 2114, 2123, 2112, 2126, 2132, 2122, 2124, 2117, - 2127, 2129, 2113, 2130, 2131, 2129, 2119, 2134, 2114, 2132, - 0, 2133, 2134, 2120, 2120, 2122, 2121, 2124, 2121, 2136, - 2123, 2137, 2126, 2132, 2130, 2124, 2127, 2127, 2129, 2137, - - 2130, 2133, 2135, 2144, 2134, 2138, 2131, 2139, 2133, 2135, - 2140, 2138, 2141, 2142, 0, 2136, 2136, 2137, 2137, 2143, - 2143, 2144, 2139, 2145, 2141, 2140, 2137, 2153, 2142, 2135, - 2144, 2146, 2138, 2152, 2139, 2145, 2146, 2140, 2147, 2141, - 2142, 2148, 2147, 2151, 2150, 2148, 2143, 2151, 2152, 2155, - 2145, 2150, 2154, 2156, 2153, 2158, 2155, 0, 2148, 2157, - 2152, 2154, 2158, 2146, 2164, 2147, 2148, 2160, 2148, 2162, - 2151, 2150, 2148, 2161, 2166, 2163, 2155, 2156, 2162, 2154, - 2156, 2157, 2158, 2171, 2164, 2148, 2157, 2169, 2170, 2160, - 2168, 2164, 2166, 2174, 2160, 2177, 2162, 2163, 2161, 2168, - - 2161, 2166, 2163, 2170, 2172, 2169, 2173, 2179, 2171, 2175, - 2171, 2178, 2172, 2173, 2169, 2170, 2175, 2168, 2180, 2180, - 2177, 2181, 2177, 0, 2178, 2174, 2182, 2183, 2184, 2188, - 2185, 2172, 2186, 2173, 2179, 2187, 2175, 2191, 2178, 2185, - 0, 2186, 2187, 2181, 2189, 2180, 2190, 2198, 2181, 2183, - 2184, 2182, 2191, 2182, 2183, 2184, 2193, 2185, 2192, 2186, - 2190, 2188, 2187, 2192, 2191, 2196, 2189, 2197, 2195, 2203, - 2199, 2189, 2200, 2190, 2198, 2193, 2195, 2201, 2196, 2202, - 2204, 2208, 2197, 2193, 2205, 2269, 2202, 0, 2200, 2201, - 2192, 2206, 2196, 2210, 2197, 2195, 2199, 2199, 0, 2200, - - 2206, 2203, 2204, 2211, 2201, 2207, 2202, 2204, 2208, 2205, - 2209, 2205, 2213, 2207, 2214, 2212, 0, 2269, 2206, 2210, - 2210, 2216, 2218, 2214, 2207, 2209, 0, 0, 2217, 2211, - 2211, 2217, 2207, 2212, 2213, 2221, 2222, 2209, 2220, 2213, - 2207, 2214, 2212, 2220, 2216, 2219, 2217, 2218, 2216, 2218, - 2221, 2219, 2223, 2225, 2222, 2217, 2226, 2229, 2217, 2227, - 2232, 0, 2221, 2222, 2231, 0, 2233, 2223, 2225, 0, - 2220, 2229, 2219, 2230, 0, 2233, 0, 2272, 2226, 2223, - 2225, 2227, 2231, 2226, 2229, 2230, 2227, 2232, 2234, 2235, - 2236, 2231, 2230, 2233, 2237, 2238, 2237, 2234, 2235, 2239, - - 2230, 2236, 2240, 2242, 2243, 2245, 2244, 2247, 2238, 2272, - 0, 2239, 2230, 2244, 2246, 2234, 2235, 2236, 2242, 2243, - 2259, 2237, 2238, 2253, 2240, 2247, 2239, 2245, 2248, 2240, - 2242, 2243, 2245, 2244, 2247, 2251, 2246, 2248, 2254, 2255, - 2256, 2246, 2254, 2257, 2253, 2257, 2258, 2259, 2251, 2256, - 2253, 2255, 2261, 2260, 2262, 2248, 2251, 0, 2266, 2264, - 2263, 2265, 2251, 2262, 2258, 2254, 2255, 2256, 2263, 2268, - 2257, 2260, 2266, 2258, 2273, 2251, 2274, 2268, 2275, 2261, - 2260, 2262, 2264, 2265, 2270, 2266, 2264, 2263, 2265, 2270, - 2271, 2276, 2279, 2282, 2281, 2271, 2268, 2275, 2276, 2280, - - 2274, 2283, 2284, 2274, 2286, 2275, 2273, 2285, 2287, 0, - 2289, 2270, 2281, 2280, 2291, 2288, 2285, 2284, 2276, 2279, - 2282, 2281, 2271, 2290, 2280, 2280, 2280, 2283, 2283, 2284, - 2287, 2293, 2294, 2295, 2285, 2287, 2286, 2289, 0, 2294, - 2280, 2288, 2288, 2299, 2302, 2290, 2291, 2298, 2296, 2298, - 2290, 2280, 2301, 2300, 2293, 2296, 2295, 2300, 2293, 2294, - 2295, 2305, 2304, 2303, 2301, 2299, 2302, 2308, 2305, 2306, - 2299, 2302, 2303, 2304, 2298, 2296, 2307, 2309, 2312, 2301, - 2300, 2307, 2315, 2310, 2311, 2313, 2313, 2312, 2305, 2304, - 2303, 2306, 2314, 2317, 2308, 2310, 2306, 2315, 2320, 2316, - - 2309, 2314, 2318, 2307, 2309, 2312, 2311, 2316, 2319, 2315, - 2310, 2311, 2313, 2322, 2323, 2317, 2318, 2319, 2327, 2314, - 2317, 2327, 2323, 2324, 2330, 2320, 2316, 2329, 2325, 2318, - 2326, 2324, 2322, 2329, 2326, 2319, 2325, 2331, 2328, 2330, - 2322, 2323, 2332, 2331, 2334, 2327, 2328, 0, 2336, 2338, - 2324, 2330, 2339, 2337, 2329, 2325, 2334, 2326, 2341, 2342, - 2340, 0, 2336, 2349, 2331, 2328, 2337, 2340, 2343, 2344, - 2338, 2334, 2348, 2351, 2332, 2336, 2338, 2339, 0, 2339, - 2337, 2342, 2350, 2344, 2346, 2341, 2342, 2340, 2345, 2347, - 2349, 2345, 2343, 2352, 2353, 2343, 2344, 2346, 2348, 2348, - - 2351, 2357, 2361, 2347, 2354, 2352, 2353, 2350, 2358, 2350, - 2355, 2346, 2359, 2355, 2360, 2345, 2347, 2360, 2354, 2362, - 2352, 2353, 0, 2363, 2369, 2365, 2366, 2370, 2357, 2361, - 2372, 2354, 2360, 2366, 2358, 2358, 2355, 2355, 2359, 2359, - 2355, 2360, 2367, 2368, 2360, 2363, 2362, 2365, 2371, 2367, - 2363, 2369, 2365, 2366, 2370, 2373, 2371, 2372, 2368, 2374, - 2375, 2376, 2377, 2378, 2373, 2379, 2380, 0, 2381, 2367, - 2368, 2382, 2375, 2383, 2387, 2371, 2388, 0, 2379, 2390, - 0, 2382, 2373, 2376, 2380, 2394, 2374, 2375, 2376, 2377, - 2378, 2384, 2379, 2380, 2381, 2381, 2387, 2385, 2382, 2389, - - 2383, 2387, 2391, 2388, 2384, 2385, 2390, 2389, 2392, 2394, - 2393, 2391, 2394, 2395, 2396, 2397, 0, 0, 2384, 2399, - 2398, 2401, 2403, 2397, 2385, 2404, 2389, 2406, 2395, 2391, - 2392, 2393, 2398, 2401, 2406, 2392, 2411, 2393, 2407, 2395, - 2395, 2396, 2397, 2402, 2399, 2410, 2399, 2398, 2401, 2403, - 2407, 2402, 2408, 2412, 2406, 2395, 2408, 2404, 2417, 2409, - 2413, 2412, 2414, 2411, 2415, 2407, 2418, 0, 2410, 2421, - 2402, 2409, 2410, 2418, 2414, 2419, 2415, 2420, 2421, 2408, - 2412, 2425, 2413, 2422, 2427, 2417, 2409, 2413, 2423, 2414, - 2420, 2415, 2422, 2418, 2426, 2419, 2421, 2424, 2424, 2428, - - 2423, 2430, 2419, 2431, 2420, 2432, 0, 2425, 2425, 2427, - 2422, 2427, 2426, 2433, 2428, 2423, 2428, 2434, 2431, 2434, - 2435, 2426, 2436, 2428, 2424, 2445, 2428, 2432, 2436, 2438, - 2431, 2441, 2432, 2430, 2435, 2433, 2437, 2439, 2439, 2442, - 2433, 2428, 2446, 2428, 2434, 2443, 2447, 2435, 2444, 2436, - 2448, 2438, 2447, 2441, 2437, 2449, 2438, 2445, 2441, 2450, - 2444, 2442, 2448, 2437, 2439, 2453, 2442, 2443, 2451, 2452, - 2454, 2452, 2443, 2447, 2446, 2444, 2455, 2448, 2460, 2453, - 2456, 2450, 2457, 2455, 2458, 2461, 2450, 2449, 2459, 2462, - 2451, 2460, 2453, 2463, 2454, 2451, 2452, 2454, 2456, 2469, - - 2457, 2465, 2458, 2455, 2468, 2460, 2459, 2456, 2465, 2457, - 2470, 2458, 2467, 0, 2473, 2459, 2463, 2461, 2472, 2467, - 2463, 2462, 2468, 0, 2471, 2469, 2469, 2474, 2465, 2479, - 0, 2468, 2471, 2477, 2481, 0, 2472, 0, 0, 2467, - 2473, 2473, 2470, 2480, 2477, 2472, 2475, 2478, 2475, 2474, - 2471, 2471, 2481, 2475, 2474, 2480, 2479, 2483, 2478, 2471, - 2477, 2481, 2486, 2488, 2489, 2484, 2485, 2491, 2492, 2495, - 2480, 2493, 2483, 2475, 2478, 2475, 2484, 2486, 2485, 2496, - 2497, 2490, 2491, 2498, 2483, 2499, 2489, 2488, 2490, 2486, - 2488, 2489, 2484, 2485, 2491, 2492, 2495, 2493, 2493, 2501, - - 2500, 2502, 2497, 2496, 2503, 2504, 2496, 2497, 2490, 2505, - 2508, 2506, 0, 2507, 2502, 2498, 2509, 2499, 2500, 2506, - 2504, 2512, 2505, 2510, 2514, 2513, 2501, 2500, 2502, 2509, - 2503, 2503, 2504, 2515, 2516, 2517, 2505, 2521, 2506, 2507, - 2507, 2518, 2508, 2509, 2512, 2510, 2520, 2519, 2512, 2513, - 2510, 2514, 2513, 2517, 2519, 2515, 2516, 2522, 2524, 2518, - 2515, 2516, 2517, 2525, 2521, 2526, 2528, 2531, 2518, 2520, - 2525, 2522, 2526, 2520, 2519, 2527, 2529, 2532, 2535, 2528, - 2524, 2530, 2527, 2533, 2522, 2524, 2534, 2535, 2530, 2531, - 2525, 2539, 2526, 2528, 2531, 2538, 2540, 2539, 2536, 2529, - - 2543, 2542, 2527, 2529, 2533, 2535, 2536, 2537, 2530, 2532, - 2533, 2543, 2534, 2534, 2544, 2537, 2542, 2538, 2539, 2545, - 2546, 2547, 2538, 2540, 0, 2536, 2550, 2543, 2542, 2548, - 2552, 2555, 2553, 0, 2537, 2554, 2544, 2556, 2560, 2560, - 2547, 2544, 2558, 2552, 2550, 2553, 2559, 2565, 2547, 2561, - 2567, 2545, 2546, 2550, 2548, 2555, 2548, 2552, 2555, 2553, - 2564, 2554, 2554, 2556, 2556, 2560, 2558, 2566, 2568, 2558, - 2559, 2571, 2573, 2559, 2576, 2561, 2561, 2567, 2575, 2565, - 2579, 2573, 2566, 2564, 2581, 2576, 2568, 2564, 2580, 2580, - 2582, 2575, 2584, 2581, 2566, 2568, 2582, 2586, 2571, 2573, - - 2585, 2576, 2579, 2588, 2590, 2575, 2591, 2579, 2592, 0, - 2593, 2581, 2597, 2591, 2584, 2580, 2595, 2582, 2594, 2584, - 2597, 2593, 2585, 2594, 2586, 2598, 2599, 2585, 2601, 2600, - 2588, 2603, 2604, 2591, 2592, 2592, 2590, 2593, 2595, 2597, - 2605, 2599, 2603, 2595, 2600, 2594, 2606, 2610, 2607, 2598, - 2604, 0, 2598, 2599, 2608, 2601, 2600, 2607, 2603, 2604, - 2611, 2605, 2612, 2613, 0, 2615, 2608, 2605, 2616, 2620, - 2612, 2617, 2613, 2618, 2610, 2607, 2619, 2621, 2606, 0, - 2622, 2608, 2618, 2620, 2611, 2630, 2626, 2611, 2623, 2612, - 2613, 2615, 2615, 2617, 2619, 2616, 2620, 2624, 2617, 2621, - - 2618, 2623, 2625, 2619, 2621, 2622, 2629, 2622, 2626, 2627, - 2624, 2628, 2630, 2626, 2631, 2623, 2627, 2625, 2628, 2632, - 2633, 0, 2634, 2635, 2624, 2636, 0, 2641, 2629, 2625, - 2638, 2637, 2646, 2629, 2636, 2639, 2627, 2634, 2628, 2640, - 2643, 2631, 2641, 2646, 2642, 2647, 2632, 2633, 2635, 2634, - 2635, 2642, 2636, 2637, 2641, 2643, 2638, 2638, 2637, 2646, - 2649, 2639, 2639, 2644, 2650, 2640, 2640, 2643, 2645, 2648, - 2644, 2642, 2647, 2651, 2645, 2652, 2656, 2648, 2653, 2654, - 0, 2658, 2655, 2656, 2660, 2657, 2661, 2649, 2658, 2651, - 2644, 2650, 2662, 2653, 2659, 2645, 2648, 2655, 0, 2654, - - 2651, 2659, 2652, 2656, 2661, 2653, 2654, 2657, 2658, 2655, - 2664, 2660, 2657, 2661, 2663, 2663, 2665, 2664, 2667, 2662, - 2666, 2659, 2668, 2666, 2670, 2669, 2672, 2668, 2671, 2676, - 2665, 2667, 0, 0, 2673, 2677, 2674, 2664, 2676, 2670, - 2677, 2663, 2679, 2665, 2672, 2667, 2673, 2666, 2674, 2668, - 2669, 2670, 2669, 2672, 2671, 2671, 2676, 2680, 2681, 2682, - 2678, 2673, 2677, 2674, 2678, 2683, 2679, 2684, 2690, 2679, - 2680, 2685, 0, 2687, 0, 2689, 2695, 2690, 0, 2693, - 2681, 2682, 2692, 2695, 2680, 2681, 2682, 2678, 2691, 0, - 2692, 2693, 2683, 2699, 2684, 2690, 2696, 2685, 2685, 2687, - - 2687, 2689, 2689, 2695, 2691, 2696, 2693, 2697, 2701, 2692, - 2698, 2699, 2697, 2703, 2700, 2691, 2705, 2698, 2702, 2704, - 2699, 2700, 2703, 2696, 2707, 2702, 2708, 2710, 2704, 2712, - 2711, 2709, 2710, 2701, 2697, 2701, 2715, 2698, 0, 0, - 2703, 2700, 2705, 2705, 2709, 2702, 2704, 2707, 2711, 2714, - 2716, 2707, 2717, 2708, 2710, 2718, 2712, 2711, 2709, 2716, - 2719, 2717, 2720, 2715, 2718, 2724, 2721, 2714, 2725, 2722, - 2723, 2726, 2727, 2724, 2720, 2721, 2714, 2716, 2722, 2717, - 2719, 2723, 2718, 2728, 2730, 2729, 2732, 2719, 2725, 2720, - 2728, 2733, 2724, 2721, 2729, 2725, 2722, 2723, 2726, 2727, - - 2734, 2738, 2737, 2740, 2739, 2730, 2735, 2736, 2741, 2738, - 2728, 2730, 2729, 2732, 2737, 2735, 2736, 2739, 2733, 2742, - 2743, 2745, 2747, 2749, 2751, 2740, 2742, 2743, 2738, 2737, - 2740, 2739, 2734, 2735, 2736, 2741, 2744, 2745, 2746, 2748, - 0, 2755, 2750, 2744, 2747, 2746, 2742, 2743, 2745, 2747, - 2749, 2751, 2753, 2756, 2759, 2757, 0, 0, 0, 2755, - 2753, 2756, 2768, 2744, 2748, 2746, 2748, 2750, 2755, 2750, - 2757, 2758, 2761, 2769, 0, 2772, 2759, 2760, 2758, 2753, - 2756, 2759, 2757, 2762, 2760, 2763, 2768, 2767, 2766, 2768, - 2762, 2770, 2771, 2763, 2761, 2766, 2767, 2773, 2758, 2761, - - 2769, 2771, 2772, 2770, 2760, 2774, 2775, 2779, 2777, 2778, - 2762, 2781, 2763, 2773, 2767, 2766, 2780, 2774, 2770, 2771, - 2777, 2778, 2787, 2782, 2773, 2793, 2790, 0, 2779, 2775, - 2784, 2789, 2774, 2775, 2779, 2777, 2778, 2782, 2781, 2780, - 2785, 2786, 2784, 2780, 2790, 2792, 2789, 2785, 2786, 2787, - 2782, 2791, 2793, 2790, 2794, 2795, 0, 2784, 2789, 2797, - 2801, 2796, 2794, 2800, 2798, 2799, 2807, 2785, 2786, 2806, - 2800, 2792, 2792, 2809, 2791, 2798, 0, 2797, 2791, 2816, - 2799, 2794, 2795, 2796, 2807, 2810, 2797, 2801, 2796, 2808, - 2800, 2798, 2799, 2807, 2808, 2806, 2806, 2811, 2817, 2810, - - 2809, 2812, 2813, 2814, 2815, 2817, 2816, 2818, 2820, 0, - 2823, 2811, 2810, 2826, 2825, 2812, 2808, 2827, 0, 2818, - 2813, 2814, 2815, 2828, 2811, 2817, 2826, 2830, 2812, 2813, - 2814, 2815, 2823, 2831, 2818, 2820, 2825, 2823, 2829, 2827, - 2826, 2825, 2828, 2833, 2827, 2830, 2829, 2835, 2838, 2836, - 2828, 2837, 2831, 2839, 2830, 2833, 2841, 2840, 2842, 2845, - 2831, 2843, 0, 2837, 2841, 2829, 2847, 2844, 2845, 2835, - 2833, 2836, 0, 2846, 2835, 2838, 2836, 2848, 2837, 2840, - 2839, 2843, 2846, 2841, 2840, 2842, 2845, 2849, 2843, 2844, - 2850, 2852, 2853, 2851, 2844, 2856, 2857, 2858, 2847, 2848, - - 2846, 2859, 2850, 2860, 2848, 2861, 2859, 2863, 2864, 2856, - 2866, 0, 0, 2849, 2849, 2851, 2862, 2850, 2852, 2853, - 2851, 2858, 2856, 2857, 2858, 2860, 2865, 2861, 2866, 2862, - 2860, 2864, 2861, 2859, 2867, 2864, 2868, 2866, 2869, 2863, - 2870, 2871, 2872, 2862, 2869, 0, 2867, 2873, 2865, 2874, - 2876, 0, 2880, 2865, 0, 2868, 2877, 2878, 2882, 2885, - 2883, 2867, 2873, 2868, 2872, 2869, 2884, 2880, 2885, 2872, - 2876, 2889, 2870, 2871, 2873, 2886, 2874, 2876, 2877, 2880, - 2882, 2878, 2883, 2877, 2878, 2882, 2885, 2883, 2884, 2886, - 2887, 2888, 2890, 2884, 2891, 2894, 2895, 2889, 2889, 2896, - - 2900, 0, 2886, 2899, 2894, 2901, 2902, 2900, 2887, 2888, - 2890, 2899, 2901, 2903, 2902, 2904, 2891, 2887, 2888, 2890, - 2896, 2891, 2894, 2905, 2910, 2907, 2896, 2900, 2895, 2908, - 2899, 2905, 2901, 2902, 2909, 2904, 2910, 2911, 2912, 2918, - 2903, 2917, 2904, 2907, 2919, 2913, 2915, 2908, 2917, 2911, - 2905, 2910, 2907, 2913, 2921, 2920, 2908, 2920, 2915, 2922, - 2909, 2909, 2918, 2925, 2911, 2912, 2918, 2923, 2917, 2924, - 2926, 2919, 2913, 2915, 2927, 2923, 2929, 2928, 2924, 2928, - 2934, 2931, 2920, 2935, 2939, 0, 2921, 0, 2932, 0, - 2936, 2922, 2938, 2927, 2923, 2925, 2924, 2926, 2929, 2931, - - 2937, 2927, 2932, 2929, 2928, 2938, 2940, 2935, 2931, 2937, - 2935, 2939, 2934, 2936, 2942, 2932, 2943, 2936, 2940, 2938, - 2944, 2945, 2947, 2948, 0, 2943, 2950, 2937, 2952, 2949, - 2954, 2957, 2955, 2940, 0, 2960, 2957, 2954, 0, 2964, - 2942, 2942, 2960, 2943, 2950, 2956, 2948, 2944, 2945, 2947, - 2948, 2949, 2958, 2950, 2955, 2952, 2949, 2954, 2961, 2955, - 2956, 2962, 2960, 2957, 2965, 2961, 2964, 2958, 2966, 2967, - 2968, 2971, 2956, 2972, 2974, 2969, 2975, 0, 2976, 2958, - 2977, 2974, 2972, 2979, 2968, 2961, 2983, 2962, 2962, 2969, - 0, 2965, 2984, 2967, 2978, 2966, 2967, 2968, 2971, 2980, - - 2972, 2974, 2969, 2975, 2976, 2976, 2978, 2977, 2981, 2982, - 2979, 2985, 2988, 2980, 2996, 2989, 3092, 2981, 2983, 2984, - 2991, 2978, 2982, 2992, 2993, 2991, 2980, 2992, 2995, 2999, - 2998, 2993, 2994, 0, 2985, 2981, 2982, 2989, 2985, 2994, - 3002, 2997, 2989, 2997, 2988, 3004, 2996, 3005, 3092, 2995, - 2992, 2993, 2991, 2998, 3008, 2995, 2999, 2998, 3007, 2994, - 3007, 3009, 3002, 3014, 3004, 3010, 3010, 3002, 2997, 3011, - 3012, 3005, 3004, 3013, 3005, 3010, 3014, 3015, 3008, 3012, - 3013, 3008, 3016, 0, 3020, 3007, 3017, 3009, 3009, 3018, - 3014, 3011, 3010, 3010, 3017, 3016, 3011, 3012, 3019, 3025, - - 3013, 3026, 3018, 3020, 3015, 3027, 3019, 3022, 3028, 3016, - 3017, 3020, 3022, 3017, 3023, 3024, 3018, 3029, 3031, 3023, - 0, 3017, 3030, 3024, 0, 3019, 3025, 3026, 3026, 3031, - 3032, 3027, 3027, 3033, 3028, 3028, 3034, 3034, 3035, 3022, - 3033, 3039, 3024, 3029, 3029, 3031, 3023, 3036, 3030, 3030, - 3037, 3035, 3032, 3038, 3040, 3041, 3044, 3032, 3037, 3039, - 3033, 3040, 3041, 3034, 3042, 3035, 3045, 0, 3039, 3036, - 3046, 3042, 3047, 3048, 3036, 3038, 3052, 3037, 3050, 0, - 3038, 3040, 3041, 3044, 3047, 3049, 3054, 3050, 3053, 3055, - 3057, 3042, 3058, 3045, 3046, 3060, 3059, 3046, 0, 3047, - - 3048, 3065, 3061, 3052, 3066, 3050, 3049, 3062, 3053, 3064, - 3058, 3055, 3049, 3054, 3059, 3053, 3055, 3057, 3064, 3058, - 3061, 3067, 3060, 3059, 3068, 3062, 3071, 3069, 3065, 3061, - 3070, 3066, 3072, 3075, 3062, 3069, 3064, 3076, 3071, 3072, - 3073, 3081, 3068, 3077, 3067, 3073, 3070, 3075, 3067, 3082, - 3085, 3068, 3083, 3071, 3069, 3076, 3086, 3070, 3088, 3072, - 3075, 3090, 3091, 3081, 3076, 3083, 3077, 3088, 3081, 3086, - 3077, 3087, 3073, 3087, 3098, 3093, 3082, 3085, 3102, 3083, - 3091, 3099, 3097, 3086, 3097, 3088, 3101, 0, 3090, 3091, - 3093, 3104, 3108, 3101, 3106, 3109, 3098, 3110, 3087, 3099, - - 3106, 3098, 3093, 3115, 3113, 3126, 3104, 3111, 3099, 3097, - 3102, 3118, 3119, 3101, 3108, 3114, 3115, 3109, 3104, 3108, - 3120, 3106, 3109, 3110, 3110, 3111, 3113, 3121, 3123, 3114, - 3115, 3113, 3116, 3122, 3111, 3116, 3123, 3126, 3118, 3119, - 3122, 3124, 3114, 3127, 3128, 3121, 3129, 3120, 3130, 3131, - 3132, 3135, 3133, 0, 3121, 3123, 3132, 3130, 3116, 3116, - 3122, 3137, 3116, 3124, 3131, 3127, 3128, 3139, 3124, 3134, - 3127, 3128, 3142, 3129, 3133, 3130, 3131, 3132, 3134, 3133, - 3136, 3140, 3136, 3135, 3141, 3143, 3149, 0, 3137, 3144, - 3139, 3151, 3145, 3143, 3139, 3147, 3134, 3154, 3142, 3142, - - 3152, 3144, 3147, 3140, 3145, 3151, 3141, 3136, 3140, 3153, - 3155, 3141, 3143, 3149, 3152, 3156, 3144, 3157, 3151, 3145, - 3154, 3158, 3147, 3153, 3154, 3157, 3156, 3152, 3155, 3159, - 3163, 3160, 0, 3161, 3162, 3165, 3153, 3155, 3160, 3163, - 3158, 3166, 3156, 3173, 3157, 3164, 3164, 3167, 3158, 3170, - 3171, 3159, 3162, 3174, 3170, 3167, 3159, 3163, 3160, 3161, - 3161, 3162, 3165, 3171, 3173, 3176, 3178, 3180, 3166, 3183, - 3173, 3176, 3164, 3181, 3167, 3184, 3185, 3171, 3180, 3188, - 3174, 3170, 3189, 3190, 3181, 3191, 3184, 3193, 3199, 3189, - 0, 3183, 3176, 3178, 3180, 3192, 3183, 3194, 3185, 3192, - - 3181, 3190, 3184, 3185, 3196, 3194, 3188, 3197, 3198, 3189, - 3190, 3201, 3203, 3204, 3193, 3199, 3198, 3191, 0, 3203, - 3197, 3207, 3192, 3209, 3194, 3205, 3207, 3208, 3208, 3210, - 3196, 3196, 3211, 3212, 3197, 3198, 3213, 3214, 3217, 3203, - 3212, 3221, 0, 3201, 3211, 3204, 3219, 3205, 3207, 3215, - 3209, 3216, 3205, 3214, 3208, 3213, 3210, 3218, 3216, 3211, - 3212, 3219, 3220, 3213, 3214, 3218, 3223, 3215, 3221, 3220, - 3217, 3222, 3224, 3219, 3225, 3231, 3215, 3229, 3216, 3230, - 0, 3232, 3213, 3222, 3218, 3233, 3230, 3234, 3235, 3220, - 3223, 3237, 3229, 3223, 3238, 3239, 3224, 3235, 3222, 3224, - - 3225, 3225, 3240, 3241, 3229, 3243, 3230, 3231, 3232, 3233, - 3240, 3245, 3233, 3237, 3249, 3235, 3246, 3239, 3237, 3234, - 3248, 3238, 3239, 3242, 3242, 3246, 3245, 3252, 3247, 3240, - 3247, 3250, 3243, 3242, 3248, 3241, 3254, 3251, 3245, 3250, - 3255, 3249, 3256, 3246, 3257, 3252, 3258, 3248, 3251, 3260, - 3242, 3242, 3259, 3261, 3252, 3247, 3262, 3263, 3250, 3258, - 3266, 3264, 3270, 3254, 3251, 0, 3257, 3255, 3267, 3256, - 3271, 3257, 3273, 3258, 3259, 3264, 3260, 3265, 3265, 3259, - 3261, 3271, 3274, 3262, 3263, 3276, 3278, 3284, 3264, 3270, - 3267, 3278, 3266, 3276, 3280, 3267, 3279, 3271, 3281, 3273, - - 3282, 3279, 3280, 3281, 3265, 3285, 3285, 3286, 3291, 3274, - 3289, 3287, 3276, 3278, 3284, 3286, 3292, 3289, 3290, 3294, - 3295, 3280, 3296, 3279, 3287, 3281, 3282, 3282, 3294, 3296, - 3303, 3297, 3285, 3298, 3286, 3291, 3290, 3289, 3287, 3297, - 3299, 3302, 3305, 3292, 3306, 3290, 3294, 3302, 3307, 3296, - 3308, 3310, 3295, 3311, 3312, 3298, 3314, 3303, 3297, 3309, - 3298, 3307, 3299, 3315, 0, 3316, 3306, 3299, 3302, 3305, - 3310, 3306, 3316, 3318, 3309, 3307, 3312, 3317, 3310, 3314, - 3311, 3312, 3308, 3314, 3317, 3315, 3309, 3319, 3320, 3322, - 3315, 3323, 3316, 3335, 3324, 3318, 3325, 3327, 0, 3323, - - 3318, 3324, 3319, 3325, 3317, 3331, 3327, 3330, 3322, 3320, - 0, 3328, 0, 3330, 3319, 3320, 3322, 3333, 3323, 3329, - 3329, 3324, 3328, 3325, 3327, 3335, 3334, 3331, 3336, 3329, - 3338, 3340, 3331, 3334, 3330, 3339, 3344, 3338, 3328, 3333, - 3345, 3346, 3351, 3352, 3333, 3340, 3329, 3329, 3353, 3354, - 3336, 3359, 3362, 3334, 3356, 3336, 3353, 3338, 3340, 3339, - 3360, 3360, 3339, 3344, 3346, 3352, 3356, 3345, 3346, 3351, - 3352, 3361, 3361, 3363, 3363, 3353, 3354, 3366, 3359, 3362, - 3364, 3356, 3368, 3367, 3369, 3370, 0, 3373, 3374, 3360, - 3375, 3377, 0, 3369, 3376, 3374, 3378, 3375, 3370, 3366, - - 3361, 3367, 3363, 3364, 3366, 3378, 3382, 3364, 3382, 3368, - 3367, 3369, 3370, 3373, 3373, 3374, 3376, 3375, 3377, 3379, - 3383, 3376, 3384, 3378, 3385, 3386, 3379, 3388, 3389, 3390, - 3391, 0, 3392, 3382, 3393, 3394, 3388, 3386, 3396, 3398, - 3383, 3395, 3385, 3399, 3398, 3384, 3379, 3383, 3391, 3384, - 3389, 3385, 3386, 3395, 3388, 3389, 3390, 3391, 3392, 3392, - 3396, 3393, 3394, 3397, 3401, 3396, 3397, 3400, 3395, 3400, - 3403, 3398, 3402, 3404, 3405, 3399, 3401, 3406, 3402, 3407, - 3409, 3397, 3405, 3410, 0, 3408, 3411, 3412, 3415, 3417, - 3397, 3401, 3403, 3397, 3400, 3404, 3420, 3403, 3411, 3402, - - 3404, 3405, 3418, 3422, 3406, 3420, 3408, 3409, 3423, 3412, - 3410, 3407, 3408, 3411, 3412, 3415, 3417, 3424, 3425, 3427, - 3418, 3428, 3429, 3420, 3430, 3431, 3431, 3434, 3435, 3418, - 3422, 3440, 3433, 3438, 3441, 3423, 3443, 0, 3436, 3442, - 3438, 3444, 3437, 3440, 3424, 3425, 3427, 3442, 3428, 3429, - 3433, 3430, 3431, 3444, 3434, 3435, 3436, 3437, 3440, 3433, - 3438, 3441, 3445, 3443, 3446, 3436, 3442, 3447, 3444, 3437, - 3448, 3450, 3451, 3454, 3461, 3462, 3445, 3455, 3458, 3446, - 3456, 3456, 3454, 3450, 3457, 3460, 3463, 3458, 3462, 3445, - 0, 3446, 0, 3447, 3447, 3464, 0, 3448, 3450, 3451, - - 3454, 3455, 3462, 3464, 3455, 3458, 3461, 3456, 3463, 3460, - 3457, 3457, 3460, 3463, 3465, 3466, 3468, 3469, 3473, 3476, - 3476, 3477, 3464, 3465, 3472, 3490, 3466, 3486, 3477, 3487, - 3473, 3491, 3492, 3493, 3495, 3469, 3497, 3468, 0, 3490, - 3497, 3465, 3466, 3468, 3469, 3473, 3476, 3472, 3477, 3486, - 3498, 3472, 3490, 3487, 3486, 3499, 3487, 3500, 3491, 3492, - 3493, 3495, 3502, 3497, 3500, 3504, 3506, 3505, 3498, 3504, - 3507, 0, 3509, 3508, 3515, 3502, 3510, 3498, 3499, 3511, - 3513, 0, 3499, 3505, 3500, 3508, 3515, 3511, 3506, 3502, - 3510, 3513, 3504, 3506, 3505, 3507, 3512, 3507, 3509, 3509, - - 3508, 3515, 3514, 3510, 3514, 3512, 3511, 3513, 3516, 3517, - 3518, 3519, 3520, 3521, 3522, 3523, 0, 3519, 3529, 3531, - 0, 3521, 3523, 3512, 3517, 3524, 3516, 3533, 3535, 3514, - 3532, 3529, 3518, 3534, 3520, 3516, 3517, 3518, 3519, 3520, - 3521, 3522, 3523, 3530, 3536, 3529, 3531, 3524, 3532, 3538, - 3530, 3539, 3524, 3537, 3533, 3535, 3538, 3532, 0, 3534, - 3534, 3537, 3540, 3541, 3542, 3543, 3542, 3544, 3545, 0, - 3530, 3536, 0, 3546, 3547, 3539, 3538, 3543, 3539, 3548, - 3537, 3545, 3550, 3551, 3540, 3541, 3549, 3553, 3546, 3540, - 3541, 3542, 3543, 3549, 3555, 3545, 3547, 3556, 3560, 3544, - - 3546, 3547, 3555, 3554, 3558, 3563, 3548, 3560, 3564, 3550, - 3551, 3566, 0, 3549, 3553, 3554, 3558, 3565, 3567, 3566, - 3568, 3555, 3573, 0, 3556, 3560, 3569, 3570, 0, 3571, - 3554, 3558, 3563, 3572, 3564, 3564, 3565, 3571, 3566, 3569, - 3575, 3570, 3579, 3583, 3565, 0, 3582, 0, 3579, 3573, - 3567, 3580, 3568, 3569, 3570, 3572, 3571, 3585, 3580, 3582, - 3572, 3586, 3588, 3587, 3585, 3589, 3583, 3575, 3593, 3579, - 3583, 3587, 3590, 3582, 3591, 3592, 3588, 3598, 3580, 3589, - 3590, 3599, 3597, 3586, 3585, 3598, 3596, 3601, 3586, 3588, - 3587, 3597, 3589, 3596, 3600, 3593, 3591, 3592, 3602, 3590, - - 3603, 3591, 3592, 3606, 3598, 3607, 3604, 3605, 3599, 3597, - 0, 3606, 3609, 3596, 3610, 3611, 3600, 3613, 3614, 3601, - 3618, 3600, 3603, 3615, 3602, 3602, 3614, 3603, 3604, 3605, - 3606, 3622, 3624, 3604, 3605, 3620, 3610, 3607, 3616, 3609, - 3613, 3610, 3611, 3615, 3613, 3614, 3616, 3617, 3619, 3620, - 3615, 3625, 3618, 3627, 3625, 3617, 3619, 3622, 3622, 3624, - 3626, 3627, 3620, 3628, 3631, 3616, 3630, 3634, 3634, 3625, - 3629, 3628, 0, 3639, 3617, 3619, 3635, 3642, 3625, 3637, - 3627, 3625, 3626, 3638, 3629, 3632, 3631, 3626, 3636, 0, - 3628, 3631, 3630, 3630, 3634, 3639, 3636, 3629, 3640, 3632, - - 3639, 3643, 3635, 3635, 3642, 3637, 3637, 3644, 3641, 3638, - 3638, 3645, 3632, 3646, 3648, 3636, 3641, 3647, 3640, 3650, - 3649, 3652, 3648, 3643, 0, 3640, 0, 3650, 3643, 3655, - 3656, 3653, 3644, 3646, 3644, 3641, 3661, 3647, 3645, 3653, - 3646, 3648, 3649, 3659, 3647, 3657, 3650, 3649, 3652, 3664, - 3665, 3655, 3656, 3657, 3658, 3668, 3655, 3656, 3653, 3662, - 3663, 3669, 3658, 3661, 3666, 3670, 0, 3662, 3663, 3659, - 3659, 3672, 3657, 3675, 3678, 3664, 3664, 3665, 3679, 0, - 0, 3658, 3668, 0, 3666, 3670, 3662, 3663, 3669, 3676, - 0, 3666, 3670, 3672, 3677, 3675, 0, 3676, 3672, 0, - - 3675, 3678, 3677, 0, 0, 3679, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 3676, 0, 0, 0, - 0, 3677, 3683, 3683, 3683, 3683, 3683, 3683, 3683, 3684, - 3684, 3684, 3684, 3684, 3684, 3684, 3685, 3685, 3685, 3685, - 3685, 3685, 3685, 3686, 3686, 3686, 3686, 3686, 3686, 3686, - 3687, 3687, 3687, 3687, 3687, 3687, 3687, 3688, 3688, 3688, - 3688, 3688, 3688, 3688, 3689, 3689, 3689, 3689, 3689, 3689, - 3689, 3691, 3691, 0, 3691, 3691, 3691, 3691, 3692, 3692, - 0, 0, 0, 3692, 3692, 3693, 3693, 0, 0, 3693, - 0, 3693, 3694, 0, 0, 0, 0, 0, 3694, 3695, - - 3695, 0, 0, 0, 3695, 3695, 3696, 0, 0, 0, - 0, 0, 3696, 3697, 3697, 0, 3697, 3697, 3697, 3697, - 3698, 0, 0, 0, 0, 0, 3698, 3699, 3699, 0, - 0, 0, 3699, 3699, 3700, 3700, 0, 3700, 3700, 3700, - 3700, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682, - - 3682, 3682, 3682, 3682, 3682, 3682, 3682, 3682 + 84, 13, 11, 45, 1192, 25, 25, 14, 12, 34, + 39, 23, 15, 23, 23, 45, 23, 178, 28, 602, + 11, 28, 23, 39, 34, 28, 12, 302, 87, 11, + 45, 16, 87, 162, 162, 12, 30, 39, 29, 177, + 56, 175, 37, 56, 30, 28, 26, 602, 37, 23, + + 24, 24, 29, 26, 24, 30, 302, 26, 100, 24, + 26, 24, 30, 30, 29, 29, 92, 100, 24, 37, + 72, 30, 26, 26, 24, 169, 169, 24, 24, 29, + 26, 24, 30, 72, 26, 100, 24, 26, 24, 62, + 92, 62, 62, 92, 62, 24, 27, 72, 31, 170, + 27, 31, 94, 27, 95, 27, 27, 198, 31, 46, + 31, 46, 46, 223, 46, 226, 27, 168, 27, 95, + 46, 31, 94, 27, 167, 31, 35, 27, 31, 94, + 27, 95, 27, 27, 35, 31, 93, 31, 36, 198, + 35, 97, 36, 27, 35, 223, 44, 226, 97, 42, + + 44, 42, 35, 35, 44, 98, 36, 165, 36, 93, + 42, 35, 163, 93, 36, 36, 42, 35, 97, 36, + 161, 35, 44, 44, 43, 42, 42, 44, 42, 98, + 351, 44, 98, 36, 43, 36, 38, 42, 43, 43, + 38, 96, 164, 42, 38, 164, 85, 43, 80, 96, + 38, 43, 70, 38, 70, 70, 101, 70, 138, 351, + 38, 43, 38, 38, 105, 43, 43, 38, 96, 105, + 73, 38, 73, 73, 101, 73, 79, 38, 79, 79, + 38, 79, 75, 101, 138, 138, 99, 38, 40, 106, + 70, 105, 40, 86, 108, 86, 86, 106, 86, 99, + + 126, 150, 40, 40, 86, 40, 89, 108, 89, 89, + 99, 89, 150, 99, 40, 40, 106, 89, 74, 40, + 126, 108, 102, 102, 107, 228, 99, 126, 150, 40, + 40, 103, 40, 41, 110, 102, 41, 103, 117, 103, + 68, 110, 107, 41, 89, 104, 104, 41, 41, 102, + 102, 117, 103, 112, 104, 41, 107, 228, 103, 109, + 41, 110, 112, 41, 103, 117, 103, 114, 109, 107, + 41, 116, 104, 104, 41, 41, 111, 111, 113, 125, + 112, 109, 115, 119, 111, 1018, 109, 113, 63, 115, + 114, 58, 111, 116, 114, 109, 118, 121, 116, 118, + + 120, 124, 125, 111, 111, 113, 125, 119, 120, 115, + 57, 111, 118, 118, 124, 119, 1018, 121, 122, 121, + 118, 128, 122, 118, 121, 123, 118, 120, 124, 127, + 123, 132, 129, 123, 119, 52, 127, 130, 122, 118, + 118, 128, 122, 127, 121, 122, 131, 134, 128, 122, + 129, 130, 123, 131, 132, 47, 127, 123, 132, 129, + 133, 1180, 135, 127, 130, 122, 18, 141, 136, 133, + 134, 135, 136, 131, 134, 137, 139, 140, 136, 141, + 142, 142, 137, 139, 145, 143, 140, 133, 146, 135, + 136, 1180, 140, 143, 141, 136, 146, 153, 145, 136, + + 140, 147, 137, 139, 140, 136, 144, 142, 153, 148, + 151, 145, 143, 140, 149, 17, 147, 144, 151, 140, + 146, 144, 154, 146, 153, 149, 148, 155, 147, 148, + 144, 154, 152, 144, 149, 148, 148, 151, 152, 156, + 157, 149, 155, 154, 144, 0, 159, 154, 144, 154, + 160, 158, 149, 148, 155, 157, 148, 0, 154, 152, + 158, 156, 0, 160, 0, 174, 156, 157, 159, 166, + 154, 166, 166, 159, 166, 179, 179, 160, 158, 171, + 180, 171, 171, 172, 171, 172, 172, 181, 172, 174, + 182, 176, 174, 176, 176, 0, 176, 183, 186, 182, + + 184, 181, 180, 185, 184, 188, 189, 180, 191, 183, + 185, 0, 187, 188, 186, 191, 190, 182, 189, 181, + 192, 172, 185, 193, 183, 186, 196, 184, 181, 197, + 185, 187, 188, 189, 194, 191, 192, 185, 190, 187, + 194, 193, 195, 190, 195, 201, 202, 192, 196, 212, + 193, 204, 203, 196, 199, 197, 197, 203, 199, 204, + 212, 202, 207, 208, 205, 206, 194, 194, 209, 195, + 208, 201, 201, 202, 210, 199, 212, 207, 204, 0, + 213, 0, 199, 211, 203, 199, 205, 206, 0, 207, + 208, 205, 206, 213, 214, 216, 209, 210, 0, 231, + + 209, 210, 199, 200, 216, 211, 214, 213, 200, 215, + 211, 217, 215, 200, 0, 218, 0, 222, 221, 200, + 200, 214, 216, 209, 215, 221, 200, 220, 222, 224, + 200, 231, 225, 217, 227, 200, 215, 218, 217, 215, + 200, 227, 218, 225, 222, 221, 200, 200, 219, 220, + 232, 219, 229, 219, 220, 224, 224, 0, 234, 235, + 0, 227, 230, 236, 225, 219, 229, 219, 230, 238, + 225, 237, 232, 239, 219, 219, 237, 232, 219, 0, + 219, 240, 235, 0, 229, 242, 235, 239, 244, 230, + 234, 244, 219, 229, 219, 236, 237, 241, 237, 245, + + 239, 238, 240, 237, 241, 243, 242, 246, 240, 247, + 248, 249, 242, 251, 243, 244, 250, 252, 245, 243, + 251, 246, 252, 249, 241, 253, 245, 250, 248, 257, + 254, 247, 243, 255, 246, 260, 247, 248, 249, 254, + 251, 243, 259, 250, 261, 256, 262, 253, 0, 252, + 256, 261, 253, 258, 258, 264, 255, 254, 259, 263, + 255, 257, 258, 264, 266, 265, 267, 260, 262, 259, + 268, 261, 256, 262, 269, 270, 271, 273, 268, 0, + 258, 258, 264, 272, 263, 265, 263, 275, 274, 271, + 270, 276, 265, 0, 0, 277, 266, 268, 267, 277, + + 279, 278, 270, 271, 273, 280, 269, 281, 276, 272, + 272, 274, 0, 280, 282, 279, 276, 283, 276, 275, + 274, 282, 277, 278, 285, 284, 281, 279, 278, 284, + 286, 287, 280, 288, 281, 276, 290, 289, 274, 283, + 292, 282, 291, 294, 283, 295, 285, 293, 297, 298, + 297, 285, 284, 292, 291, 288, 293, 296, 295, 289, + 288, 294, 286, 287, 289, 299, 300, 292, 290, 291, + 294, 301, 295, 303, 293, 297, 296, 304, 0, 305, + 312, 298, 303, 306, 296, 307, 309, 0, 312, 299, + 308, 300, 299, 300, 306, 314, 0, 301, 301, 307, + + 303, 310, 311, 304, 304, 305, 305, 312, 315, 309, + 306, 307, 307, 309, 308, 316, 317, 308, 318, 310, + 311, 315, 319, 322, 323, 320, 307, 314, 310, 311, + 324, 321, 326, 325, 0, 315, 328, 324, 326, 319, + 327, 317, 325, 317, 329, 319, 331, 316, 323, 319, + 318, 320, 320, 321, 327, 322, 323, 324, 321, 326, + 325, 330, 328, 328, 332, 333, 319, 327, 329, 331, + 330, 329, 332, 331, 333, 323, 334, 335, 338, 337, + 340, 336, 0, 0, 0, 339, 335, 343, 330, 346, + 353, 332, 333, 342, 337, 340, 343, 344, 336, 0, + + 0, 347, 334, 334, 335, 336, 337, 340, 336, 339, + 338, 342, 339, 346, 343, 347, 346, 353, 348, 344, + 342, 349, 349, 352, 344, 336, 341, 350, 347, 341, + 355, 356, 350, 348, 341, 341, 341, 341, 0, 371, + 0, 0, 355, 356, 341, 348, 349, 352, 349, 349, + 352, 0, 376, 341, 0, 0, 341, 355, 356, 350, + 358, 341, 341, 341, 341, 345, 354, 345, 359, 354, + 360, 371, 357, 357, 0, 362, 354, 363, 358, 345, + 345, 345, 357, 345, 376, 0, 359, 358, 381, 345, + 361, 369, 345, 354, 345, 359, 354, 360, 369, 357, + + 357, 362, 362, 363, 363, 366, 345, 345, 345, 364, + 345, 364, 361, 365, 367, 368, 370, 361, 369, 372, + 381, 372, 375, 368, 374, 365, 385, 366, 370, 367, + 372, 374, 366, 377, 0, 384, 364, 372, 383, 386, + 365, 367, 368, 370, 375, 372, 372, 378, 372, 375, + 380, 374, 379, 378, 379, 377, 383, 372, 385, 408, + 377, 384, 384, 380, 372, 383, 386, 0, 387, 378, + 382, 390, 421, 392, 378, 391, 379, 380, 390, 379, + 378, 379, 411, 382, 393, 392, 382, 0, 382, 411, + 387, 408, 394, 391, 382, 387, 393, 382, 390, 391, + + 392, 0, 391, 0, 421, 394, 0, 396, 397, 411, + 382, 393, 400, 382, 399, 382, 388, 401, 388, 394, + 391, 397, 401, 396, 388, 402, 399, 463, 388, 404, + 400, 396, 402, 388, 396, 397, 388, 404, 403, 400, + 407, 399, 388, 388, 403, 388, 402, 0, 407, 401, + 396, 388, 402, 406, 463, 388, 404, 0, 405, 402, + 388, 410, 410, 388, 389, 403, 389, 407, 409, 0, + 405, 406, 413, 488, 412, 418, 414, 409, 488, 389, + 406, 413, 389, 797, 389, 405, 389, 412, 410, 415, + 389, 389, 416, 389, 414, 409, 415, 418, 414, 416, + + 488, 412, 418, 414, 413, 417, 389, 419, 413, 389, + 420, 389, 797, 389, 398, 398, 415, 417, 422, 416, + 424, 414, 420, 423, 398, 398, 398, 398, 398, 419, + 423, 398, 417, 425, 419, 424, 426, 420, 427, 398, + 427, 398, 398, 0, 422, 422, 425, 424, 428, 429, + 423, 398, 398, 398, 398, 398, 430, 430, 398, 428, + 425, 433, 431, 432, 437, 427, 434, 435, 426, 431, + 432, 429, 433, 436, 439, 428, 429, 434, 438, 438, + 435, 0, 441, 0, 440, 430, 437, 442, 433, 431, + 432, 437, 443, 434, 435, 442, 438, 439, 436, 440, + + 436, 439, 444, 438, 443, 438, 438, 440, 441, 441, + 451, 440, 445, 444, 442, 446, 449, 450, 452, 443, + 462, 445, 453, 438, 447, 447, 440, 454, 446, 444, + 457, 458, 451, 456, 462, 450, 447, 451, 447, 445, + 453, 452, 446, 447, 450, 452, 459, 462, 449, 453, + 455, 447, 447, 457, 456, 458, 455, 457, 458, 454, + 456, 0, 460, 447, 461, 447, 448, 465, 459, 460, + 464, 467, 466, 459, 448, 448, 0, 455, 448, 448, + 0, 465, 448, 469, 468, 0, 0, 0, 448, 460, + 461, 461, 464, 448, 465, 469, 471, 464, 466, 466, + + 472, 448, 448, 467, 473, 448, 448, 468, 470, 448, + 469, 468, 473, 474, 470, 480, 476, 475, 471, 477, + 479, 478, 472, 471, 475, 476, 479, 472, 474, 481, + 473, 473, 482, 0, 477, 470, 484, 480, 483, 473, + 474, 487, 480, 476, 475, 478, 477, 479, 478, 485, + 490, 481, 486, 483, 491, 482, 481, 0, 486, 482, + 493, 0, 484, 484, 494, 483, 493, 487, 487, 495, + 496, 485, 497, 498, 500, 495, 485, 499, 497, 486, + 491, 491, 490, 494, 499, 505, 507, 493, 496, 500, + 509, 494, 508, 503, 506, 498, 495, 496, 511, 497, + + 498, 500, 503, 502, 499, 502, 504, 506, 517, 510, + 508, 511, 502, 504, 513, 0, 514, 505, 507, 508, + 503, 506, 509, 512, 519, 511, 512, 515, 516, 514, + 502, 510, 502, 504, 520, 0, 510, 518, 513, 515, + 517, 513, 512, 514, 518, 521, 516, 522, 519, 527, + 512, 519, 525, 512, 515, 516, 523, 520, 521, 524, + 526, 523, 530, 529, 518, 524, 520, 532, 528, 522, + 526, 527, 521, 530, 522, 525, 527, 0, 538, 525, + 528, 532, 572, 523, 520, 529, 524, 526, 531, 530, + 529, 535, 537, 536, 532, 528, 531, 0, 535, 536, + + 539, 538, 0, 540, 537, 538, 541, 0, 539, 542, + 0, 555, 544, 555, 572, 531, 533, 541, 535, 537, + 536, 533, 543, 533, 544, 540, 543, 539, 0, 533, + 540, 533, 542, 541, 533, 533, 542, 545, 555, 544, + 550, 533, 533, 533, 543, 551, 0, 547, 533, 543, + 533, 550, 546, 543, 549, 546, 533, 545, 533, 545, + 548, 533, 533, 546, 545, 547, 549, 550, 533, 551, + 548, 552, 551, 553, 547, 552, 554, 0, 556, 546, + 553, 549, 546, 557, 545, 560, 558, 559, 561, 562, + 564, 0, 548, 577, 562, 557, 561, 548, 552, 559, + + 553, 558, 554, 554, 556, 556, 563, 566, 564, 567, + 557, 560, 560, 558, 559, 561, 562, 564, 565, 566, + 569, 570, 573, 571, 575, 577, 565, 574, 563, 576, + 567, 578, 575, 563, 566, 582, 567, 573, 569, 574, + 580, 581, 576, 578, 570, 565, 571, 569, 570, 573, + 571, 575, 579, 584, 574, 581, 576, 585, 578, 586, + 582, 579, 582, 580, 588, 591, 583, 580, 581, 583, + 587, 589, 584, 590, 592, 597, 598, 594, 593, 579, + 584, 598, 595, 603, 585, 587, 597, 592, 590, 591, + 593, 586, 591, 583, 600, 601, 588, 587, 606, 594, + + 590, 592, 597, 589, 594, 593, 595, 596, 598, 595, + 599, 604, 605, 607, 596, 603, 610, 596, 607, 608, + 609, 600, 601, 614, 599, 596, 609, 611, 608, 615, + 606, 610, 613, 612, 596, 616, 620, 599, 604, 605, + 613, 596, 614, 610, 596, 607, 608, 609, 617, 619, + 614, 611, 617, 615, 611, 612, 615, 616, 618, 613, + 612, 622, 616, 621, 623, 624, 618, 625, 620, 626, + 621, 627, 619, 623, 630, 617, 619, 0, 629, 633, + 625, 634, 630, 627, 622, 618, 631, 624, 622, 0, + 621, 623, 624, 628, 625, 626, 626, 631, 627, 628, + + 629, 630, 632, 634, 635, 629, 638, 0, 634, 632, + 636, 633, 637, 631, 639, 636, 640, 635, 636, 636, + 628, 637, 641, 639, 644, 642, 646, 640, 0, 632, + 648, 635, 638, 638, 636, 643, 644, 636, 647, 637, + 651, 639, 636, 640, 641, 636, 636, 642, 643, 641, + 649, 644, 642, 650, 648, 653, 647, 648, 646, 652, + 654, 658, 643, 655, 651, 647, 653, 651, 658, 654, + 656, 657, 649, 649, 659, 650, 660, 649, 664, 668, + 650, 652, 653, 655, 656, 662, 652, 654, 658, 663, + 655, 664, 661, 657, 660, 663, 666, 656, 657, 649, + + 661, 659, 665, 660, 669, 664, 667, 662, 670, 671, + 671, 668, 662, 665, 666, 672, 663, 673, 674, 661, + 680, 667, 0, 666, 676, 669, 672, 675, 678, 665, + 677, 669, 670, 667, 681, 670, 675, 676, 671, 679, + 674, 673, 672, 677, 673, 674, 682, 679, 683, 685, + 678, 676, 680, 686, 675, 678, 681, 677, 684, 688, + 684, 681, 687, 689, 686, 691, 679, 687, 700, 690, + 0, 685, 683, 688, 692, 683, 685, 689, 682, 696, + 686, 693, 692, 690, 690, 684, 688, 694, 695, 701, + 689, 690, 697, 698, 687, 695, 690, 691, 703, 693, + + 700, 692, 699, 703, 701, 696, 696, 704, 693, 694, + 690, 690, 697, 698, 694, 695, 701, 699, 702, 697, + 698, 705, 706, 705, 707, 708, 699, 710, 702, 699, + 703, 709, 707, 704, 704, 0, 710, 709, 715, 714, + 702, 716, 717, 0, 699, 702, 714, 706, 705, 706, + 708, 707, 708, 711, 710, 702, 712, 0, 709, 713, + 717, 718, 711, 719, 716, 712, 714, 713, 716, 717, + 715, 721, 720, 718, 724, 719, 722, 723, 727, 721, + 711, 720, 726, 712, 725, 722, 713, 731, 718, 723, + 719, 725, 0, 727, 728, 726, 0, 0, 721, 720, + + 722, 729, 728, 722, 723, 727, 724, 729, 730, 726, + 731, 725, 722, 732, 731, 733, 730, 736, 734, 738, + 739, 728, 732, 735, 735, 736, 733, 734, 729, 737, + 0, 740, 735, 739, 0, 730, 741, 737, 744, 742, + 732, 738, 733, 0, 736, 734, 738, 739, 746, 745, + 735, 735, 742, 743, 744, 749, 737, 740, 740, 741, + 747, 743, 745, 741, 748, 744, 742, 751, 750, 749, + 746, 747, 748, 752, 753, 746, 745, 753, 0, 758, + 743, 754, 749, 755, 757, 759, 762, 747, 750, 751, + 756, 748, 761, 752, 751, 750, 760, 758, 759, 756, + + 752, 753, 763, 754, 757, 755, 758, 761, 754, 764, + 755, 757, 759, 766, 760, 765, 767, 756, 762, 761, + 768, 769, 770, 760, 763, 771, 766, 772, 774, 763, + 779, 771, 768, 764, 767, 770, 764, 775, 765, 776, + 766, 0, 765, 767, 781, 769, 782, 768, 769, 770, + 773, 781, 771, 778, 772, 774, 786, 776, 773, 775, + 780, 778, 779, 783, 775, 784, 776, 784, 780, 782, + 785, 781, 787, 782, 788, 789, 773, 773, 783, 785, + 778, 790, 791, 790, 789, 773, 815, 780, 786, 791, + 783, 787, 784, 0, 788, 794, 798, 785, 801, 787, + + 0, 788, 789, 0, 807, 802, 798, 794, 790, 791, + 792, 806, 805, 792, 804, 807, 801, 792, 815, 804, + 792, 839, 794, 798, 809, 801, 802, 792, 792, 806, + 792, 807, 802, 805, 810, 792, 808, 792, 806, 805, + 792, 804, 811, 812, 792, 818, 814, 792, 839, 813, + 809, 809, 812, 814, 792, 792, 0, 792, 811, 808, + 810, 810, 813, 808, 817, 820, 821, 818, 854, 811, + 812, 817, 818, 814, 820, 819, 813, 816, 816, 822, + 816, 819, 822, 816, 0, 823, 0, 824, 816, 821, + 825, 817, 820, 821, 816, 816, 826, 816, 825, 827, + + 854, 823, 819, 816, 816, 816, 822, 816, 823, 824, + 816, 827, 823, 829, 824, 816, 831, 825, 826, 832, + 833, 816, 816, 826, 816, 828, 827, 828, 823, 830, + 835, 834, 833, 836, 830, 837, 831, 829, 0, 840, + 829, 838, 0, 831, 844, 832, 832, 833, 0, 843, + 841, 844, 828, 834, 846, 836, 835, 835, 834, 837, + 836, 830, 837, 838, 840, 841, 840, 842, 838, 847, + 845, 844, 843, 846, 848, 842, 843, 841, 845, 849, + 851, 846, 850, 852, 856, 853, 848, 860, 857, 851, + 853, 855, 849, 857, 842, 847, 847, 845, 852, 859, + + 865, 848, 864, 866, 867, 861, 849, 851, 850, 850, + 852, 856, 853, 855, 861, 862, 868, 863, 855, 860, + 857, 859, 865, 862, 863, 870, 859, 865, 867, 869, + 871, 867, 861, 875, 864, 866, 872, 868, 874, 873, + 879, 876, 862, 868, 863, 872, 880, 874, 869, 877, + 878, 879, 870, 881, 880, 875, 869, 871, 873, 878, + 875, 882, 883, 872, 876, 874, 873, 879, 876, 877, + 884, 885, 889, 880, 886, 890, 877, 878, 887, 882, + 881, 883, 891, 886, 892, 891, 887, 896, 882, 883, + 889, 894, 893, 890, 895, 898, 897, 884, 897, 889, + + 896, 886, 890, 885, 901, 887, 892, 902, 0, 891, + 893, 892, 899, 898, 896, 894, 895, 901, 894, 893, + 900, 895, 898, 897, 903, 900, 899, 904, 905, 906, + 911, 901, 906, 902, 902, 904, 903, 908, 907, 899, + 913, 910, 912, 914, 0, 908, 905, 907, 912, 914, + 0, 903, 900, 915, 904, 905, 906, 911, 918, 920, + 925, 908, 913, 918, 908, 907, 910, 913, 910, 912, + 914, 916, 908, 922, 917, 915, 919, 920, 916, 924, + 915, 917, 923, 919, 921, 918, 920, 924, 921, 926, + 927, 923, 925, 928, 929, 930, 922, 931, 916, 933, + + 922, 917, 929, 919, 928, 927, 924, 926, 930, 923, + 932, 921, 933, 934, 935, 936, 926, 927, 931, 0, + 928, 929, 930, 936, 931, 937, 933, 938, 940, 932, + 946, 939, 937, 947, 942, 934, 941, 932, 939, 942, + 934, 935, 936, 941, 944, 938, 945, 940, 943, 949, + 952, 944, 937, 945, 938, 940, 943, 948, 939, 950, + 951, 942, 946, 941, 953, 947, 954, 951, 955, 0, + 948, 944, 950, 945, 958, 943, 955, 956, 957, 960, + 958, 949, 952, 959, 948, 956, 950, 951, 961, 954, + 962, 965, 956, 954, 963, 955, 953, 967, 968, 964, + + 957, 958, 0, 963, 956, 957, 969, 968, 966, 959, + 959, 960, 956, 964, 962, 966, 970, 962, 972, 973, + 961, 963, 971, 965, 967, 968, 964, 971, 969, 970, + 972, 970, 975, 969, 974, 966, 981, 975, 977, 981, + 970, 976, 973, 970, 978, 972, 973, 979, 976, 982, + 977, 988, 0, 984, 971, 979, 970, 985, 970, 975, + 974, 974, 982, 981, 985, 977, 978, 984, 976, 986, + 1015, 978, 0, 988, 979, 986, 982, 990, 988, 991, + 984, 989, 992, 0, 985, 993, 0, 993, 999, 995, + 994, 991, 997, 999, 0, 0, 986, 987, 996, 987, + + 990, 995, 1015, 987, 990, 987, 991, 989, 989, 992, + 987, 996, 993, 994, 997, 987, 995, 994, 998, 997, + 999, 987, 1000, 1001, 987, 996, 987, 1003, 0, 1002, + 987, 998, 987, 1004, 1007, 1006, 1001, 987, 1005, 1003, + 1000, 1002, 987, 1004, 1008, 998, 1010, 1007, 1011, 1000, + 1001, 1013, 1002, 1005, 1003, 1004, 1002, 1006, 1009, 1010, + 1004, 1007, 1006, 1016, 1009, 1005, 1011, 1012, 1002, 1014, + 1004, 1008, 1013, 1010, 1017, 1011, 1019, 1020, 1013, 1021, + 1025, 0, 1020, 1022, 0, 1009, 1026, 1021, 1024, 1012, + 1027, 1014, 1022, 1028, 1012, 1016, 1014, 0, 1032, 1026, + + 1029, 1017, 1025, 1024, 1020, 1027, 1021, 1025, 1019, 1032, + 1022, 1023, 1030, 1026, 1037, 1024, 1023, 1027, 1023, 1028, + 1028, 1031, 1029, 0, 1023, 1032, 1040, 1029, 1033, 1023, + 1023, 1030, 1034, 1036, 1031, 1040, 1023, 1023, 1023, 1030, + 1034, 1033, 1035, 1023, 1036, 1023, 1037, 1039, 1031, 1038, + 1035, 1023, 1042, 1040, 1041, 1033, 1023, 1023, 1043, 1034, + 1036, 1042, 1039, 1023, 1044, 1041, 1045, 1043, 1046, 1035, + 1048, 1038, 1049, 1052, 1039, 1046, 1038, 0, 1050, 1042, + 1053, 1041, 1051, 1057, 1054, 1043, 1050, 1052, 1060, 1045, + 1055, 1044, 1059, 1045, 0, 1046, 1049, 1058, 1055, 1049, + + 1052, 1057, 1048, 1059, 1051, 1050, 1054, 1061, 1062, 1051, + 1057, 1054, 1053, 1065, 1063, 1058, 1062, 1055, 1067, 1059, + 1060, 1064, 1066, 0, 1058, 1061, 1065, 1074, 1064, 1066, + 1070, 1072, 1068, 1067, 1061, 1062, 1063, 1069, 1074, 1077, + 1065, 1063, 1071, 1076, 1080, 1067, 1077, 0, 1064, 1066, + 1068, 1070, 1071, 1079, 1074, 1069, 1076, 1070, 1078, 1068, + 1078, 1082, 1083, 1072, 1069, 1081, 1077, 1084, 1085, 1071, + 1076, 1083, 0, 1081, 1082, 1079, 1080, 1086, 1089, 1084, + 1079, 1090, 1093, 1091, 1094, 1078, 1092, 0, 1082, 1083, + 1085, 1095, 1081, 1100, 1084, 1085, 0, 1097, 1100, 1086, + + 1089, 1091, 1104, 1090, 1086, 1089, 1099, 1096, 1090, 1095, + 1091, 1097, 1092, 1092, 1093, 1103, 1094, 1099, 1095, 1096, + 1102, 1106, 1105, 1102, 1097, 1100, 1104, 1103, 1106, 1104, + 1107, 1108, 1110, 1099, 1096, 1105, 1111, 1109, 1112, 1113, + 1108, 1107, 1103, 1114, 1110, 1112, 1102, 1102, 1106, 1105, + 1102, 1109, 1115, 1116, 1119, 1114, 1118, 1107, 1108, 1110, + 0, 1120, 1121, 1122, 1109, 1112, 1116, 1120, 1111, 1124, + 1114, 1113, 1125, 1126, 1115, 1123, 1127, 1129, 1119, 1115, + 1116, 1119, 1118, 1118, 1121, 1122, 1123, 1124, 1120, 1121, + 1122, 1127, 1131, 1133, 1125, 1126, 1124, 1130, 1129, 1125, + + 1126, 1132, 1123, 1127, 1129, 1134, 1136, 1132, 1130, 1135, + 1137, 0, 1138, 1131, 1139, 1136, 1142, 1143, 1140, 1131, + 1144, 1145, 1141, 1139, 1130, 1133, 1140, 1135, 1132, 1141, + 1146, 1143, 1134, 1136, 1137, 1149, 1135, 1137, 1138, 1138, + 1142, 1139, 1147, 1142, 1143, 1140, 1148, 1151, 1150, 1141, + 1153, 1154, 1144, 1145, 1155, 1156, 1158, 0, 1157, 0, + 1154, 1155, 1146, 0, 1147, 1171, 1159, 1149, 1148, 1147, + 1150, 1160, 1153, 1148, 1161, 1150, 1164, 1153, 1154, 1151, + 1157, 1155, 1162, 1158, 1159, 1157, 1163, 1156, 1165, 1160, + 1166, 1162, 1167, 1159, 1163, 1168, 1161, 1171, 1160, 1170, + + 1164, 1161, 1172, 1164, 1168, 1169, 1166, 1170, 1174, 1162, + 1175, 1173, 1165, 1163, 1167, 1165, 1176, 1166, 1177, 1167, + 1169, 1178, 1168, 1173, 1176, 1184, 1170, 1184, 1182, 1187, + 1174, 1177, 1169, 1179, 1172, 1174, 1178, 1175, 1173, 1183, + 1181, 1197, 1179, 1176, 1188, 1177, 1182, 1183, 1178, 1181, + 1186, 1189, 1184, 1190, 1191, 1182, 1187, 1193, 1186, 1197, + 1179, 1191, 1194, 1188, 1195, 1196, 1183, 1181, 1197, 1199, + 1193, 1188, 1201, 1189, 1194, 1190, 1198, 1186, 1189, 1195, + 1190, 1191, 1202, 1200, 1193, 1204, 1203, 1196, 1198, 1194, + 1200, 1195, 1196, 1205, 1206, 1207, 1199, 1203, 1208, 0, + + 0, 1209, 1212, 1198, 1201, 1210, 1217, 1204, 1207, 0, + 1200, 1208, 1204, 1203, 1202, 1213, 1206, 1210, 1205, 1211, + 1205, 1206, 1207, 1209, 1214, 1208, 1212, 1211, 1209, 1212, + 1215, 1218, 1210, 1217, 1219, 1213, 1214, 1220, 1215, 1221, + 1222, 1223, 1213, 1219, 1218, 1228, 1211, 1222, 1225, 1220, + 1223, 1214, 1223, 0, 1226, 1223, 1227, 1215, 1218, 1239, + 1221, 1219, 1232, 1223, 1220, 1229, 1221, 1222, 1223, 1231, + 1232, 1225, 1228, 1230, 0, 1225, 1234, 1223, 1227, 1223, + 1226, 1226, 1223, 1227, 1236, 1229, 1230, 1237, 1233, 1232, + 1238, 1239, 1229, 1231, 1234, 1237, 1231, 1233, 1240, 1241, + + 1230, 1243, 1242, 1234, 1245, 1238, 1236, 0, 1246, 1243, + 1247, 1236, 1241, 1250, 1237, 1233, 1248, 1238, 1242, 1249, + 1240, 1251, 1252, 1248, 0, 1240, 1241, 1265, 1243, 1242, + 1246, 1245, 1247, 1253, 1252, 1246, 1250, 1247, 1255, 1251, + 1250, 1249, 1254, 1248, 1256, 1253, 1249, 1255, 1251, 1252, + 1254, 1258, 1257, 1259, 1262, 1261, 1256, 1260, 1263, 1265, + 1253, 1259, 1255, 1260, 1261, 1255, 1258, 1264, 0, 1254, + 1263, 1256, 1257, 1268, 1255, 1262, 0, 1269, 1258, 1257, + 1259, 1262, 1261, 1264, 1260, 1263, 1266, 1271, 1267, 1269, + 1270, 1268, 0, 1266, 1264, 1267, 1274, 1272, 1270, 1273, + + 1268, 1273, 1271, 1275, 1269, 1272, 1278, 1279, 1274, 1276, + 1281, 0, 1280, 1266, 1271, 1267, 1276, 1270, 1284, 1279, + 1282, 1283, 1287, 1274, 1272, 1280, 1273, 1282, 1285, 1281, + 1287, 1288, 1283, 1290, 1279, 1275, 1276, 1281, 1278, 1280, + 1284, 1286, 1289, 1285, 1288, 1284, 1286, 1282, 1283, 1287, + 1292, 1294, 1293, 1296, 0, 1285, 1289, 1298, 1288, 1290, + 1290, 1295, 0, 1299, 1292, 0, 1297, 0, 0, 1289, + 1293, 1301, 1300, 1286, 1291, 1296, 1303, 1292, 1291, 1293, + 1296, 1291, 1291, 1294, 1297, 1299, 1291, 1295, 1295, 1298, + 1299, 0, 1291, 1297, 1300, 1307, 1291, 1301, 1301, 1300, + + 1291, 1291, 1303, 1303, 1302, 1291, 1306, 1310, 1291, 1291, + 1302, 1305, 1304, 1291, 1304, 1306, 1308, 0, 1305, 1291, + 1309, 0, 1311, 1291, 1312, 1310, 1314, 1307, 1315, 1311, + 1313, 1302, 1318, 1306, 1310, 1314, 1304, 1316, 1305, 1304, + 1317, 1304, 1319, 1313, 1309, 0, 1312, 1309, 1308, 1311, + 0, 1312, 1320, 1314, 1318, 1322, 0, 1313, 1316, 1318, + 1315, 1323, 0, 1328, 1316, 1319, 1320, 1324, 1326, 1319, + 1325, 1325, 1317, 1335, 1323, 0, 1330, 1322, 1335, 1320, + 1321, 0, 1322, 1330, 1326, 1321, 1328, 1321, 1323, 1321, + 1328, 1321, 1329, 1324, 1324, 1326, 1331, 1332, 1321, 1325, + + 1335, 1333, 1334, 1330, 1329, 1331, 1333, 1321, 1336, 1337, + 1338, 1342, 1321, 1339, 1321, 1332, 1321, 1340, 1321, 1329, + 1334, 1339, 1337, 1331, 1332, 1340, 1341, 1344, 1338, 1334, + 1336, 1343, 1345, 1333, 1346, 1336, 1337, 1338, 1347, 1341, + 1339, 1351, 1344, 1342, 1340, 1349, 1350, 1346, 1353, 1348, + 1351, 1345, 1354, 1341, 1344, 1356, 0, 1343, 1343, 1345, + 1347, 1346, 1348, 1349, 1357, 1347, 1350, 1352, 1351, 1352, + 1353, 1355, 1349, 1350, 1358, 1353, 1348, 1362, 1360, 1354, + 1364, 1361, 1356, 1355, 1366, 1362, 1357, 1367, 1363, 1365, + 1368, 1357, 0, 0, 1352, 1372, 1365, 1377, 1355, 1358, + + 1374, 1358, 1360, 1361, 1362, 1360, 1363, 1364, 1361, 1375, + 1374, 1366, 1368, 1367, 1367, 1363, 1365, 1368, 1369, 1370, + 1371, 1373, 1372, 1376, 1369, 1370, 1371, 1374, 1373, 1377, + 1376, 1378, 1380, 1375, 1379, 1381, 1375, 1384, 1386, 1383, + 1385, 0, 1387, 0, 1381, 1369, 1370, 1371, 1373, 1384, + 1376, 1388, 1379, 1378, 1385, 1387, 1389, 1380, 1378, 1380, + 1386, 1379, 1381, 1383, 1384, 1386, 1383, 1385, 1390, 1387, + 1391, 1392, 0, 1388, 1393, 1389, 1395, 1394, 1388, 1400, + 1401, 1396, 1398, 1389, 1404, 1395, 1397, 0, 1402, 0, + 1390, 1407, 1403, 1392, 1391, 1390, 1398, 1391, 1392, 1394, + + 1393, 1393, 1396, 1395, 1394, 1405, 1397, 1407, 1396, 1398, + 1402, 1400, 1401, 1397, 1403, 1402, 1404, 1406, 1407, 1403, + 1408, 1409, 1412, 1405, 1411, 1406, 1413, 1414, 1409, 1415, + 1416, 1412, 1405, 1417, 1416, 1418, 1415, 1419, 1422, 1414, + 0, 0, 1435, 1413, 1406, 1420, 1411, 1408, 1409, 1412, + 1429, 1411, 1424, 1413, 1414, 1425, 1415, 1416, 1419, 1424, + 1423, 1420, 1425, 1426, 1419, 1417, 1423, 1418, 1427, 1435, + 1422, 1428, 1420, 1423, 1433, 0, 1429, 1429, 1426, 1424, + 1428, 1427, 1425, 1431, 1430, 1431, 1437, 1423, 1432, 0, + 1426, 1430, 0, 1423, 1434, 1427, 1433, 1432, 1428, 1439, + + 1436, 1433, 1442, 1434, 1436, 1443, 1444, 1439, 1437, 1440, + 1431, 1430, 0, 1437, 1440, 1432, 1441, 1448, 1445, 1444, + 1442, 1434, 1449, 1450, 1443, 1441, 1439, 1436, 1446, 1442, + 1445, 1446, 1443, 1444, 1447, 1448, 1450, 1447, 1452, 1453, + 1446, 1440, 0, 1441, 1448, 1445, 1456, 1449, 1455, 1449, + 1450, 1454, 1459, 1455, 1456, 1446, 1447, 0, 1446, 1457, + 1457, 1447, 1453, 1458, 1447, 1460, 1453, 1454, 1462, 1461, + 1452, 1464, 1458, 1456, 1459, 1463, 1465, 1462, 1454, 1459, + 1455, 1467, 1463, 1465, 1470, 1474, 1457, 1460, 1468, 1471, + 1458, 1461, 1460, 1464, 1467, 1462, 1461, 1468, 1464, 1473, + + 1469, 0, 1463, 1465, 1472, 1475, 1478, 1473, 1467, 1469, + 1470, 1470, 1471, 1472, 1476, 1468, 1471, 1474, 1479, 1478, + 1475, 1477, 1480, 1483, 1482, 1476, 1473, 1469, 1481, 1477, + 1479, 1472, 1475, 1478, 1480, 1484, 1481, 1489, 1485, 1486, + 1488, 1476, 1490, 1483, 1493, 1479, 1482, 1485, 1477, 1480, + 1483, 1482, 1486, 1487, 1490, 1481, 1491, 1484, 1488, 1487, + 1494, 1492, 1484, 1489, 1489, 1485, 1486, 1488, 1492, 1490, + 1493, 1493, 1495, 1496, 1491, 1497, 1498, 1503, 1499, 1500, + 1487, 1501, 1504, 1491, 1505, 1502, 1496, 1501, 1492, 0, + 1500, 1506, 1494, 0, 1507, 1509, 1510, 0, 0, 1499, + + 1496, 1497, 1497, 1498, 1495, 1499, 1500, 1502, 1501, 1503, + 1511, 1513, 1502, 1507, 1504, 1507, 1505, 1506, 1506, 1510, + 1507, 1507, 1509, 1510, 1512, 1516, 1513, 1515, 1511, 1517, + 1514, 1519, 0, 1512, 1518, 1521, 0, 1511, 1513, 1515, + 1507, 1518, 1507, 1514, 1520, 1516, 1525, 1534, 1521, 1526, + 1519, 1512, 1516, 1525, 1515, 1517, 1517, 1514, 1519, 1522, + 1523, 1518, 1521, 1524, 1527, 1523, 1520, 1522, 1524, 1528, + 1529, 1520, 1527, 1525, 1531, 1526, 1526, 1528, 1530, 1534, + 1532, 1533, 1531, 1540, 1535, 1536, 1522, 1532, 1529, 0, + 1533, 1527, 1523, 1542, 1536, 1524, 1528, 1529, 1538, 1543, + + 1530, 1531, 1537, 1539, 1539, 1530, 1535, 1532, 1533, 1537, + 1538, 1535, 1536, 1541, 1542, 1540, 1544, 1545, 1546, 1547, + 1542, 1541, 0, 0, 1544, 1538, 1546, 1547, 1548, 1537, + 1539, 1543, 1551, 1549, 1550, 1545, 1548, 1552, 1551, 1553, + 1541, 1549, 1555, 1544, 1545, 1546, 1547, 1550, 1554, 1552, + 1555, 1558, 1557, 1559, 1556, 1548, 1562, 0, 0, 1551, + 1549, 1550, 1556, 1560, 1552, 1553, 1553, 1557, 1561, 1555, + 1562, 1564, 1554, 1565, 1563, 1554, 0, 1569, 1558, 1557, + 1559, 1556, 1570, 1562, 1568, 1560, 1563, 1565, 1566, 1564, + 1560, 1561, 1566, 1568, 1570, 1561, 1571, 1572, 1564, 1569, + + 1565, 1563, 1573, 1571, 1569, 1566, 1574, 1575, 1572, 1570, + 1576, 1568, 1578, 1566, 1579, 1566, 1577, 0, 1586, 1566, + 1582, 0, 1576, 1571, 1572, 1580, 1581, 1582, 1574, 1573, + 1577, 1583, 1566, 1574, 1587, 1585, 1579, 1576, 1584, 1575, + 1583, 1579, 1585, 1577, 1578, 1589, 1591, 1582, 1580, 1581, + 1586, 1595, 1580, 1581, 1589, 1593, 1584, 1592, 1583, 1594, + 1596, 1587, 1585, 1592, 1598, 1584, 1600, 1596, 1601, 1602, + 1603, 0, 1589, 1607, 1606, 0, 1609, 1593, 1591, 1607, + 1602, 1603, 1593, 1595, 1592, 1594, 1594, 1596, 1604, 1617, + 1600, 1598, 1611, 1600, 1609, 1601, 1602, 1603, 1606, 1604, + + 1607, 1606, 1608, 1609, 1610, 1612, 1613, 1616, 1614, 1608, + 1619, 1610, 1613, 1618, 1615, 1604, 1614, 1612, 1611, 1611, + 1616, 1617, 1622, 0, 1622, 1624, 0, 1629, 1619, 1608, + 1621, 1610, 1612, 1613, 1616, 1614, 1615, 1619, 1620, 1618, + 1618, 1615, 1621, 1623, 1626, 1625, 1627, 1620, 1628, 1622, + 1623, 1624, 1624, 1626, 1629, 1630, 1631, 1621, 1625, 1632, + 1628, 1633, 1640, 1631, 1635, 1620, 1633, 1636, 1627, 1634, + 1623, 1626, 1625, 1627, 0, 1628, 1637, 1634, 1630, 1638, + 1635, 1641, 1630, 1631, 1637, 1632, 1632, 1643, 1633, 1640, + 1636, 1635, 0, 1642, 1636, 1645, 1634, 0, 1646, 1644, + + 1648, 1638, 1651, 1637, 1645, 1641, 1638, 1642, 1641, 1643, + 1644, 1646, 1650, 1648, 1643, 1647, 1647, 1649, 1652, 1649, + 1642, 1655, 1645, 1647, 1653, 1646, 1644, 1648, 1651, 1651, + 1650, 1653, 1656, 1657, 1654, 1661, 1660, 1659, 1663, 1650, + 1652, 1654, 1647, 1647, 1649, 1652, 1658, 1662, 1655, 1664, + 1656, 1653, 1666, 1658, 1662, 1657, 1667, 1669, 1660, 1656, + 1657, 1654, 1659, 1660, 1659, 1666, 1671, 1661, 1673, 1668, + 1663, 1664, 1672, 1658, 1662, 1672, 1664, 1668, 1669, 1666, + 1674, 1676, 0, 1667, 1669, 1675, 1678, 1681, 1671, 1677, + 1676, 1679, 0, 1671, 1673, 1673, 1668, 1682, 1675, 1672, + + 1680, 1677, 1681, 1684, 1682, 1686, 1674, 1674, 1676, 1680, + 1678, 1685, 1675, 1678, 1681, 1689, 1677, 1679, 1679, 1683, + 1691, 1686, 1683, 1688, 1682, 1692, 1690, 1680, 1690, 1686, + 1694, 1697, 1686, 1685, 1683, 1684, 1693, 1689, 1685, 1693, + 1695, 1688, 1689, 1683, 1691, 1699, 1683, 1691, 1686, 1683, + 1688, 1696, 1692, 1690, 1698, 0, 1701, 1697, 1697, 1702, + 1700, 1683, 1694, 1693, 1704, 1705, 1703, 1706, 1702, 1707, + 1701, 1704, 1695, 1696, 1703, 1708, 1709, 1699, 1696, 1710, + 1698, 1698, 1700, 1701, 0, 1713, 1702, 1700, 1712, 1705, + 1711, 1704, 1705, 1703, 1711, 1715, 1714, 1718, 1709, 1706, + + 0, 1707, 1716, 1709, 1715, 1718, 1719, 1708, 1717, 1716, + 1712, 1710, 1713, 1719, 1720, 1712, 1723, 1711, 1714, 1721, + 1717, 1722, 1715, 1714, 1718, 1723, 1724, 1720, 1724, 1716, + 1726, 1725, 1721, 1719, 1722, 1717, 1727, 1730, 1733, 1728, + 1734, 1720, 1732, 1723, 1727, 1731, 1721, 1734, 1722, 1737, + 1735, 1742, 1730, 1724, 1725, 1726, 1732, 1726, 1725, 1728, + 1731, 1735, 1737, 1727, 1730, 1738, 1728, 1734, 1736, 1732, + 1733, 1739, 1731, 1740, 1743, 1736, 1737, 1735, 1742, 1745, + 1744, 1743, 1746, 1738, 1747, 1749, 1748, 0, 1749, 1738, + 0, 1740, 1738, 0, 1745, 1736, 1747, 1739, 1739, 1748, + + 1740, 1743, 1744, 1751, 1752, 1750, 1745, 1744, 1746, 1746, + 1738, 1747, 1749, 1748, 1750, 1753, 1752, 1755, 1759, 1754, + 1759, 1751, 1754, 1760, 1757, 1761, 1762, 1766, 1755, 1757, + 1751, 1752, 1750, 1763, 1764, 1753, 1757, 1754, 1765, 0, + 1771, 1767, 1753, 1764, 1755, 1759, 1754, 1760, 1763, 1754, + 1760, 1757, 1761, 1762, 1766, 1767, 1757, 1769, 1768, 1770, + 1763, 1764, 1765, 1772, 1771, 1765, 1768, 1771, 1767, 1772, + 1773, 1775, 1774, 1776, 1779, 1777, 1780, 1779, 1781, 1769, + 1774, 1770, 1775, 1777, 1769, 1768, 1770, 1782, 1783, 0, + 1772, 1776, 1773, 1778, 1780, 1785, 1778, 1773, 1775, 1774, + + 1776, 1779, 1777, 1780, 1786, 1784, 1787, 1788, 1783, 1785, + 1781, 1778, 1784, 1786, 1782, 1783, 1789, 1790, 1788, 1787, + 1778, 1789, 1785, 1778, 1794, 1791, 1794, 1795, 0, 1796, + 1798, 1786, 1784, 1787, 1788, 1797, 1795, 1804, 0, 1790, + 1791, 1798, 1799, 1803, 1790, 1800, 1804, 1801, 1789, 1800, + 1802, 1794, 1791, 1802, 1795, 1796, 1796, 1798, 1806, 1797, + 1799, 1801, 1797, 1814, 1804, 1803, 1809, 1806, 1802, 1799, + 1803, 1800, 1800, 1801, 1801, 1805, 1800, 1802, 1807, 1809, + 1802, 1805, 1810, 1807, 1811, 1806, 1812, 1813, 1801, 1811, + 1815, 1816, 1817, 1809, 1810, 1814, 1820, 1826, 1818, 1815, + + 1813, 0, 1805, 1819, 1829, 1821, 0, 0, 1812, 1810, + 1807, 1811, 1823, 1812, 1813, 1824, 1819, 1815, 1816, 1823, + 1818, 1825, 1824, 1827, 1817, 1818, 1821, 1828, 1820, 1826, + 1819, 1837, 1821, 1828, 1825, 1833, 1829, 1827, 1831, 1823, + 1836, 1834, 1824, 1833, 1835, 1838, 1840, 1839, 1825, 1834, + 1827, 1828, 1835, 1837, 1828, 1841, 1845, 1831, 1837, 1836, + 1828, 1839, 1833, 1838, 1840, 1831, 1842, 1836, 1834, 1841, + 1843, 1835, 1838, 1840, 1839, 1844, 1846, 1847, 1848, 1842, + 1849, 0, 1841, 1843, 1850, 1851, 1853, 1852, 1845, 1854, + 1855, 1850, 1848, 1842, 1851, 1852, 1844, 1843, 1857, 0, + + 1860, 1847, 1844, 1854, 1847, 1848, 1862, 1849, 1846, 1857, + 1856, 1850, 1851, 1853, 1852, 1856, 1854, 1858, 1863, 1865, + 1866, 1861, 1855, 1844, 1864, 1857, 1858, 1860, 1861, 1862, + 1868, 1864, 1867, 1862, 1868, 1871, 1870, 1856, 1875, 1873, + 1863, 1865, 1866, 1872, 1858, 1863, 1865, 1866, 1861, 1874, + 1867, 1864, 1870, 1871, 1873, 1879, 1876, 1868, 1877, 1867, + 1878, 1874, 1871, 1870, 1876, 1875, 1873, 1872, 1878, 1880, + 1872, 1881, 1882, 1877, 1883, 1884, 1874, 1888, 1886, 1889, + 1892, 1887, 1879, 1876, 1881, 1877, 1886, 1878, 1887, 1883, + 1884, 1880, 1882, 1891, 1889, 1890, 1880, 1893, 1881, 1882, + + 1895, 1883, 1884, 1894, 1890, 1886, 1889, 1892, 1887, 1888, + 1894, 1897, 1899, 1898, 1891, 1900, 1902, 0, 1904, 1901, + 1891, 1893, 1890, 1903, 1893, 1904, 1906, 1895, 1920, 1908, + 1894, 1898, 1905, 1897, 1901, 1906, 1909, 1905, 1897, 1907, + 1898, 1902, 1900, 1902, 1899, 1904, 1901, 1903, 1907, 1910, + 1903, 1908, 1912, 1906, 1911, 1913, 1908, 1914, 1909, 1905, + 1920, 1915, 1918, 1909, 1912, 1916, 1907, 1910, 1915, 1911, + 1914, 1917, 1916, 1919, 1918, 1914, 1910, 1913, 1927, 1912, + 1921, 1911, 1913, 1923, 1914, 1927, 1921, 1916, 1915, 1918, + 1926, 1928, 1916, 1917, 1923, 1924, 1925, 1914, 1917, 1916, + + 1919, 1926, 1930, 1924, 1925, 1927, 1929, 1921, 1929, 1931, + 1923, 1932, 1934, 1933, 1941, 1935, 1928, 1926, 1928, 1929, + 1933, 1936, 1924, 1925, 1937, 1938, 1939, 1936, 1930, 1930, + 1937, 1938, 1940, 1929, 1942, 1929, 1931, 1944, 1932, 1934, + 1933, 1935, 1935, 1946, 1948, 1945, 1941, 1949, 1936, 1949, + 1951, 1937, 1938, 1939, 1945, 1940, 1947, 1950, 1942, 1940, + 1947, 1942, 1954, 1952, 1953, 1957, 1948, 1955, 0, 1944, + 1952, 1948, 1945, 1958, 1949, 1946, 1956, 1951, 1959, 1955, + 1960, 1950, 1956, 1947, 1950, 1961, 1953, 1957, 0, 1954, + 1952, 1953, 1957, 1966, 1955, 1958, 1972, 0, 1978, 1963, + + 1958, 1972, 1960, 1956, 1959, 1959, 1963, 1960, 1962, 1962, + 1962, 1964, 1965, 1969, 1967, 1962, 0, 1961, 1973, 1965, + 1964, 1967, 1968, 1962, 1970, 1966, 1963, 1975, 1972, 1968, + 1978, 1973, 1974, 1969, 1976, 1962, 1962, 1962, 1964, 1965, + 1969, 1967, 1962, 1977, 1974, 1973, 1970, 1979, 1982, 1968, + 1976, 1970, 1975, 1980, 1975, 1977, 1981, 1983, 1983, 1974, + 1980, 1976, 1981, 1984, 1985, 1979, 1987, 1986, 1988, 1989, + 1977, 1985, 1986, 1992, 1979, 1982, 1989, 1993, 1998, 1993, + 1980, 1994, 1997, 1981, 1983, 1996, 2002, 2000, 1997, 1984, + 1984, 1985, 1987, 1987, 1986, 1988, 1989, 1999, 2000, 1994, + + 1992, 2003, 2001, 1996, 1993, 1999, 2004, 2003, 1994, 1997, + 1998, 2005, 1996, 2002, 2000, 2001, 2006, 2009, 2004, 2007, + 2007, 2008, 2010, 2010, 1999, 2011, 2013, 0, 2003, 2001, + 2015, 2005, 2014, 2004, 2006, 0, 2011, 2018, 2005, 2019, + 2017, 2022, 2035, 2006, 2009, 2021, 2007, 2008, 2008, 2010, + 2016, 2023, 2011, 2021, 2014, 0, 0, 2016, 2013, 2014, + 2017, 2024, 2015, 2025, 2019, 2029, 2019, 2017, 2026, 2018, + 2030, 2028, 2021, 2022, 2035, 2027, 2031, 2016, 2023, 2028, + 2026, 2025, 2027, 2024, 2032, 2030, 2033, 2033, 2024, 2029, + 2025, 2034, 2029, 2032, 2036, 2026, 2039, 2030, 2028, 0, + + 2031, 2037, 2027, 2031, 2038, 2042, 2044, 2041, 2037, 0, + 2042, 2032, 2039, 2033, 2041, 2043, 2038, 2034, 2034, 2039, + 2050, 2045, 2046, 2039, 2045, 2051, 2036, 2049, 2037, 2047, + 2046, 2038, 2042, 2044, 2041, 2049, 2052, 2043, 2054, 2039, + 2053, 2047, 2043, 2050, 2055, 2056, 2058, 2050, 2045, 2046, + 2057, 2051, 2051, 2059, 2049, 2057, 2047, 2052, 2053, 2059, + 0, 2060, 2055, 2052, 2062, 2054, 2057, 2053, 2056, 2063, + 2061, 2055, 2056, 2058, 2060, 2066, 2063, 2057, 2061, 2069, + 2059, 2070, 2057, 2064, 2067, 2065, 2062, 2068, 2060, 2071, + 2064, 2062, 2065, 2067, 2072, 2070, 2063, 2061, 2077, 2068, + + 2073, 2069, 2083, 2079, 2075, 2077, 2069, 2066, 2070, 2081, + 2064, 2067, 2065, 2076, 2068, 2078, 2071, 2085, 2076, 2082, + 2072, 2072, 2075, 2073, 2082, 2077, 2087, 2073, 2088, 2076, + 2079, 2075, 2086, 2086, 2083, 2089, 2081, 2078, 2092, 2091, + 2076, 2093, 2078, 2088, 2094, 2076, 2096, 2098, 2087, 2085, + 2095, 2082, 2095, 2087, 2091, 2088, 2093, 2097, 2099, 2086, + 2102, 2092, 2097, 2109, 2100, 2092, 2091, 2089, 2093, 2101, + 2094, 2094, 2100, 2103, 2105, 2106, 2101, 2095, 2096, 2098, + 2110, 2107, 2102, 2106, 2097, 2099, 2111, 2102, 2103, 2105, + 2109, 2100, 2112, 2113, 2115, 2116, 2101, 2118, 2114, 0, + + 2103, 2105, 2106, 2107, 2110, 2114, 2117, 2110, 2107, 2119, + 2121, 2122, 2111, 2111, 2125, 2124, 2116, 2126, 2118, 2112, + 2113, 2131, 2116, 2136, 2118, 2114, 2115, 2119, 2117, 2125, + 2128, 2129, 2121, 2117, 2130, 2132, 2119, 2121, 2122, 2124, + 2135, 2125, 2124, 2126, 2126, 2128, 2129, 2133, 2131, 2134, + 2136, 2139, 2137, 2132, 2138, 2140, 2130, 2128, 2129, 2137, + 2139, 2130, 2132, 2140, 2135, 2141, 2143, 2135, 2142, 2133, + 2147, 2134, 2138, 2145, 2133, 2144, 2134, 2146, 2139, 2137, + 2150, 2138, 2140, 2147, 2144, 2149, 2146, 2151, 2141, 2150, + 2142, 2145, 2141, 2154, 2153, 2142, 2149, 2147, 2143, 2152, + + 2145, 2153, 2144, 2156, 2146, 2151, 2155, 2150, 2159, 2157, + 2158, 2149, 2149, 2162, 2151, 2157, 2165, 2152, 2156, 2154, + 2154, 2153, 2159, 2149, 2155, 2164, 2152, 2165, 2166, 2169, + 2156, 2167, 2158, 2155, 2170, 2159, 2157, 2158, 2171, 2166, + 2162, 2169, 2167, 2165, 2172, 0, 2173, 2170, 0, 2164, + 2174, 2175, 2164, 2176, 2172, 2166, 2169, 2177, 2167, 2180, + 2178, 2170, 2176, 2181, 2175, 2183, 2185, 2184, 2186, 2183, + 2171, 2172, 2173, 2173, 0, 2174, 2187, 2174, 2175, 2178, + 2176, 2186, 2190, 2228, 2177, 0, 2180, 2178, 2184, 2181, + 2181, 2191, 2183, 2189, 2184, 2186, 2187, 2188, 2185, 2191, + + 2189, 2192, 2188, 2187, 2193, 2198, 2194, 2192, 2190, 2190, + 2195, 2200, 2196, 2197, 2197, 2228, 2200, 2191, 2191, 2193, + 2189, 2194, 2195, 2198, 2188, 2207, 2191, 2196, 2192, 2199, + 2201, 2193, 2198, 2194, 2201, 2204, 2206, 2195, 2208, 2196, + 2197, 2199, 2204, 2200, 2202, 2202, 2205, 2208, 2202, 2215, + 2205, 2206, 2207, 2209, 2210, 2211, 2199, 2201, 0, 2212, + 2209, 2202, 2204, 2206, 2218, 2208, 2212, 2214, 2217, 2202, + 2216, 2202, 2202, 2205, 2215, 2202, 2215, 2211, 2210, 2216, + 2209, 2210, 2211, 2220, 2218, 2223, 2212, 2222, 2202, 2214, + 2217, 2218, 2224, 2225, 2214, 2217, 2222, 2216, 2226, 2231, + + 2232, 2220, 2227, 2223, 2229, 2233, 2226, 2224, 2235, 2227, + 2220, 2229, 2223, 2232, 2222, 2234, 2234, 2238, 2225, 2224, + 2225, 2236, 2243, 2239, 2231, 2226, 2231, 2232, 2240, 2227, + 2235, 2229, 2233, 2242, 2241, 2235, 2244, 2240, 2245, 2238, + 2242, 2246, 2234, 2241, 2238, 2239, 2236, 2248, 2236, 2253, + 2239, 2250, 2245, 2254, 2243, 2240, 2246, 2247, 2244, 2250, + 2242, 2241, 2247, 2244, 2251, 2245, 2248, 2252, 2246, 2255, + 2258, 2256, 2260, 2259, 2248, 2325, 2253, 2251, 2250, 2254, + 2254, 2257, 2252, 2256, 2261, 2255, 2263, 2288, 2257, 2247, + 2264, 2251, 2265, 2261, 2252, 2259, 2255, 2260, 2256, 2260, + + 2259, 2262, 2258, 2266, 2267, 2264, 2269, 2325, 2257, 2262, + 2268, 2261, 2271, 2263, 2288, 2269, 0, 2264, 2265, 2265, + 2262, 2273, 2267, 2272, 0, 2282, 2272, 2276, 2262, 2266, + 2266, 2267, 2268, 2269, 2274, 2271, 2262, 2268, 2275, 2271, + 2274, 2272, 2276, 2275, 2277, 2278, 2273, 2282, 2273, 2280, + 2272, 2281, 2282, 2272, 2276, 2283, 2286, 0, 0, 2285, + 2278, 2274, 2277, 2280, 0, 2289, 2281, 2287, 2286, 2295, + 2275, 2277, 2278, 2285, 2289, 2286, 2280, 2283, 2281, 2290, + 2291, 2295, 2283, 2286, 2294, 2287, 2285, 2292, 2290, 2291, + 2296, 2293, 2289, 2293, 2287, 2286, 2295, 2294, 2292, 2301, + + 2298, 2299, 2300, 2302, 2303, 0, 2290, 2291, 0, 2300, + 2304, 2294, 2296, 2309, 2292, 2298, 2299, 2296, 2293, 2304, + 2307, 2301, 2303, 2311, 2315, 2302, 2301, 2298, 2299, 2300, + 2302, 2303, 2310, 2307, 2309, 2311, 2310, 2304, 2314, 2312, + 2309, 2307, 2313, 2316, 2313, 2317, 2318, 2307, 2312, 2319, + 2311, 2315, 2320, 0, 2322, 2318, 2314, 2319, 2321, 2310, + 2307, 2316, 2326, 2324, 2328, 2314, 2312, 2326, 2322, 2313, + 2316, 2324, 2317, 2318, 2329, 2320, 2319, 2327, 2330, 2320, + 2321, 2322, 2327, 2336, 2332, 2321, 2333, 2339, 0, 2326, + 2324, 2340, 0, 2333, 2337, 2342, 2328, 2338, 2344, 2346, + + 2347, 2341, 2330, 2332, 2342, 2330, 2329, 2345, 2337, 2327, + 2336, 2332, 2349, 2333, 2339, 2338, 2341, 2340, 2340, 2337, + 2337, 2337, 2342, 2348, 2338, 2346, 2346, 2347, 2341, 2345, + 2344, 2351, 2352, 2353, 2345, 2337, 2354, 0, 2356, 2352, + 2356, 2359, 2357, 2354, 2349, 2348, 2337, 2358, 2360, 2366, + 2348, 2358, 2361, 2359, 2351, 2362, 2353, 0, 2351, 2352, + 2353, 2361, 2364, 2354, 2357, 2356, 2362, 2365, 2359, 2357, + 2360, 2363, 2365, 2367, 2358, 2360, 2366, 2369, 2363, 2361, + 2368, 2370, 2362, 2374, 2364, 2371, 2371, 2373, 2372, 2364, + 2370, 2374, 2368, 2378, 2365, 2375, 2367, 2372, 2363, 2369, + + 2367, 0, 2373, 2381, 2369, 2376, 2380, 2368, 2370, 2377, + 2374, 2381, 2371, 2382, 2373, 2372, 2383, 2375, 2377, 2376, + 2378, 2382, 2375, 2384, 2383, 2380, 2385, 2384, 2387, 2385, + 2381, 2386, 2376, 2380, 2387, 2389, 2377, 2388, 2390, 2386, + 2382, 2389, 2391, 2383, 2393, 2395, 2397, 2464, 2396, 0, + 2384, 2398, 2388, 2385, 2400, 2387, 2393, 0, 2386, 2395, + 2401, 2396, 2389, 2408, 2388, 2402, 2403, 2397, 2407, 2410, + 2390, 2393, 2395, 2397, 2391, 2396, 2398, 2399, 2398, 2464, + 2403, 2400, 2401, 2404, 2399, 2405, 2404, 2401, 2406, 2402, + 2408, 2409, 2402, 2403, 2407, 2407, 2410, 2411, 2405, 2412, + + 2413, 2416, 2406, 2414, 2399, 2417, 2414, 2418, 0, 2411, + 2404, 2412, 2405, 2419, 2413, 2406, 2409, 2420, 2409, 2418, + 2420, 2421, 2422, 2423, 2411, 0, 2412, 2413, 2416, 2414, + 2414, 2417, 2417, 2414, 2418, 2420, 2425, 2429, 2430, 2419, + 2419, 2428, 2432, 2431, 2420, 2423, 2426, 2420, 2421, 2422, + 2423, 2431, 2427, 2426, 2434, 2435, 2428, 2433, 2425, 2427, + 2437, 2436, 2438, 2425, 2429, 2430, 2433, 2435, 2428, 2432, + 2431, 2441, 2439, 2426, 2440, 2443, 2442, 2444, 2448, 2427, + 2450, 2434, 2435, 2436, 2433, 2439, 2442, 2437, 2436, 2438, + 2444, 2447, 2440, 2452, 2456, 2453, 0, 2441, 2441, 2439, + + 2445, 2440, 2443, 2442, 2444, 2448, 2449, 2450, 2445, 2459, + 2451, 2454, 2458, 2447, 2449, 2452, 2453, 2455, 2447, 2451, + 2452, 2456, 2453, 2457, 2458, 2463, 0, 2445, 2461, 2471, + 2467, 2457, 2455, 2449, 2459, 2454, 2459, 2451, 2454, 2458, + 2461, 2462, 2467, 2455, 2455, 2473, 2466, 2468, 2469, 2462, + 2457, 2468, 2463, 2466, 2470, 2461, 2471, 2467, 2472, 2455, + 2469, 2477, 2479, 2478, 2474, 2480, 2472, 2473, 2462, 2475, + 2478, 2481, 2473, 2466, 2468, 2469, 2474, 2470, 2480, 2485, + 2481, 2470, 2479, 2475, 2482, 2472, 2486, 2483, 2477, 2479, + 2478, 2474, 2480, 2482, 2487, 2475, 2475, 2490, 2481, 2483, + + 2484, 2484, 0, 2491, 2486, 2485, 2485, 2488, 0, 0, + 2475, 2482, 0, 2486, 2483, 2492, 2493, 2494, 2491, 2487, + 0, 2487, 2488, 2495, 2488, 2495, 2496, 2484, 2498, 2490, + 2491, 2488, 2499, 2506, 2488, 2497, 2502, 2492, 2493, 2494, + 2496, 2497, 2492, 2493, 2494, 2503, 2498, 2500, 2500, 2488, + 2495, 2488, 2505, 2496, 2499, 2498, 2504, 2507, 2502, 2499, + 2508, 2509, 2497, 2502, 2505, 2506, 2508, 2503, 2510, 2511, + 2512, 2514, 2503, 2509, 2500, 2513, 2517, 2513, 2504, 2505, + 2515, 2518, 2521, 2504, 2522, 2514, 2516, 2508, 2509, 2507, + 2523, 2511, 2512, 2516, 2517, 2521, 2511, 2512, 2514, 2518, + + 2510, 2519, 2513, 2517, 2515, 2520, 2524, 2515, 2518, 2521, + 2526, 2528, 2529, 2516, 2530, 2531, 2522, 2526, 2528, 2519, + 0, 2535, 2523, 2520, 2533, 0, 2532, 2540, 2519, 2524, + 2529, 2534, 2520, 2524, 2532, 0, 0, 2526, 2528, 2529, + 2530, 2530, 2533, 2535, 2538, 2539, 2542, 2531, 2535, 2553, + 2544, 2533, 2532, 2532, 2540, 2538, 2539, 2534, 2534, 2545, + 2536, 2532, 2536, 2541, 2542, 2544, 2546, 2536, 2547, 2550, + 2545, 2538, 2539, 2542, 2549, 2541, 2553, 2544, 2546, 2552, + 2556, 2551, 0, 2547, 2554, 2557, 2545, 2536, 2551, 2536, + 2541, 2550, 2558, 2546, 2552, 2547, 2550, 2559, 2549, 2560, + + 2561, 2549, 0, 2562, 2569, 2565, 2552, 2556, 2551, 2557, + 2554, 2554, 2557, 2563, 2558, 2564, 2567, 2571, 2561, 2558, + 2565, 2566, 0, 2568, 2567, 2570, 2563, 2561, 2573, 2559, + 2562, 2560, 2565, 2574, 2566, 2575, 2569, 2576, 2570, 2571, + 2563, 2564, 2564, 2567, 2571, 2577, 2581, 2578, 2566, 2568, + 2568, 2573, 2570, 2579, 2580, 2573, 2582, 2574, 0, 2576, + 2574, 2580, 2575, 2583, 2576, 2578, 2585, 2577, 2586, 2581, + 2592, 2579, 2577, 2581, 2578, 2586, 2589, 2583, 2587, 2588, + 2579, 2580, 2595, 2582, 2590, 2587, 2588, 2591, 2585, 2589, + 2583, 2593, 2592, 2585, 2591, 2586, 0, 2592, 2594, 0, + + 2596, 2597, 2600, 2589, 2598, 2587, 2588, 2590, 2595, 2595, + 2597, 2590, 2598, 2599, 2591, 2602, 2601, 2604, 2607, 2594, + 2608, 2599, 2601, 2593, 2600, 2594, 2596, 2596, 2597, 2600, + 2605, 2598, 2604, 2606, 2609, 0, 2612, 2610, 2614, 0, + 2599, 2605, 2602, 2601, 2604, 2615, 2628, 2616, 0, 2618, + 2607, 2614, 2608, 2609, 2612, 2606, 2617, 2605, 2615, 2621, + 2606, 2609, 2610, 2612, 2610, 2614, 2620, 2622, 2623, 2623, + 2624, 2621, 2615, 2616, 2616, 2618, 2618, 2627, 2628, 2630, + 2617, 2634, 0, 2617, 2629, 2631, 2621, 2642, 2638, 2636, + 2620, 2622, 2653, 2620, 2622, 2623, 2624, 2624, 2636, 2629, + + 2627, 2638, 2639, 2631, 2627, 2647, 2630, 2649, 2634, 2642, + 2644, 2629, 2631, 2639, 2642, 2638, 2636, 2643, 2643, 2644, + 2645, 2648, 2651, 2654, 2653, 2655, 2645, 2647, 2656, 2639, + 2654, 2657, 2647, 2660, 2649, 2658, 2657, 2644, 2662, 2656, + 2661, 2660, 2664, 2648, 2643, 2666, 2663, 2645, 2648, 2651, + 2654, 2655, 2655, 2662, 2668, 2656, 2666, 2658, 2657, 2667, + 2660, 2663, 2658, 2669, 2661, 2662, 2671, 2661, 0, 2664, + 2670, 2673, 2666, 2663, 2675, 2668, 2674, 2667, 2671, 2670, + 2677, 2668, 2675, 2676, 2676, 2680, 2667, 2679, 2683, 2677, + 2682, 2676, 0, 2671, 2681, 2669, 2687, 2670, 2673, 2682, + + 2674, 2675, 2685, 2674, 2684, 2686, 2683, 2677, 0, 2687, + 2676, 2676, 2680, 2679, 2679, 2683, 2681, 2682, 2684, 2689, + 2688, 2681, 2690, 2687, 2685, 2694, 2693, 2695, 2691, 2685, + 2686, 2684, 2686, 2688, 2689, 2691, 2692, 2696, 2697, 2695, + 2698, 2699, 2701, 2692, 2690, 2700, 2689, 2688, 2693, 2690, + 2703, 2701, 2694, 2693, 2695, 2691, 2699, 2702, 0, 2704, + 0, 2705, 0, 2692, 2696, 2697, 2706, 2698, 2699, 2701, + 2700, 2707, 2700, 2709, 2708, 2712, 2703, 2703, 2707, 2702, + 2709, 2706, 2714, 2711, 2702, 2704, 2704, 2705, 2705, 2708, + 2710, 2713, 2715, 2706, 2711, 2716, 2710, 2717, 2707, 2713, + + 2709, 2708, 2712, 2719, 2722, 2718, 2720, 2721, 2723, 2714, + 2711, 2716, 2725, 2727, 2721, 2723, 0, 2710, 2713, 2715, + 2718, 2720, 2716, 2719, 2717, 2726, 2722, 2728, 2728, 2724, + 2719, 2722, 2718, 2720, 2721, 2723, 2724, 2729, 2732, 2725, + 2727, 2730, 2731, 2726, 2729, 2731, 2734, 2735, 2733, 0, + 2736, 2732, 2726, 2733, 2728, 2730, 2724, 2741, 2738, 0, + 2737, 0, 2735, 2748, 2729, 2732, 2741, 2739, 2730, 2731, + 2738, 2734, 2744, 2734, 2735, 2733, 2736, 2736, 2737, 2739, + 2745, 2742, 2746, 2747, 2741, 2738, 2742, 2737, 2743, 2749, + 2748, 2750, 2743, 2745, 2739, 2752, 2744, 2754, 2756, 2744, + + 0, 2758, 2755, 0, 2746, 2747, 0, 2745, 2742, 2746, + 2747, 2755, 2757, 2758, 2756, 2743, 2749, 2750, 2750, 2760, + 2757, 2752, 2752, 2754, 2754, 2756, 2760, 2761, 2758, 2755, + 2762, 2763, 2764, 2765, 2767, 2762, 2761, 2766, 2763, 2757, + 2765, 2767, 2768, 2769, 0, 2770, 2760, 2773, 2776, 0, + 2764, 2768, 2769, 2772, 2761, 2774, 2777, 2762, 2763, 2764, + 2765, 2767, 2766, 2779, 2766, 2780, 2776, 2784, 2774, 2768, + 2769, 2770, 2770, 2775, 2773, 2776, 2772, 2781, 2775, 2782, + 2772, 2779, 2774, 2777, 2783, 2785, 2781, 2784, 2782, 2786, + 2779, 2788, 2780, 2783, 2784, 2789, 2787, 2785, 2786, 2791, + + 2775, 2790, 2788, 2789, 2781, 2787, 2782, 2792, 2793, 2796, + 2794, 2783, 2785, 2798, 2799, 0, 2786, 2794, 2788, 2791, + 2795, 2800, 2789, 2787, 2790, 2807, 2791, 2806, 2790, 2795, + 2796, 2803, 2805, 2801, 2792, 2793, 2796, 2794, 2804, 2802, + 2798, 2799, 2801, 2803, 2808, 2805, 2804, 2795, 2802, 2806, + 2809, 2808, 2807, 2800, 2806, 2810, 2811, 2809, 2803, 2805, + 2801, 2813, 2810, 2812, 2814, 2804, 2802, 2815, 2813, 2816, + 2817, 2808, 2811, 2818, 0, 2822, 2820, 2809, 2825, 2812, + 0, 2823, 2810, 2811, 2820, 2825, 2814, 2826, 2813, 2823, + 2812, 2814, 2815, 2822, 2815, 2817, 2816, 2817, 2824, 2827, + + 2818, 2828, 2822, 2820, 2829, 2825, 2827, 2830, 2823, 2826, + 2833, 2829, 2834, 2824, 2826, 2830, 2835, 2833, 2836, 2839, + 2837, 2834, 2840, 2828, 2838, 2824, 2827, 2842, 2828, 2841, + 2844, 2829, 2837, 2838, 2830, 2847, 2845, 2833, 2840, 2834, + 2835, 2841, 2844, 2835, 2846, 2836, 2839, 2837, 2845, 2840, + 2842, 2838, 2848, 2849, 2842, 2854, 2841, 2844, 2847, 2852, + 2851, 2853, 2847, 2845, 2856, 2846, 2852, 2849, 2855, 2853, + 2858, 2846, 2851, 2860, 2854, 2855, 2859, 0, 2861, 2848, + 2849, 2862, 2854, 2864, 2863, 2858, 2852, 2851, 2853, 2866, + 2865, 2856, 2863, 2870, 2859, 2855, 2860, 2858, 2867, 2868, + + 2860, 2876, 2879, 2859, 2861, 2861, 2869, 2866, 2862, 2867, + 2864, 2863, 2865, 2869, 2868, 2872, 2866, 2865, 2877, 2878, + 2870, 2872, 2883, 2880, 2878, 2867, 2868, 2876, 2876, 2879, + 2881, 2886, 2887, 2869, 2882, 2884, 2877, 2880, 2885, 2887, + 2883, 2890, 2872, 2888, 2881, 2877, 2878, 2893, 2882, 2883, + 2880, 2895, 2898, 2884, 2896, 2888, 2885, 2881, 2886, 2887, + 2897, 2882, 2884, 2905, 2899, 2885, 2900, 2896, 2890, 2893, + 2888, 2898, 2899, 2895, 2893, 2901, 2903, 2906, 2895, 2898, + 2907, 2896, 2897, 2908, 2900, 2905, 2909, 2897, 2903, 2910, + 2905, 2899, 2907, 2900, 2901, 2912, 0, 2911, 2913, 2906, + + 2915, 2914, 2901, 2903, 2906, 2911, 2916, 2907, 2917, 2915, + 2908, 2910, 2918, 2909, 2920, 2916, 2910, 2919, 2913, 2922, + 2921, 2923, 2912, 2914, 2911, 2913, 2920, 2915, 2914, 2927, + 2928, 2926, 2929, 2916, 2918, 2933, 2940, 2929, 2930, 2918, + 2917, 2920, 2921, 2919, 2919, 2926, 2922, 2921, 2923, 2931, + 2932, 2934, 2936, 2935, 2928, 2941, 2927, 2928, 2926, 2944, + 2930, 2937, 2938, 2932, 2929, 2930, 2939, 2933, 2940, 2942, + 2936, 2931, 2939, 2937, 2934, 2935, 2931, 2932, 2934, 2936, + 2935, 2938, 2943, 2946, 2947, 2950, 2944, 2941, 2937, 2938, + 2948, 2942, 0, 2939, 2952, 2955, 2942, 2943, 2953, 2956, + + 2950, 2954, 2962, 2946, 2955, 2959, 2947, 2961, 2966, 2943, + 2946, 2947, 2950, 2956, 2948, 2957, 2952, 2948, 2958, 2960, + 2953, 2952, 2955, 2954, 2962, 2953, 2956, 2967, 2954, 2962, + 2961, 2959, 2959, 2957, 2961, 2965, 2958, 2960, 2974, 2970, + 2966, 2975, 2957, 2971, 2965, 2958, 2960, 2970, 2967, 2972, + 2971, 2973, 2976, 2978, 2967, 2979, 2972, 2980, 0, 2973, + 2976, 2975, 2965, 2981, 2984, 2974, 2970, 2982, 2975, 2983, + 2971, 2978, 0, 2979, 2987, 2981, 2972, 2990, 2973, 2976, + 2978, 2983, 2979, 2980, 2980, 2982, 2987, 2985, 2991, 2993, + 2981, 2984, 2989, 2994, 2982, 2985, 2983, 2996, 0, 2989, + + 2990, 2987, 2995, 2992, 2990, 2992, 2996, 2997, 2998, 2999, + 2995, 3000, 0, 3000, 2985, 2991, 3003, 3004, 3001, 2989, + 3006, 2993, 3007, 0, 2996, 2994, 3011, 3008, 2999, 2995, + 2992, 3004, 3009, 0, 3003, 2998, 2999, 3014, 3000, 2997, + 3001, 3009, 3010, 3003, 3004, 3001, 3007, 3015, 3012, 3007, + 3008, 3016, 3006, 3011, 3008, 3010, 3015, 3017, 3018, 3009, + 3012, 3017, 3019, 3014, 3014, 3021, 3023, 3022, 3024, 3010, + 3026, 0, 3028, 3034, 3015, 3012, 3029, 3031, 3016, 3028, + 3034, 3030, 3031, 3039, 3017, 3018, 3024, 3032, 3023, 3019, + 3022, 3037, 3021, 3023, 3022, 3024, 3030, 3026, 3029, 3028, + + 3034, 3040, 3032, 3029, 3035, 3036, 3041, 3043, 3030, 3031, + 3039, 3035, 3036, 3042, 3032, 3044, 3046, 3037, 3037, 3050, + 3049, 3043, 3051, 3052, 3053, 3054, 3047, 3049, 3040, 3044, + 3055, 3035, 3036, 3041, 3043, 3047, 3053, 3042, 3058, 3059, + 3042, 3063, 3044, 3046, 3055, 3056, 3050, 3049, 3051, 3051, + 3052, 3053, 3054, 3047, 3056, 3057, 3060, 3055, 3064, 3066, + 3068, 3067, 3069, 3070, 3066, 3067, 3059, 3068, 3057, 3069, + 3058, 3071, 3056, 3063, 3072, 3073, 3072, 3074, 3077, 3060, + 3064, 3084, 3057, 3060, 3070, 3064, 3080, 3068, 3067, 3069, + 3070, 3066, 3079, 3082, 3083, 3082, 3085, 3085, 3073, 3089, + + 3077, 3072, 3073, 3071, 3074, 3077, 3085, 3084, 3084, 3086, + 3080, 3079, 3089, 3080, 3090, 3088, 3087, 3091, 3083, 3079, + 3082, 3083, 3088, 3085, 3085, 3087, 3089, 3092, 3095, 3094, + 3091, 3086, 3093, 3097, 3098, 3092, 3086, 3094, 3097, 3098, + 3099, 3090, 3088, 3087, 3091, 3093, 3100, 3095, 3099, 3101, + 3106, 3092, 3102, 0, 3092, 3095, 3094, 3103, 3107, 3093, + 3104, 3106, 3092, 3105, 3108, 3097, 3098, 3099, 3109, 3109, + 3110, 3108, 0, 3100, 3112, 3101, 3101, 3106, 3102, 3102, + 3107, 3111, 3114, 3103, 3103, 3107, 3104, 3104, 3110, 3105, + 3105, 3108, 3113, 3115, 3111, 3109, 3112, 3110, 3116, 3117, + + 3113, 3112, 3120, 3118, 3114, 3116, 3117, 3121, 3111, 3114, + 3118, 3115, 3122, 3124, 3125, 3123, 3126, 3129, 3131, 3113, + 3115, 0, 3127, 3134, 3132, 3116, 3117, 3123, 3130, 3120, + 3118, 3127, 3137, 3142, 3121, 3125, 3122, 3143, 3126, 3122, + 3124, 3125, 3123, 3126, 3129, 3131, 3132, 3135, 3130, 3127, + 3134, 3132, 3136, 3138, 3139, 3130, 0, 3141, 0, 3137, + 3142, 3146, 3144, 3148, 3143, 3135, 3141, 3147, 3145, 3146, + 3136, 3138, 3139, 3150, 3135, 3148, 3154, 3161, 3150, 3136, + 3138, 3139, 3152, 3147, 3141, 3144, 3145, 0, 3146, 3144, + 3148, 3149, 3153, 3160, 3147, 3145, 3152, 3164, 3149, 3154, + + 3156, 3162, 3169, 3154, 3161, 3150, 3170, 3167, 3165, 3152, + 3153, 3166, 3156, 3166, 3162, 3160, 3167, 3173, 3149, 3153, + 3160, 3165, 3171, 3172, 3164, 3178, 3182, 3156, 3162, 3169, + 3179, 0, 3173, 3170, 3167, 3165, 3181, 3177, 3166, 3177, + 3171, 3184, 3191, 3181, 3173, 3186, 3198, 3178, 3179, 3171, + 3199, 3186, 3178, 3188, 3189, 3172, 3184, 3179, 3182, 3190, + 3191, 3193, 3200, 3181, 3177, 3194, 0, 3196, 3184, 3191, + 3196, 3195, 3186, 3198, 3203, 3188, 3189, 3199, 3201, 3194, + 3188, 3189, 3203, 3193, 3195, 3190, 3190, 3204, 3193, 3200, + 3207, 3206, 3194, 3196, 3196, 3202, 3201, 3196, 3195, 3208, + + 3209, 3203, 3202, 3211, 3210, 3201, 3213, 3215, 3217, 3204, + 3212, 3214, 3207, 3210, 3204, 0, 3212, 3207, 3211, 3219, + 3214, 3208, 3202, 3206, 0, 3220, 3208, 3209, 3213, 3221, + 3211, 3210, 3216, 3213, 3216, 3217, 3222, 3212, 3214, 3215, + 3223, 3224, 3219, 3225, 3229, 0, 3219, 3220, 3223, 0, + 3227, 3221, 3220, 3224, 3236, 3225, 3221, 3227, 3231, 3216, + 3232, 3233, 3222, 3222, 3235, 3236, 3234, 3223, 3224, 0, + 3225, 3229, 3231, 3238, 3232, 3233, 3237, 3227, 3242, 3239, + 3243, 3236, 3235, 3240, 3237, 3231, 3246, 3232, 3233, 3234, + 3240, 3235, 3238, 3234, 3247, 3241, 3245, 3245, 3243, 3244, + + 3238, 3239, 3241, 3237, 3242, 3242, 3239, 3243, 3244, 3248, + 3240, 3251, 3252, 3246, 3254, 3255, 3251, 3248, 3256, 3260, + 3262, 3247, 3241, 3245, 3258, 3252, 3244, 3263, 3265, 3266, + 3258, 3262, 0, 3270, 3272, 3254, 3248, 3267, 3263, 3252, + 3266, 3254, 3255, 3251, 3273, 3256, 3260, 3262, 3275, 0, + 3265, 3258, 3272, 3274, 3263, 3265, 3266, 3274, 3271, 3267, + 3270, 3272, 3276, 3280, 3267, 3271, 3278, 3282, 3279, 3281, + 3276, 3280, 3284, 3287, 3293, 3275, 3273, 0, 3281, 3286, + 3274, 3279, 0, 3291, 3294, 3271, 3286, 3288, 3291, 3276, + 3280, 3295, 3278, 3278, 3282, 3279, 3281, 3292, 3292, 3298, + + 3296, 3293, 3297, 3295, 3284, 3287, 3286, 3296, 3302, 3288, + 3291, 3294, 3299, 3300, 3288, 3298, 3302, 3301, 3295, 3303, + 3300, 3297, 0, 3305, 3292, 3304, 3298, 3296, 3309, 3297, + 3299, 3306, 3304, 3307, 3303, 3302, 3313, 3308, 3314, 3299, + 3300, 3315, 3316, 3306, 3317, 3314, 3303, 3318, 3297, 3301, + 3305, 3313, 3304, 3319, 3309, 3309, 3321, 3307, 3306, 3322, + 3307, 3308, 3319, 3313, 3308, 3314, 3323, 3324, 3317, 3316, + 3325, 3317, 3327, 3315, 3329, 3324, 3330, 3333, 3321, 3318, + 3319, 3326, 3326, 3321, 3332, 3330, 3322, 3334, 3323, 3329, + 3331, 3326, 3331, 3323, 3324, 3334, 3335, 3336, 3332, 3327, + + 3338, 3329, 3325, 3330, 3333, 3339, 3340, 3335, 3326, 3326, + 3344, 3332, 3341, 3342, 3334, 3336, 3343, 3331, 3345, 3346, + 3351, 3348, 3349, 3335, 3336, 0, 3342, 3338, 3352, 3347, + 3350, 3350, 3339, 3340, 3341, 3355, 3349, 3344, 3343, 3341, + 3342, 3358, 3356, 3343, 3359, 3345, 3346, 3347, 3348, 3349, + 3352, 3362, 3351, 3356, 3368, 3352, 3347, 3350, 3364, 3362, + 3365, 3367, 3355, 3364, 3366, 3365, 3367, 3370, 3358, 3356, + 3375, 3359, 3366, 3371, 3371, 3372, 3373, 3375, 3362, 3377, + 3368, 3368, 3378, 3372, 3379, 3364, 3376, 3365, 3367, 3373, + 3381, 3366, 3382, 3384, 3370, 3390, 3385, 3375, 3383, 3381, + + 3371, 3384, 3372, 3373, 3376, 3383, 3377, 3379, 3386, 3378, + 3389, 3379, 3392, 3376, 3393, 3394, 3389, 3381, 3385, 3395, + 3384, 3397, 3390, 3385, 3382, 3383, 3398, 3399, 3394, 3396, + 3386, 3422, 3401, 0, 3488, 3386, 3393, 3389, 3402, 3392, + 3397, 3393, 3394, 3403, 3396, 3404, 3405, 3406, 3397, 3399, + 3403, 3395, 3404, 3398, 3399, 3401, 3396, 3407, 3409, 3401, + 3402, 3410, 3406, 3422, 3411, 3402, 3488, 3414, 3405, 3410, + 3403, 3411, 3404, 3405, 3406, 3412, 3414, 3409, 3407, 3415, + 0, 3418, 3412, 3417, 3407, 3409, 3416, 3416, 3410, 3417, + 3415, 3411, 3421, 3420, 3414, 3423, 3416, 3425, 0, 3421, + + 3431, 3426, 3412, 3418, 3425, 3432, 3415, 3427, 3418, 3439, + 3417, 3437, 3433, 3416, 3416, 3420, 3442, 3423, 3440, 3421, + 3420, 3427, 3423, 3437, 3425, 3426, 3447, 3431, 3426, 3441, + 3444, 3450, 3432, 3454, 3427, 3433, 3439, 3441, 3437, 3433, + 3440, 3452, 3444, 3442, 3455, 3440, 3448, 3448, 3449, 3449, + 3451, 3451, 0, 3447, 3456, 3454, 3441, 3444, 3450, 3458, + 3454, 3457, 3455, 3461, 3452, 3462, 3463, 3464, 3452, 3466, + 3457, 3455, 3458, 3463, 3464, 3448, 3465, 3449, 3467, 3451, + 3472, 3456, 3468, 3471, 3474, 3471, 3458, 3467, 3457, 3468, + 3461, 3462, 3462, 3463, 3464, 3473, 3466, 3477, 3465, 3478, + + 3472, 3475, 3474, 3465, 3479, 3467, 3477, 3472, 3481, 3468, + 3471, 3474, 3480, 3475, 3482, 3483, 3485, 3484, 3473, 0, + 3487, 3478, 3473, 3496, 3477, 3487, 3478, 0, 3475, 3484, + 3480, 3479, 3492, 3486, 3481, 3481, 3486, 3490, 3485, 3480, + 3491, 3482, 3483, 3485, 3484, 3489, 3491, 3489, 3493, 3490, + 3494, 3486, 3487, 3495, 3492, 3496, 3498, 3497, 3494, 3492, + 3486, 3499, 3500, 3486, 3490, 3501, 3504, 3491, 3505, 3507, + 3493, 3512, 3489, 3508, 3500, 3493, 3510, 3494, 3497, 3513, + 3495, 3505, 3514, 3498, 3497, 3510, 3515, 3501, 3499, 3500, + 3517, 3508, 3501, 3504, 3518, 3505, 3507, 3519, 3512, 3520, + + 3508, 3521, 3521, 3510, 3523, 3524, 3513, 3526, 3528, 3514, + 3532, 3527, 3529, 3515, 3534, 3531, 3539, 3517, 3535, 3529, + 3538, 3518, 3523, 3528, 3519, 3533, 3520, 3531, 3521, 3527, + 3535, 3523, 3524, 3533, 3526, 3528, 3536, 3532, 3527, 3529, + 3537, 3534, 3531, 3539, 3541, 3535, 3538, 3538, 3542, 3545, + 3536, 0, 3533, 3546, 3551, 3537, 3541, 3548, 3545, 3547, + 3547, 3549, 3552, 3536, 3555, 3554, 3553, 3537, 3559, 0, + 3549, 3541, 3555, 3556, 3557, 3542, 3545, 3546, 3551, 3553, + 3546, 3551, 3556, 3548, 3548, 3557, 3547, 3554, 3549, 3559, + 3560, 3555, 3554, 3553, 3552, 3559, 3563, 3564, 0, 3566, + + 3556, 3557, 3568, 3568, 3569, 3578, 3579, 3582, 3560, 3564, + 3583, 3569, 3584, 3585, 3587, 3591, 3589, 3560, 3590, 3563, + 3589, 3582, 3615, 3563, 3564, 3566, 3566, 3578, 3592, 3568, + 3579, 3569, 3578, 3579, 3582, 3592, 3590, 3583, 3591, 3584, + 3585, 3587, 3591, 3589, 3594, 3590, 3596, 3597, 3598, 3615, + 3596, 3599, 3600, 0, 3601, 3592, 3604, 3594, 3602, 3603, + 3606, 0, 3606, 3597, 3600, 3604, 3605, 3603, 3610, 3624, + 3598, 3594, 3602, 3596, 3597, 3598, 3599, 3605, 3599, 3600, + 3601, 3601, 3607, 3604, 3608, 3602, 3603, 3606, 3609, 3612, + 3610, 3611, 3613, 3605, 3607, 3610, 3624, 3611, 3614, 3617, + + 3616, 3623, 3608, 3609, 3612, 3626, 3614, 3616, 3623, 3607, + 3622, 3608, 3625, 3628, 3613, 3609, 3612, 3627, 3611, 3613, + 3629, 3617, 3631, 3622, 3632, 3614, 3617, 3616, 3623, 3631, + 3625, 3633, 3626, 3630, 3634, 3637, 3635, 3622, 3635, 3625, + 3628, 3630, 3636, 3627, 3627, 3641, 3638, 3629, 3632, 3631, + 3639, 3632, 3640, 3633, 3636, 3642, 3634, 3643, 3633, 3638, + 3630, 3634, 3642, 3635, 3644, 3639, 3645, 3637, 3647, 3636, + 3649, 3648, 3641, 3638, 3640, 3650, 3652, 3639, 3649, 3640, + 3654, 3657, 3642, 3648, 3643, 3658, 3659, 3664, 3652, 3654, + 3661, 3644, 3660, 3645, 3662, 3647, 3663, 3649, 3648, 0, + + 3660, 3664, 3650, 3652, 3667, 3659, 3666, 3654, 3657, 3663, + 3665, 3658, 3658, 3659, 3664, 3669, 3677, 3675, 3665, 3660, + 0, 3674, 3661, 3663, 3675, 3680, 3662, 3674, 3666, 3677, + 3678, 3667, 3680, 3666, 3681, 3683, 3684, 3665, 3682, 3685, + 0, 3688, 3669, 3677, 3675, 3686, 3682, 3685, 3674, 3683, + 3684, 3687, 3680, 3678, 3694, 0, 3681, 3678, 3695, 0, + 3692, 3681, 3683, 3684, 3691, 3682, 3685, 3686, 3688, 3692, + 3696, 3691, 3686, 3687, 3693, 3702, 0, 3697, 3687, 0, + 3695, 3694, 3693, 3698, 3699, 3695, 3700, 3692, 3701, 3704, + 3705, 3691, 3706, 3713, 3710, 3708, 3701, 0, 0, 0, + + 0, 3693, 3696, 3697, 3697, 3698, 3699, 3702, 3700, 3717, + 3698, 3699, 3705, 3700, 3710, 3701, 3704, 3705, 3708, 3706, + 3709, 3710, 3708, 3711, 3712, 3713, 3714, 3715, 3709, 3719, + 3720, 3711, 3712, 3720, 3714, 3717, 3717, 3721, 3722, 0, + 3725, 3715, 3729, 3729, 3723, 0, 3722, 3709, 3720, 3724, + 3711, 3712, 3723, 3714, 3715, 3726, 3719, 3720, 3727, 3721, + 3720, 3730, 3731, 3724, 3721, 3722, 3725, 3725, 3732, 3729, + 3731, 3723, 3727, 3733, 3734, 3736, 3724, 3726, 3735, 3737, + 3740, 3738, 3726, 3736, 3739, 3727, 0, 3730, 3730, 3731, + 3741, 3747, 3742, 3744, 3732, 3732, 3734, 0, 3735, 3733, + + 3733, 3734, 3736, 3738, 3750, 3735, 3737, 3740, 3738, 3739, + 3741, 3739, 3742, 3743, 3745, 3744, 3748, 3741, 3747, 3742, + 3744, 3743, 3745, 3751, 3748, 3752, 3750, 3753, 0, 3754, + 3756, 3750, 3759, 3752, 3757, 3753, 3758, 3760, 3763, 0, + 3743, 3745, 3757, 3748, 3758, 3751, 3761, 3764, 3765, 3767, + 3751, 3773, 3752, 3774, 3753, 3754, 3754, 3756, 3759, 3759, + 3770, 3757, 3771, 3758, 3760, 3763, 3761, 0, 3765, 3772, + 3771, 3767, 0, 3761, 3764, 3765, 3767, 3772, 3773, 0, + 3774, 0, 3770, 0, 0, 0, 0, 3770, 0, 3771, + 0, 0, 0, 0, 0, 0, 3772, 3778, 3778, 3778, + + 3778, 3778, 3778, 3778, 3779, 3779, 3779, 3779, 3779, 3779, + 3779, 3780, 3780, 3780, 3780, 3780, 3780, 3780, 3781, 3781, + 3781, 3781, 3781, 3781, 3781, 3782, 3782, 3782, 3782, 3782, + 3782, 3782, 3783, 3783, 3783, 3783, 3783, 3783, 3783, 3784, + 3784, 3784, 3784, 3784, 3784, 3784, 3786, 3786, 0, 3786, + 3786, 3786, 3786, 3787, 3787, 0, 0, 0, 3787, 3787, + 3788, 3788, 0, 0, 3788, 0, 3788, 3789, 0, 0, + 0, 0, 0, 3789, 3790, 3790, 0, 0, 0, 3790, + 3790, 3791, 0, 0, 0, 0, 0, 3791, 3792, 3792, + 0, 3792, 3792, 3792, 3792, 3793, 0, 0, 0, 0, + + 0, 3793, 3794, 3794, 0, 0, 0, 3794, 3794, 3795, + 3795, 0, 3795, 3795, 3795, 3795, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, 3777, + 3777, 3777, 3777 } ; static yy_state_type yy_last_accepting_state; @@ -4182,7 +4252,7 @@ static void config_end_include(void) } #endif -#line 4183 "<stdout>" +#line 4253 "<stdout>" #define YY_NO_INPUT 1 #line 191 "util/configlexer.lex" #ifndef YY_NO_UNPUT @@ -4191,9 +4261,9 @@ static void config_end_include(void) #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif -#line 4192 "<stdout>" +#line 4262 "<stdout>" -#line 4194 "<stdout>" +#line 4264 "<stdout>" #define INITIAL 0 #define quotedstring 1 @@ -4417,7 +4487,7 @@ YY_DECL { #line 211 "util/configlexer.lex" -#line 4418 "<stdout>" +#line 4488 "<stdout>" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -4450,13 +4520,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3683 ) + if ( yy_current_state >= 3778 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 10542 ); + while ( yy_base[yy_current_state] != 10717 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -4483,13 +4553,13 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP #line 212 "util/configlexer.lex" -{ +{ LEXOUT(("SP ")); /* ignore */ } YY_BREAK case 2: YY_RULE_SETUP #line 214 "util/configlexer.lex" -{ +{ /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } YY_BREAK @@ -4561,137 +4631,137 @@ YY_RULE_SETUP case 16: YY_RULE_SETUP #line 230 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFER_IP4) } +{ YDVAR(1, VAR_DO_NAT64) } YY_BREAK case 17: YY_RULE_SETUP #line 231 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFER_IP6) } +{ YDVAR(1, VAR_PREFER_IP4) } YY_BREAK case 18: YY_RULE_SETUP #line 232 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_UDP) } +{ YDVAR(1, VAR_PREFER_IP6) } YY_BREAK case 19: YY_RULE_SETUP #line 233 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_TCP) } +{ YDVAR(1, VAR_DO_UDP) } YY_BREAK case 20: YY_RULE_SETUP #line 234 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_UPSTREAM) } +{ YDVAR(1, VAR_DO_TCP) } YY_BREAK case 21: YY_RULE_SETUP #line 235 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_MSS) } +{ YDVAR(1, VAR_TCP_UPSTREAM) } YY_BREAK case 22: YY_RULE_SETUP #line 236 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } +{ YDVAR(1, VAR_TCP_MSS) } YY_BREAK case 23: YY_RULE_SETUP #line 237 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } +{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } YY_BREAK case 24: YY_RULE_SETUP #line 238 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) } +{ YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } YY_BREAK case 25: YY_RULE_SETUP #line 239 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_REUSE_TIMEOUT) } +{ YDVAR(1, VAR_MAX_REUSE_TCP_QUERIES) } YY_BREAK case 26: YY_RULE_SETUP #line 240 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) } +{ YDVAR(1, VAR_TCP_REUSE_TIMEOUT) } YY_BREAK case 27: YY_RULE_SETUP #line 241 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } +{ YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) } YY_BREAK case 28: YY_RULE_SETUP #line 242 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } +{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } YY_BREAK case 29: YY_RULE_SETUP #line 243 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } +{ YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } YY_BREAK case 30: YY_RULE_SETUP #line 244 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } +{ YDVAR(1, VAR_SOCK_QUEUE_TIMEOUT) } YY_BREAK case 31: YY_RULE_SETUP #line 245 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } +{ YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 32: YY_RULE_SETUP #line 246 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } +{ YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 33: YY_RULE_SETUP #line 247 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } +{ YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 34: YY_RULE_SETUP #line 248 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } +{ YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 35: YY_RULE_SETUP #line 249 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 36: YY_RULE_SETUP #line 250 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 37: YY_RULE_SETUP #line 251 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 38: YY_RULE_SETUP #line 252 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 39: YY_RULE_SETUP #line 253 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_WIN_CERT) } +{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 40: YY_RULE_SETUP #line 254 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_WIN_CERT) } +{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 41: YY_RULE_SETUP #line 255 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } +{ YDVAR(1, VAR_TLS_WIN_CERT) } YY_BREAK case 42: YY_RULE_SETUP #line 256 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } +{ YDVAR(1, VAR_TLS_WIN_CERT) } YY_BREAK case 43: YY_RULE_SETUP @@ -4706,1544 +4776,1589 @@ YY_RULE_SETUP case 45: YY_RULE_SETUP #line 259 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } +{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 46: YY_RULE_SETUP #line 260 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERS) } +{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 47: YY_RULE_SETUP #line 261 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_CIPHERSUITES) } +{ YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } YY_BREAK case 48: YY_RULE_SETUP #line 262 "util/configlexer.lex" -{ YDVAR(1, VAR_TLS_USE_SNI) } +{ YDVAR(1, VAR_TLS_CIPHERS) } YY_BREAK case 49: YY_RULE_SETUP #line 263 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTPS_PORT) } +{ YDVAR(1, VAR_TLS_CIPHERSUITES) } YY_BREAK case 50: YY_RULE_SETUP #line 264 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_ENDPOINT) } +{ YDVAR(1, VAR_TLS_USE_SNI) } YY_BREAK case 51: YY_RULE_SETUP #line 265 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_MAX_STREAMS) } +{ YDVAR(1, VAR_HTTPS_PORT) } YY_BREAK case 52: YY_RULE_SETUP #line 266 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } +{ YDVAR(1, VAR_HTTP_ENDPOINT) } YY_BREAK case 53: YY_RULE_SETUP #line 267 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } +{ YDVAR(1, VAR_HTTP_MAX_STREAMS) } YY_BREAK case 54: YY_RULE_SETUP #line 268 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_NODELAY) } +{ YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } YY_BREAK case 55: YY_RULE_SETUP #line 269 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } +{ YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } YY_BREAK case 56: YY_RULE_SETUP #line 270 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } +{ YDVAR(1, VAR_HTTP_NODELAY) } YY_BREAK case 57: YY_RULE_SETUP #line 271 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } +{ YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } YY_BREAK case 58: YY_RULE_SETUP #line 272 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_USE_SYSTEMD) } YY_BREAK case 59: YY_RULE_SETUP #line 273 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 60: YY_RULE_SETUP #line 274 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 61: YY_RULE_SETUP #line 275 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 62: YY_RULE_SETUP #line 276 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC_PORTS) } +{ YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 63: YY_RULE_SETUP #line 277 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 64: YY_RULE_SETUP #line 278 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC_PORTS) } YY_BREAK case 65: YY_RULE_SETUP #line 279 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } +{ YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 66: YY_RULE_SETUP #line 280 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } +{ YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 67: YY_RULE_SETUP #line 281 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } +{ YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 68: YY_RULE_SETUP #line 282 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_DSCP) } +{ YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK case 69: YY_RULE_SETUP #line 283 "util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } +{ YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK case 70: YY_RULE_SETUP #line 284 "util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } +{ YDVAR(1, VAR_IP_DSCP) } YY_BREAK case 71: YY_RULE_SETUP #line 285 "util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } +{ YDVAR(1, VAR_CHROOT) } YY_BREAK case 72: YY_RULE_SETUP #line 286 "util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } +{ YDVAR(1, VAR_USERNAME) } YY_BREAK case 73: YY_RULE_SETUP #line 287 "util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } +{ YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 74: YY_RULE_SETUP #line 288 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } +{ YDVAR(1, VAR_LOGFILE) } YY_BREAK case 75: YY_RULE_SETUP #line 289 "util/configlexer.lex" -{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } +{ YDVAR(1, VAR_PIDFILE) } YY_BREAK case 76: YY_RULE_SETUP #line 290 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } +{ YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 77: YY_RULE_SETUP #line 291 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } +{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } YY_BREAK case 78: YY_RULE_SETUP #line 292 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } +{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 79: YY_RULE_SETUP #line 293 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } +{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 80: YY_RULE_SETUP #line 294 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } +{ YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 81: YY_RULE_SETUP #line 295 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } +{ YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 82: YY_RULE_SETUP #line 296 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } +{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 83: YY_RULE_SETUP #line 297 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } +{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 84: YY_RULE_SETUP #line 298 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } +{ YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 85: YY_RULE_SETUP #line 299 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } +{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK case 86: YY_RULE_SETUP #line 300 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } +{ YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 87: YY_RULE_SETUP #line 301 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } +{ YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 88: YY_RULE_SETUP #line 302 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } +{ YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 89: YY_RULE_SETUP #line 303 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 90: YY_RULE_SETUP #line 304 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 91: YY_RULE_SETUP #line 305 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MAX_RTT) } +{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 92: YY_RULE_SETUP #line 306 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_KEEP_PROBING) } +{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK case 93: YY_RULE_SETUP #line 307 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } +{ YDVAR(1, VAR_INFRA_CACHE_MAX_RTT) } YY_BREAK case 94: YY_RULE_SETUP #line 308 "util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } +{ YDVAR(1, VAR_INFRA_KEEP_PROBING) } YY_BREAK case 95: YY_RULE_SETUP #line 309 "util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } +{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 96: YY_RULE_SETUP #line 310 "util/configlexer.lex" -{ YDVAR(1, VAR_UDP_CONNECT) } +{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 97: YY_RULE_SETUP #line 311 "util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } +{ YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 98: YY_RULE_SETUP #line 312 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } +{ YDVAR(1, VAR_UDP_CONNECT) } YY_BREAK case 99: YY_RULE_SETUP #line 313 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } +{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 100: YY_RULE_SETUP #line 314 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } +{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 101: YY_RULE_SETUP #line 315 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } +{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 102: YY_RULE_SETUP #line 316 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } +{ YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 103: YY_RULE_SETUP #line 317 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 104: YY_RULE_SETUP #line 318 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 105: YY_RULE_SETUP #line 319 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } +{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 106: YY_RULE_SETUP #line 320 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK case 107: YY_RULE_SETUP #line 321 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +{ YDVAR(1, VAR_HARDEN_UNKNOWN_ADDITIONAL) } YY_BREAK case 108: YY_RULE_SETUP #line 322 "util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } +{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 109: YY_RULE_SETUP #line 323 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 110: YY_RULE_SETUP #line 324 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 111: YY_RULE_SETUP #line 325 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } +{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 112: YY_RULE_SETUP #line 326 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } +{ YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 113: YY_RULE_SETUP #line 327 "util/configlexer.lex" -{ YDVAR(1, VAR_DENY_ANY) } +{ YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 114: YY_RULE_SETUP #line 328 "util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } +{ YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 115: YY_RULE_SETUP #line 329 "util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } +{ YDVAR(1, VAR_PREFETCH) } YY_BREAK case 116: YY_RULE_SETUP #line 330 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } +{ YDVAR(1, VAR_DENY_ANY) } YY_BREAK case 117: YY_RULE_SETUP #line 331 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } +{ YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 118: YY_RULE_SETUP #line 332 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } +{ YDVAR(1, VAR_NAME) } YY_BREAK case 119: YY_RULE_SETUP #line 333 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } +{ YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 120: YY_RULE_SETUP #line 334 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_NO_CACHE) } +{ YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 121: YY_RULE_SETUP #line 335 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +{ YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 122: YY_RULE_SETUP #line 336 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +{ YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 123: YY_RULE_SETUP #line 337 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_TCP_UPSTREAM) } +{ YDVAR(1, VAR_STUB_NO_CACHE) } YY_BREAK case 124: YY_RULE_SETUP #line 338 "util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 125: YY_RULE_SETUP #line 339 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 126: YY_RULE_SETUP #line 340 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } +{ YDVAR(1, VAR_STUB_TCP_UPSTREAM) } YY_BREAK case 127: YY_RULE_SETUP #line 341 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } +{ YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 128: YY_RULE_SETUP #line 342 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_NO_CACHE) } +{ YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 129: YY_RULE_SETUP #line 343 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +{ YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 130: YY_RULE_SETUP #line 344 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +{ YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 131: YY_RULE_SETUP #line 345 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_TCP_UPSTREAM) } +{ YDVAR(1, VAR_FORWARD_NO_CACHE) } YY_BREAK case 132: YY_RULE_SETUP #line 346 "util/configlexer.lex" -{ YDVAR(0, VAR_AUTH_ZONE) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 133: YY_RULE_SETUP #line 347 "util/configlexer.lex" -{ YDVAR(0, VAR_RPZ) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 134: YY_RULE_SETUP #line 348 "util/configlexer.lex" -{ YDVAR(1, VAR_TAGS) } +{ YDVAR(1, VAR_FORWARD_TCP_UPSTREAM) } YY_BREAK case 135: YY_RULE_SETUP #line 349 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } +{ YDVAR(0, VAR_AUTH_ZONE) } YY_BREAK case 136: YY_RULE_SETUP #line 350 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } +{ YDVAR(0, VAR_RPZ) } YY_BREAK case 137: YY_RULE_SETUP #line 351 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG) } +{ YDVAR(1, VAR_TAGS) } YY_BREAK case 138: YY_RULE_SETUP #line 352 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG_NAME) } +{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } YY_BREAK case 139: YY_RULE_SETUP #line 353 "util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_SIGNAL_NXDOMAIN_RA) } +{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } YY_BREAK case 140: YY_RULE_SETUP #line 354 "util/configlexer.lex" -{ YDVAR(1, VAR_ZONEFILE) } +{ YDVAR(1, VAR_RPZ_LOG) } YY_BREAK case 141: YY_RULE_SETUP #line 355 "util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } +{ YDVAR(1, VAR_RPZ_LOG_NAME) } YY_BREAK case 142: YY_RULE_SETUP #line 356 "util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } +{ YDVAR(1, VAR_RPZ_SIGNAL_NXDOMAIN_RA) } YY_BREAK case 143: YY_RULE_SETUP #line 357 "util/configlexer.lex" -{ YDVAR(1, VAR_URL) } +{ YDVAR(1, VAR_ZONEFILE) } YY_BREAK case 144: YY_RULE_SETUP #line 358 "util/configlexer.lex" -{ YDVAR(1, VAR_ALLOW_NOTIFY) } +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 145: YY_RULE_SETUP #line 359 "util/configlexer.lex" -{ YDVAR(1, VAR_FOR_DOWNSTREAM) } +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 146: YY_RULE_SETUP #line 360 "util/configlexer.lex" -{ YDVAR(1, VAR_FOR_UPSTREAM) } +{ YDVAR(1, VAR_URL) } YY_BREAK case 147: YY_RULE_SETUP #line 361 "util/configlexer.lex" -{ YDVAR(1, VAR_FALLBACK_ENABLED) } +{ YDVAR(1, VAR_ALLOW_NOTIFY) } YY_BREAK case 148: YY_RULE_SETUP #line 362 "util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } +{ YDVAR(1, VAR_FOR_DOWNSTREAM) } YY_BREAK case 149: YY_RULE_SETUP #line 363 "util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } +{ YDVAR(1, VAR_FOR_UPSTREAM) } YY_BREAK case 150: YY_RULE_SETUP #line 364 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } +{ YDVAR(1, VAR_FALLBACK_ENABLED) } YY_BREAK case 151: YY_RULE_SETUP #line 365 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } +{ YDVAR(0, VAR_VIEW) } YY_BREAK case 152: YY_RULE_SETUP #line 366 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } +{ YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK case 153: YY_RULE_SETUP #line 367 "util/configlexer.lex" -{ YDVAR(2, VAR_INTERFACE_ACTION) } +{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 154: YY_RULE_SETUP #line 368 "util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } +{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 155: YY_RULE_SETUP #line 369 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } +{ YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 156: YY_RULE_SETUP #line 370 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } +{ YDVAR(2, VAR_INTERFACE_ACTION) } YY_BREAK case 157: YY_RULE_SETUP #line 371 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } +{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK case 158: YY_RULE_SETUP #line 372 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } YY_BREAK case 159: YY_RULE_SETUP #line 373 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK case 160: YY_RULE_SETUP #line 374 "util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } +{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK case 161: YY_RULE_SETUP #line 375 "util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK case 162: YY_RULE_SETUP #line 376 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK case 163: YY_RULE_SETUP #line 377 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } YY_BREAK case 164: YY_RULE_SETUP #line 378 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } YY_BREAK case 165: YY_RULE_SETUP #line 379 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } YY_BREAK case 166: YY_RULE_SETUP #line 380 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } YY_BREAK case 167: YY_RULE_SETUP #line 381 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) } +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 168: YY_RULE_SETUP #line 382 "util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 169: YY_RULE_SETUP #line 383 "util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK case 170: YY_RULE_SETUP #line 384 "util/configlexer.lex" -{ YDVAR(1, VAR_HTTP_USER_AGENT) } +{ YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) } YY_BREAK case 171: YY_RULE_SETUP #line 385 "util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK case 172: YY_RULE_SETUP #line 386 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +{ YDVAR(1, VAR_VERSION) } YY_BREAK case 173: YY_RULE_SETUP #line 387 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +{ YDVAR(1, VAR_HTTP_USER_AGENT) } YY_BREAK case 174: YY_RULE_SETUP #line 388 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 175: YY_RULE_SETUP #line 389 "util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 176: YY_RULE_SETUP #line 390 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 177: YY_RULE_SETUP #line 391 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 178: YY_RULE_SETUP #line 392 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 179: YY_RULE_SETUP #line 393 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 180: YY_RULE_SETUP #line 394 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 181: YY_RULE_SETUP #line 395 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } YY_BREAK case 182: YY_RULE_SETUP #line 396 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } YY_BREAK case 183: YY_RULE_SETUP #line 397 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_MAX_RESTART) } +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 184: YY_RULE_SETUP #line 398 "util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 185: YY_RULE_SETUP #line 399 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 186: YY_RULE_SETUP #line 400 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +{ YDVAR(1, VAR_VAL_MAX_RESTART) } YY_BREAK case 187: YY_RULE_SETUP #line 401 "util/configlexer.lex" -{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } +{ YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 188: YY_RULE_SETUP #line 402 "util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 189: YY_RULE_SETUP #line 403 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 190: YY_RULE_SETUP #line 404 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } +{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } YY_BREAK case 191: YY_RULE_SETUP #line 405 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 192: YY_RULE_SETUP #line 406 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } +{ YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 193: YY_RULE_SETUP #line 407 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } YY_BREAK case 194: YY_RULE_SETUP #line 408 "util/configlexer.lex" -{ YDVAR(1, VAR_EDE_SERVE_EXPIRED) } +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } YY_BREAK case 195: YY_RULE_SETUP #line 409 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } +{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } YY_BREAK case 196: YY_RULE_SETUP #line 410 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } YY_BREAK case 197: YY_RULE_SETUP #line 411 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } +{ YDVAR(1, VAR_EDE_SERVE_EXPIRED) } YY_BREAK case 198: YY_RULE_SETUP #line 412 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } YY_BREAK case 199: YY_RULE_SETUP #line 413 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 200: YY_RULE_SETUP #line 414 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +{ YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 201: YY_RULE_SETUP #line 415 "util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 202: YY_RULE_SETUP #line 416 "util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 203: YY_RULE_SETUP -#line 418 "util/configlexer.lex" -{ YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } +#line 417 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 204: YY_RULE_SETUP -#line 419 "util/configlexer.lex" -{ YDVAR(1, VAR_ZONEMD_CHECK) } +#line 418 "util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 205: YY_RULE_SETUP -#line 420 "util/configlexer.lex" -{ YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) } +#line 419 "util/configlexer.lex" +{ + YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 206: YY_RULE_SETUP #line 421 "util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } +{ YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } YY_BREAK case 207: YY_RULE_SETUP #line 422 "util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } +{ YDVAR(1, VAR_ZONEMD_CHECK) } YY_BREAK case 208: YY_RULE_SETUP #line 423 "util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } +{ YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) } YY_BREAK case 209: YY_RULE_SETUP #line 424 "util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } +{ YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 210: YY_RULE_SETUP #line 425 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } +{ YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 211: YY_RULE_SETUP #line 426 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } +{ YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 212: YY_RULE_SETUP #line 427 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } +{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 213: YY_RULE_SETUP #line 428 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } +{ YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 214: YY_RULE_SETUP #line 429 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } +{ YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 215: YY_RULE_SETUP #line 430 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } +{ YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 216: YY_RULE_SETUP #line 431 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } +{ YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 217: YY_RULE_SETUP #line 432 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_SERVFAIL) } +{ YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK case 218: YY_RULE_SETUP #line 433 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } +{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } YY_BREAK case 219: YY_RULE_SETUP #line 434 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } +{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } YY_BREAK case 220: YY_RULE_SETUP #line 435 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } +{ YDVAR(1, VAR_LOG_SERVFAIL) } YY_BREAK case 221: YY_RULE_SETUP #line 436 "util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } +{ YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 222: YY_RULE_SETUP #line 437 "util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } +{ YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 223: YY_RULE_SETUP #line 438 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +{ YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 224: YY_RULE_SETUP #line 439 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 225: YY_RULE_SETUP #line 440 "util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 226: YY_RULE_SETUP #line 441 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) } +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 227: YY_RULE_SETUP #line 442 "util/configlexer.lex" -{ YDVAR(1, VAR_SHM_ENABLE) } +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 228: YY_RULE_SETUP #line 443 "util/configlexer.lex" -{ YDVAR(1, VAR_SHM_KEY) } +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 229: YY_RULE_SETUP #line 444 "util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } +{ YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) } YY_BREAK case 230: YY_RULE_SETUP #line 445 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } +{ YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK case 231: YY_RULE_SETUP #line 446 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +{ YDVAR(1, VAR_SHM_KEY) } YY_BREAK case 232: YY_RULE_SETUP #line 447 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 233: YY_RULE_SETUP #line 448 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 234: YY_RULE_SETUP #line 449 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 235: YY_RULE_SETUP #line 450 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 236: YY_RULE_SETUP #line 451 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +{ YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 237: YY_RULE_SETUP #line 452 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 238: YY_RULE_SETUP #line 453 "util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 239: YY_RULE_SETUP #line 454 "util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 240: YY_RULE_SETUP #line 455 "util/configlexer.lex" -{ YDVAR(1, VAR_DYNLIB_FILE) } +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 241: YY_RULE_SETUP #line 456 "util/configlexer.lex" -{ YDVAR(0, VAR_DYNLIB) } +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 242: YY_RULE_SETUP #line 457 "util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 243: YY_RULE_SETUP #line 458 "util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +{ YDVAR(1, VAR_DYNLIB_FILE) } YY_BREAK case 244: YY_RULE_SETUP #line 459 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +{ YDVAR(0, VAR_DYNLIB) } YY_BREAK case 245: YY_RULE_SETUP #line 460 "util/configlexer.lex" -{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 246: YY_RULE_SETUP #line 461 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 247: YY_RULE_SETUP #line 462 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 248: YY_RULE_SETUP #line 463 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } +{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } YY_BREAK case 249: YY_RULE_SETUP #line 464 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } +{ YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 250: YY_RULE_SETUP #line 465 "util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } +{ YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 251: YY_RULE_SETUP #line 466 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } +{ YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 252: YY_RULE_SETUP #line 467 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } +{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } YY_BREAK case 253: YY_RULE_SETUP #line 468 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } +{ YDVAR(1, VAR_NAT64_PREFIX) } YY_BREAK case 254: YY_RULE_SETUP #line 469 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } +{ YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 255: YY_RULE_SETUP #line 470 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } +{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 256: YY_RULE_SETUP #line 471 "util/configlexer.lex" -{ YDVAR(2, VAR_INTERFACE_TAG) } +{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 257: YY_RULE_SETUP #line 472 "util/configlexer.lex" -{ YDVAR(3, VAR_INTERFACE_TAG_ACTION) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 258: YY_RULE_SETUP #line 473 "util/configlexer.lex" -{ YDVAR(3, VAR_INTERFACE_TAG_DATA) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 259: YY_RULE_SETUP #line 474 "util/configlexer.lex" -{ YDVAR(2, VAR_INTERFACE_VIEW) } +{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 260: YY_RULE_SETUP #line 475 "util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } +{ YDVAR(2, VAR_INTERFACE_TAG) } YY_BREAK case 261: YY_RULE_SETUP #line 476 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } +{ YDVAR(3, VAR_INTERFACE_TAG_ACTION) } YY_BREAK case 262: YY_RULE_SETUP #line 477 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } +{ YDVAR(3, VAR_INTERFACE_TAG_DATA) } YY_BREAK case 263: YY_RULE_SETUP #line 478 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } +{ YDVAR(2, VAR_INTERFACE_VIEW) } YY_BREAK case 264: YY_RULE_SETUP #line 479 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK case 265: YY_RULE_SETUP #line 480 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IP) } +{ YDVAR(0, VAR_DNSTAP) } YY_BREAK case 266: YY_RULE_SETUP #line 481 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS) } +{ YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK case 267: YY_RULE_SETUP #line 482 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } +{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } YY_BREAK case 268: YY_RULE_SETUP #line 483 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } +{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK case 269: YY_RULE_SETUP #line 484 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } +{ YDVAR(1, VAR_DNSTAP_IP) } YY_BREAK case 270: YY_RULE_SETUP -#line 486 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } +#line 485 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS) } YY_BREAK case 271: YY_RULE_SETUP -#line 488 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } +#line 486 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } YY_BREAK case 272: YY_RULE_SETUP -#line 489 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } +#line 487 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } YY_BREAK case 273: YY_RULE_SETUP -#line 490 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } +#line 488 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } YY_BREAK case 274: YY_RULE_SETUP -#line 491 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } +#line 490 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } YY_BREAK case 275: YY_RULE_SETUP #line 492 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } +{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK case 276: YY_RULE_SETUP -#line 494 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } +#line 493 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK case 277: YY_RULE_SETUP -#line 496 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } +#line 494 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK case 278: YY_RULE_SETUP -#line 498 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } +#line 495 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK case 279: YY_RULE_SETUP -#line 500 "util/configlexer.lex" +#line 496 "util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK case 280: YY_RULE_SETUP -#line 502 "util/configlexer.lex" +#line 498 "util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK case 281: YY_RULE_SETUP -#line 504 "util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } +#line 500 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK case 282: YY_RULE_SETUP -#line 505 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } +#line 502 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK case 283: YY_RULE_SETUP -#line 506 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } +#line 504 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK case 284: YY_RULE_SETUP -#line 507 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } +#line 506 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK case 285: YY_RULE_SETUP #line 508 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } +{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK case 286: YY_RULE_SETUP #line 509 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } +{ YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK case 287: YY_RULE_SETUP #line 510 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } +{ YDVAR(1, VAR_IP_RATELIMIT_COOKIE) } YY_BREAK case 288: YY_RULE_SETUP #line 511 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +{ YDVAR(1, VAR_RATELIMIT) } YY_BREAK case 289: YY_RULE_SETUP #line 512 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK case 290: YY_RULE_SETUP #line 513 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } +{ YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK case 291: YY_RULE_SETUP #line 514 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } +{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK case 292: YY_RULE_SETUP #line 515 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) } +{ YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK case 293: YY_RULE_SETUP #line 516 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_BACKOFF) } +{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK case 294: YY_RULE_SETUP #line 517 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTBOUND_MSG_RETRY) } +{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK case 295: YY_RULE_SETUP #line 518 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_SENT_COUNT) } +{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK case 296: YY_RULE_SETUP #line 519 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_QUERY_RESTARTS) } +{ YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK case 297: YY_RULE_SETUP #line 520 "util/configlexer.lex" -{ YDVAR(1, VAR_LOW_RTT) } +{ YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) } YY_BREAK case 298: YY_RULE_SETUP #line 521 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_NUM) } +{ YDVAR(1, VAR_RATELIMIT_BACKOFF) } YY_BREAK case 299: YY_RULE_SETUP #line 522 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_OUTBOUND_MSG_RETRY) } YY_BREAK case 300: YY_RULE_SETUP #line 523 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_MAX_SENT_COUNT) } YY_BREAK case 301: YY_RULE_SETUP #line 524 "util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_MAX_QUERY_RESTARTS) } YY_BREAK case 302: YY_RULE_SETUP #line 525 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } +{ YDVAR(1, VAR_LOW_RTT) } YY_BREAK case 303: YY_RULE_SETUP #line 526 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } +{ YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK case 304: YY_RULE_SETUP #line 527 "util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 305: YY_RULE_SETUP #line 528 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 306: YY_RULE_SETUP #line 529 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 307: YY_RULE_SETUP #line 530 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } +{ YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK case 308: YY_RULE_SETUP #line 531 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } +{ YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK case 309: YY_RULE_SETUP #line 532 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } +{ YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK case 310: YY_RULE_SETUP #line 533 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } +{ YDVAR(0, VAR_DNSCRYPT) } YY_BREAK case 311: YY_RULE_SETUP #line 534 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } +{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK case 312: YY_RULE_SETUP #line 535 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } +{ YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK case 313: YY_RULE_SETUP -#line 537 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } +#line 536 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK case 314: YY_RULE_SETUP -#line 539 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } +#line 537 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK case 315: YY_RULE_SETUP -#line 540 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } +#line 538 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK case 316: YY_RULE_SETUP -#line 541 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES) } +#line 539 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK case 317: YY_RULE_SETUP -#line 542 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } +#line 540 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK case 318: YY_RULE_SETUP -#line 543 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES) } +#line 542 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK case 319: YY_RULE_SETUP #line 544 "util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK case 320: YY_RULE_SETUP #line 545 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_ENABLED) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK case 321: YY_RULE_SETUP #line 546 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } +{ YDVAR(1, VAR_PAD_RESPONSES) } YY_BREAK case 322: YY_RULE_SETUP #line 547 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_HOOK) } +{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } YY_BREAK case 323: YY_RULE_SETUP #line 548 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } +{ YDVAR(1, VAR_PAD_QUERIES) } YY_BREAK case 324: YY_RULE_SETUP #line 549 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } YY_BREAK case 325: YY_RULE_SETUP #line 550 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +{ YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK case 326: YY_RULE_SETUP #line 551 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_STRICT) } +{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK case 327: YY_RULE_SETUP #line 552 "util/configlexer.lex" -{ YDVAR(0, VAR_CACHEDB) } +{ YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK case 328: YY_RULE_SETUP #line 553 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_BACKEND) } +{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK case 329: YY_RULE_SETUP #line 554 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 330: YY_RULE_SETUP #line 555 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISHOST) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 331: YY_RULE_SETUP #line 556 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPORT) } +{ YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK case 332: YY_RULE_SETUP #line 557 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } +{ YDVAR(0, VAR_CACHEDB) } YY_BREAK case 333: YY_RULE_SETUP #line 558 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } +{ YDVAR(1, VAR_CACHEDB_BACKEND) } YY_BREAK case 334: YY_RULE_SETUP #line 559 "util/configlexer.lex" -{ YDVAR(0, VAR_IPSET) } +{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } YY_BREAK case 335: YY_RULE_SETUP #line 560 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V4) } +{ YDVAR(1, VAR_CACHEDB_REDISHOST) } YY_BREAK case 336: YY_RULE_SETUP #line 561 "util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V6) } +{ YDVAR(1, VAR_CACHEDB_REDISPORT) } YY_BREAK case 337: YY_RULE_SETUP #line 562 "util/configlexer.lex" -{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } +{ YDVAR(1, VAR_CACHEDB_REDISPATH) } YY_BREAK case 338: YY_RULE_SETUP #line 563 "util/configlexer.lex" -{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +{ YDVAR(1, VAR_CACHEDB_REDISPASSWORD) } YY_BREAK case 339: YY_RULE_SETUP #line 564 "util/configlexer.lex" -{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } +{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } YY_BREAK case 340: YY_RULE_SETUP #line 565 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } +{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } YY_BREAK case 341: YY_RULE_SETUP #line 566 "util/configlexer.lex" -{ YDVAR(1, VAR_NSID ) } +{ YDVAR(0, VAR_IPSET) } YY_BREAK case 342: YY_RULE_SETUP #line 567 "util/configlexer.lex" -{ YDVAR(1, VAR_EDE ) } +{ YDVAR(1, VAR_IPSET_NAME_V4) } YY_BREAK case 343: YY_RULE_SETUP #line 568 "util/configlexer.lex" -{ YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } +{ YDVAR(1, VAR_IPSET_NAME_V6) } YY_BREAK case 344: -/* rule 344 can match eol */ YY_RULE_SETUP #line 569 "util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++; } +{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } YY_BREAK -/* Quoted strings. Strip leading and ending quotes */ case 345: YY_RULE_SETUP +#line 570 "util/configlexer.lex" +{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } + YY_BREAK +case 346: +YY_RULE_SETUP +#line 571 "util/configlexer.lex" +{ YDVAR(1, VAR_ANSWER_COOKIE ) } + YY_BREAK +case 347: +YY_RULE_SETUP #line 572 "util/configlexer.lex" +{ YDVAR(1, VAR_COOKIE_SECRET) } + YY_BREAK +case 348: +YY_RULE_SETUP +#line 573 "util/configlexer.lex" +{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } + YY_BREAK +case 349: +YY_RULE_SETUP +#line 574 "util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } + YY_BREAK +case 350: +YY_RULE_SETUP +#line 575 "util/configlexer.lex" +{ YDVAR(1, VAR_NSID ) } + YY_BREAK +case 351: +YY_RULE_SETUP +#line 576 "util/configlexer.lex" +{ YDVAR(1, VAR_EDE ) } + YY_BREAK +case 352: +YY_RULE_SETUP +#line 577 "util/configlexer.lex" +{ YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } + YY_BREAK +case 353: +/* rule 353 can match eol */ +YY_RULE_SETUP +#line 578 "util/configlexer.lex" +{ LEXOUT(("NL\n")); cfg_parser->line++; } + YY_BREAK +/* Quoted strings. Strip leading and ending quotes */ +case 354: +YY_RULE_SETUP +#line 581 "util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 573 "util/configlexer.lex" +#line 582 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 346: +case 355: YY_RULE_SETUP -#line 578 "util/configlexer.lex" +#line 587 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 347: -/* rule 347 can match eol */ +case 356: +/* rule 356 can match eol */ YY_RULE_SETUP -#line 579 "util/configlexer.lex" -{ yyerror("newline inside quoted string, no end \""); +#line 588 "util/configlexer.lex" +{ yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 348: +case 357: YY_RULE_SETUP -#line 581 "util/configlexer.lex" +#line 590 "util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -6256,34 +6371,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 349: +case 358: YY_RULE_SETUP -#line 593 "util/configlexer.lex" +#line 602 "util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 594 "util/configlexer.lex" +#line 603 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 350: +case 359: YY_RULE_SETUP -#line 599 "util/configlexer.lex" +#line 608 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 351: -/* rule 351 can match eol */ +case 360: +/* rule 360 can match eol */ YY_RULE_SETUP -#line 600 "util/configlexer.lex" -{ yyerror("newline inside quoted string, no end '"); +#line 609 "util/configlexer.lex" +{ yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 352: +case 361: YY_RULE_SETUP -#line 602 "util/configlexer.lex" +#line 611 "util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -6296,38 +6411,38 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 353: +case 362: YY_RULE_SETUP -#line 614 "util/configlexer.lex" -{ +#line 623 "util/configlexer.lex" +{ LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 616 "util/configlexer.lex" +#line 625 "util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 354: +case 363: YY_RULE_SETUP -#line 620 "util/configlexer.lex" +#line 629 "util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 355: -/* rule 355 can match eol */ +case 364: +/* rule 364 can match eol */ YY_RULE_SETUP -#line 621 "util/configlexer.lex" +#line 630 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 356: +case 365: YY_RULE_SETUP -#line 622 "util/configlexer.lex" +#line 631 "util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 357: +case 366: YY_RULE_SETUP -#line 623 "util/configlexer.lex" +#line 632 "util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 0); @@ -6335,27 +6450,27 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 628 "util/configlexer.lex" +#line 637 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 358: +case 367: YY_RULE_SETUP -#line 632 "util/configlexer.lex" +#line 641 "util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 359: -/* rule 359 can match eol */ +case 368: +/* rule 368 can match eol */ YY_RULE_SETUP -#line 633 "util/configlexer.lex" -{ yyerror("newline before \" in include name"); +#line 642 "util/configlexer.lex" +{ yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 360: +case 369: YY_RULE_SETUP -#line 635 "util/configlexer.lex" +#line 644 "util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -6365,7 +6480,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 641 "util/configlexer.lex" +#line 650 "util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -6380,39 +6495,39 @@ case YY_STATE_EOF(val): } YY_BREAK /* include-toplevel: directive */ -case 361: +case 370: YY_RULE_SETUP -#line 655 "util/configlexer.lex" +#line 664 "util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); } YY_BREAK case YY_STATE_EOF(include_toplevel): -#line 658 "util/configlexer.lex" +#line 667 "util/configlexer.lex" { yyerror("EOF inside include_toplevel directive"); BEGIN(inc_prev); } YY_BREAK -case 362: +case 371: YY_RULE_SETUP -#line 662 "util/configlexer.lex" +#line 671 "util/configlexer.lex" { LEXOUT(("ITSP ")); /* ignore */ } YY_BREAK -case 363: -/* rule 363 can match eol */ +case 372: +/* rule 372 can match eol */ YY_RULE_SETUP -#line 663 "util/configlexer.lex" +#line 672 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK -case 364: +case 373: YY_RULE_SETUP -#line 664 "util/configlexer.lex" +#line 673 "util/configlexer.lex" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } YY_BREAK -case 365: +case 374: YY_RULE_SETUP -#line 665 "util/configlexer.lex" +#line 674 "util/configlexer.lex" { LEXOUT(("ITunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 1); @@ -6421,29 +6536,29 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_toplevel_quoted): -#line 671 "util/configlexer.lex" +#line 680 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 366: +case 375: YY_RULE_SETUP -#line 675 "util/configlexer.lex" +#line 684 "util/configlexer.lex" { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } YY_BREAK -case 367: -/* rule 367 can match eol */ +case 376: +/* rule 376 can match eol */ YY_RULE_SETUP -#line 676 "util/configlexer.lex" +#line 685 "util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 368: +case 377: YY_RULE_SETUP -#line 680 "util/configlexer.lex" +#line 689 "util/configlexer.lex" { LEXOUT(("ITQE ")); yytext[yyleng - 1] = '\0'; @@ -6452,33 +6567,33 @@ YY_RULE_SETUP return (VAR_FORCE_TOPLEVEL); } YY_BREAK -case 369: +case 378: YY_RULE_SETUP -#line 688 "util/configlexer.lex" -{ LEXOUT(("unquotedstr(%s) ", yytext)); +#line 697 "util/configlexer.lex" +{ LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 370: +case 379: YY_RULE_SETUP -#line 692 "util/configlexer.lex" +#line 701 "util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 371: +case 380: YY_RULE_SETUP -#line 696 "util/configlexer.lex" +#line 705 "util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 372: +case 381: YY_RULE_SETUP -#line 700 "util/configlexer.lex" +#line 709 "util/configlexer.lex" ECHO; YY_BREAK -#line 6479 "<stdout>" +#line 6594 "<stdout>" case YY_END_OF_BUFFER: { @@ -6773,7 +6888,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3683 ) + if ( yy_current_state >= 3778 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -6801,11 +6916,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3683 ) + if ( yy_current_state >= 3778 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 3682); + yy_is_jam = (yy_current_state == 3777); return yy_is_jam ? 0 : yy_current_state; } @@ -7444,6 +7559,6 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 700 "util/configlexer.lex" +#line 709 "util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index 4e4a96535870..3fcdfa62e033 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -209,9 +209,9 @@ SQANY [^\'\n\r\\]|\\. %x quotedstring singlequotedstr include include_quoted val include_toplevel include_toplevel_quoted %% -<INITIAL,val>{SPACE}* { +<INITIAL,val>{SPACE}* { LEXOUT(("SP ")); /* ignore */ } -<INITIAL,val>{SPACE}*{COMMENT}.* { +<INITIAL,val>{SPACE}*{COMMENT}.* { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } server{COLON} { YDVAR(0, VAR_SERVER) } @@ -227,6 +227,7 @@ outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) } incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } +do-nat64{COLON} { YDVAR(1, VAR_DO_NAT64) } prefer-ip4{COLON} { YDVAR(1, VAR_PREFER_IP4) } prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } @@ -240,6 +241,7 @@ tcp-reuse-timeout{COLON} { YDVAR(1, VAR_TCP_REUSE_TIMEOUT) } tcp-auth-query-timeout{COLON} { YDVAR(1, VAR_TCP_AUTH_QUERY_TIMEOUT) } edns-tcp-keepalive{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } edns-tcp-keepalive-timeout{COLON} { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } +sock-queue-timeout{COLON} { YDVAR(1, VAR_SOCK_QUEUE_TIMEOUT) } ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } tls-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } @@ -316,6 +318,7 @@ harden-dnssec-stripped{COLON} { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +harden-unknown-additional{COLON} { YDVAR(1, VAR_HARDEN_UNKNOWN_ADDITIONAL) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } @@ -413,7 +416,7 @@ val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } -val-nsec3-keysize-iterations{COLON} { +val-nsec3-keysize-iterations{COLON} { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } zonemd-permissive-mode{COLON} { YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } zonemd-check{COLON} { YDVAR(1, VAR_ZONEMD_CHECK) } @@ -462,6 +465,7 @@ max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) } dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) } dns64-ignore-aaaa{COLON} { YDVAR(1, VAR_DNS64_IGNORE_AAAA) } +nat64-prefix{COLON} { YDVAR(1, VAR_NAT64_PREFIX) } define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) } local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) } access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } @@ -503,6 +507,7 @@ dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } +ip-ratelimit-cookie{COLON} { YDVAR(1, VAR_IP_RATELIMIT_COOKIE) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } @@ -554,6 +559,8 @@ backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) } secret-seed{COLON} { YDVAR(1, VAR_CACHEDB_SECRETSEED) } redis-server-host{COLON} { YDVAR(1, VAR_CACHEDB_REDISHOST) } redis-server-port{COLON} { YDVAR(1, VAR_CACHEDB_REDISPORT) } +redis-server-path{COLON} { YDVAR(1, VAR_CACHEDB_REDISPATH) } +redis-server-password{COLON} { YDVAR(1, VAR_CACHEDB_REDISPASSWORD) } redis-timeout{COLON} { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } redis-expire-records{COLON} { YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } ipset{COLON} { YDVAR(0, VAR_IPSET) } @@ -561,6 +568,8 @@ name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) } name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) } udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +answer-cookie{COLON} { YDVAR(1, VAR_ANSWER_COOKIE ) } +cookie-secret{COLON} { YDVAR(1, VAR_COOKIE_SECRET) } edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } nsid{COLON} { YDVAR(1, VAR_NSID ) } @@ -576,7 +585,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } else { BEGIN(val); } } <quotedstring>{DQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } -<quotedstring>{NEWLINE} { yyerror("newline inside quoted string, no end \""); +<quotedstring>{NEWLINE} { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } <quotedstring>\" { LEXOUT(("QE ")); @@ -597,7 +606,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } else { BEGIN(val); } } <singlequotedstr>{SQANY}* { LEXOUT(("STR(%s) ", yytext)); yymore(); } -<singlequotedstr>{NEWLINE} { yyerror("newline inside quoted string, no end '"); +<singlequotedstr>{NEWLINE} { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } <singlequotedstr>\' { LEXOUT(("SQE ")); @@ -611,7 +620,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } } /* include: directive */ -<INITIAL,val>include{COLON} { +<INITIAL,val>include{COLON} { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } <include><<EOF>> { yyerror("EOF inside include directive"); @@ -630,7 +639,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } BEGIN(inc_prev); } <include_quoted>{DQANY}* { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } -<include_quoted>{NEWLINE} { yyerror("newline before \" in include name"); +<include_quoted>{NEWLINE} { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } <include_quoted>\" { LEXOUT(("IQE ")); @@ -685,7 +694,7 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) } return (VAR_FORCE_TOPLEVEL); } -<val>{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); +<val>{UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } diff --git a/util/configparser.c b/util/configparser.c index 2f481fd54c2a..b6271f12ab35 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -80,6 +80,7 @@ #include "util/configyyrename.h" #include "util/config_file.h" #include "util/net_help.h" +#include "sldns/str2wire.h" int ub_c_lex(void); void ub_c_error(const char *message); @@ -97,7 +98,7 @@ extern struct config_parser_state* cfg_parser; #endif -#line 101 "util/configparser.c" +#line 102 "util/configparser.c" # ifndef YY_CAST # ifdef __cplusplus @@ -146,684 +147,702 @@ enum yysymbol_kind_t YYSYMBOL_VAR_PREFER_IP4 = 18, /* VAR_PREFER_IP4 */ YYSYMBOL_VAR_DO_IP4 = 19, /* VAR_DO_IP4 */ YYSYMBOL_VAR_DO_IP6 = 20, /* VAR_DO_IP6 */ - YYSYMBOL_VAR_PREFER_IP6 = 21, /* VAR_PREFER_IP6 */ - YYSYMBOL_VAR_DO_UDP = 22, /* VAR_DO_UDP */ - YYSYMBOL_VAR_DO_TCP = 23, /* VAR_DO_TCP */ - YYSYMBOL_VAR_TCP_MSS = 24, /* VAR_TCP_MSS */ - YYSYMBOL_VAR_OUTGOING_TCP_MSS = 25, /* VAR_OUTGOING_TCP_MSS */ - YYSYMBOL_VAR_TCP_IDLE_TIMEOUT = 26, /* VAR_TCP_IDLE_TIMEOUT */ - YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE = 27, /* VAR_EDNS_TCP_KEEPALIVE */ - YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 28, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ - YYSYMBOL_VAR_CHROOT = 29, /* VAR_CHROOT */ - YYSYMBOL_VAR_USERNAME = 30, /* VAR_USERNAME */ - YYSYMBOL_VAR_DIRECTORY = 31, /* VAR_DIRECTORY */ - YYSYMBOL_VAR_LOGFILE = 32, /* VAR_LOGFILE */ - YYSYMBOL_VAR_PIDFILE = 33, /* VAR_PIDFILE */ - YYSYMBOL_VAR_MSG_CACHE_SIZE = 34, /* VAR_MSG_CACHE_SIZE */ - YYSYMBOL_VAR_MSG_CACHE_SLABS = 35, /* VAR_MSG_CACHE_SLABS */ - YYSYMBOL_VAR_NUM_QUERIES_PER_THREAD = 36, /* VAR_NUM_QUERIES_PER_THREAD */ - YYSYMBOL_VAR_RRSET_CACHE_SIZE = 37, /* VAR_RRSET_CACHE_SIZE */ - YYSYMBOL_VAR_RRSET_CACHE_SLABS = 38, /* VAR_RRSET_CACHE_SLABS */ - YYSYMBOL_VAR_OUTGOING_NUM_TCP = 39, /* VAR_OUTGOING_NUM_TCP */ - YYSYMBOL_VAR_INFRA_HOST_TTL = 40, /* VAR_INFRA_HOST_TTL */ - YYSYMBOL_VAR_INFRA_LAME_TTL = 41, /* VAR_INFRA_LAME_TTL */ - YYSYMBOL_VAR_INFRA_CACHE_SLABS = 42, /* VAR_INFRA_CACHE_SLABS */ - YYSYMBOL_VAR_INFRA_CACHE_NUMHOSTS = 43, /* VAR_INFRA_CACHE_NUMHOSTS */ - YYSYMBOL_VAR_INFRA_CACHE_LAME_SIZE = 44, /* VAR_INFRA_CACHE_LAME_SIZE */ - YYSYMBOL_VAR_NAME = 45, /* VAR_NAME */ - YYSYMBOL_VAR_STUB_ZONE = 46, /* VAR_STUB_ZONE */ - YYSYMBOL_VAR_STUB_HOST = 47, /* VAR_STUB_HOST */ - YYSYMBOL_VAR_STUB_ADDR = 48, /* VAR_STUB_ADDR */ - YYSYMBOL_VAR_TARGET_FETCH_POLICY = 49, /* VAR_TARGET_FETCH_POLICY */ - YYSYMBOL_VAR_HARDEN_SHORT_BUFSIZE = 50, /* VAR_HARDEN_SHORT_BUFSIZE */ - YYSYMBOL_VAR_HARDEN_LARGE_QUERIES = 51, /* VAR_HARDEN_LARGE_QUERIES */ - YYSYMBOL_VAR_FORWARD_ZONE = 52, /* VAR_FORWARD_ZONE */ - YYSYMBOL_VAR_FORWARD_HOST = 53, /* VAR_FORWARD_HOST */ - YYSYMBOL_VAR_FORWARD_ADDR = 54, /* VAR_FORWARD_ADDR */ - YYSYMBOL_VAR_DO_NOT_QUERY_ADDRESS = 55, /* VAR_DO_NOT_QUERY_ADDRESS */ - YYSYMBOL_VAR_HIDE_IDENTITY = 56, /* VAR_HIDE_IDENTITY */ - YYSYMBOL_VAR_HIDE_VERSION = 57, /* VAR_HIDE_VERSION */ - YYSYMBOL_VAR_IDENTITY = 58, /* VAR_IDENTITY */ - YYSYMBOL_VAR_VERSION = 59, /* VAR_VERSION */ - YYSYMBOL_VAR_HARDEN_GLUE = 60, /* VAR_HARDEN_GLUE */ - YYSYMBOL_VAR_MODULE_CONF = 61, /* VAR_MODULE_CONF */ - YYSYMBOL_VAR_TRUST_ANCHOR_FILE = 62, /* VAR_TRUST_ANCHOR_FILE */ - YYSYMBOL_VAR_TRUST_ANCHOR = 63, /* VAR_TRUST_ANCHOR */ - YYSYMBOL_VAR_VAL_OVERRIDE_DATE = 64, /* VAR_VAL_OVERRIDE_DATE */ - YYSYMBOL_VAR_BOGUS_TTL = 65, /* VAR_BOGUS_TTL */ - YYSYMBOL_VAR_VAL_CLEAN_ADDITIONAL = 66, /* VAR_VAL_CLEAN_ADDITIONAL */ - YYSYMBOL_VAR_VAL_PERMISSIVE_MODE = 67, /* VAR_VAL_PERMISSIVE_MODE */ - YYSYMBOL_VAR_INCOMING_NUM_TCP = 68, /* VAR_INCOMING_NUM_TCP */ - YYSYMBOL_VAR_MSG_BUFFER_SIZE = 69, /* VAR_MSG_BUFFER_SIZE */ - YYSYMBOL_VAR_KEY_CACHE_SIZE = 70, /* VAR_KEY_CACHE_SIZE */ - YYSYMBOL_VAR_KEY_CACHE_SLABS = 71, /* VAR_KEY_CACHE_SLABS */ - YYSYMBOL_VAR_TRUSTED_KEYS_FILE = 72, /* VAR_TRUSTED_KEYS_FILE */ - YYSYMBOL_VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 73, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ - YYSYMBOL_VAR_USE_SYSLOG = 74, /* VAR_USE_SYSLOG */ - YYSYMBOL_VAR_OUTGOING_INTERFACE = 75, /* VAR_OUTGOING_INTERFACE */ - YYSYMBOL_VAR_ROOT_HINTS = 76, /* VAR_ROOT_HINTS */ - YYSYMBOL_VAR_DO_NOT_QUERY_LOCALHOST = 77, /* VAR_DO_NOT_QUERY_LOCALHOST */ - YYSYMBOL_VAR_CACHE_MAX_TTL = 78, /* VAR_CACHE_MAX_TTL */ - YYSYMBOL_VAR_HARDEN_DNSSEC_STRIPPED = 79, /* VAR_HARDEN_DNSSEC_STRIPPED */ - YYSYMBOL_VAR_ACCESS_CONTROL = 80, /* VAR_ACCESS_CONTROL */ - YYSYMBOL_VAR_LOCAL_ZONE = 81, /* VAR_LOCAL_ZONE */ - YYSYMBOL_VAR_LOCAL_DATA = 82, /* VAR_LOCAL_DATA */ - YYSYMBOL_VAR_INTERFACE_AUTOMATIC = 83, /* VAR_INTERFACE_AUTOMATIC */ - YYSYMBOL_VAR_STATISTICS_INTERVAL = 84, /* VAR_STATISTICS_INTERVAL */ - YYSYMBOL_VAR_DO_DAEMONIZE = 85, /* VAR_DO_DAEMONIZE */ - YYSYMBOL_VAR_USE_CAPS_FOR_ID = 86, /* VAR_USE_CAPS_FOR_ID */ - YYSYMBOL_VAR_STATISTICS_CUMULATIVE = 87, /* VAR_STATISTICS_CUMULATIVE */ - YYSYMBOL_VAR_OUTGOING_PORT_PERMIT = 88, /* VAR_OUTGOING_PORT_PERMIT */ - YYSYMBOL_VAR_OUTGOING_PORT_AVOID = 89, /* VAR_OUTGOING_PORT_AVOID */ - YYSYMBOL_VAR_DLV_ANCHOR_FILE = 90, /* VAR_DLV_ANCHOR_FILE */ - YYSYMBOL_VAR_DLV_ANCHOR = 91, /* VAR_DLV_ANCHOR */ - YYSYMBOL_VAR_NEG_CACHE_SIZE = 92, /* VAR_NEG_CACHE_SIZE */ - YYSYMBOL_VAR_HARDEN_REFERRAL_PATH = 93, /* VAR_HARDEN_REFERRAL_PATH */ - YYSYMBOL_VAR_PRIVATE_ADDRESS = 94, /* VAR_PRIVATE_ADDRESS */ - YYSYMBOL_VAR_PRIVATE_DOMAIN = 95, /* VAR_PRIVATE_DOMAIN */ - YYSYMBOL_VAR_REMOTE_CONTROL = 96, /* VAR_REMOTE_CONTROL */ - YYSYMBOL_VAR_CONTROL_ENABLE = 97, /* VAR_CONTROL_ENABLE */ - YYSYMBOL_VAR_CONTROL_INTERFACE = 98, /* VAR_CONTROL_INTERFACE */ - YYSYMBOL_VAR_CONTROL_PORT = 99, /* VAR_CONTROL_PORT */ - YYSYMBOL_VAR_SERVER_KEY_FILE = 100, /* VAR_SERVER_KEY_FILE */ - YYSYMBOL_VAR_SERVER_CERT_FILE = 101, /* VAR_SERVER_CERT_FILE */ - YYSYMBOL_VAR_CONTROL_KEY_FILE = 102, /* VAR_CONTROL_KEY_FILE */ - YYSYMBOL_VAR_CONTROL_CERT_FILE = 103, /* VAR_CONTROL_CERT_FILE */ - YYSYMBOL_VAR_CONTROL_USE_CERT = 104, /* VAR_CONTROL_USE_CERT */ - YYSYMBOL_VAR_TCP_REUSE_TIMEOUT = 105, /* VAR_TCP_REUSE_TIMEOUT */ - YYSYMBOL_VAR_MAX_REUSE_TCP_QUERIES = 106, /* VAR_MAX_REUSE_TCP_QUERIES */ - YYSYMBOL_VAR_EXTENDED_STATISTICS = 107, /* VAR_EXTENDED_STATISTICS */ - YYSYMBOL_VAR_LOCAL_DATA_PTR = 108, /* VAR_LOCAL_DATA_PTR */ - YYSYMBOL_VAR_JOSTLE_TIMEOUT = 109, /* VAR_JOSTLE_TIMEOUT */ - YYSYMBOL_VAR_STUB_PRIME = 110, /* VAR_STUB_PRIME */ - YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 111, /* VAR_UNWANTED_REPLY_THRESHOLD */ - YYSYMBOL_VAR_LOG_TIME_ASCII = 112, /* VAR_LOG_TIME_ASCII */ - YYSYMBOL_VAR_DOMAIN_INSECURE = 113, /* VAR_DOMAIN_INSECURE */ - YYSYMBOL_VAR_PYTHON = 114, /* VAR_PYTHON */ - YYSYMBOL_VAR_PYTHON_SCRIPT = 115, /* VAR_PYTHON_SCRIPT */ - YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 116, /* VAR_VAL_SIG_SKEW_MIN */ - YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 117, /* VAR_VAL_SIG_SKEW_MAX */ - YYSYMBOL_VAR_VAL_MAX_RESTART = 118, /* VAR_VAL_MAX_RESTART */ - YYSYMBOL_VAR_CACHE_MIN_TTL = 119, /* VAR_CACHE_MIN_TTL */ - YYSYMBOL_VAR_VAL_LOG_LEVEL = 120, /* VAR_VAL_LOG_LEVEL */ - YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 121, /* VAR_AUTO_TRUST_ANCHOR_FILE */ - YYSYMBOL_VAR_KEEP_MISSING = 122, /* VAR_KEEP_MISSING */ - YYSYMBOL_VAR_ADD_HOLDDOWN = 123, /* VAR_ADD_HOLDDOWN */ - YYSYMBOL_VAR_DEL_HOLDDOWN = 124, /* VAR_DEL_HOLDDOWN */ - YYSYMBOL_VAR_SO_RCVBUF = 125, /* VAR_SO_RCVBUF */ - YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 126, /* VAR_EDNS_BUFFER_SIZE */ - YYSYMBOL_VAR_PREFETCH = 127, /* VAR_PREFETCH */ - YYSYMBOL_VAR_PREFETCH_KEY = 128, /* VAR_PREFETCH_KEY */ - YYSYMBOL_VAR_SO_SNDBUF = 129, /* VAR_SO_SNDBUF */ - YYSYMBOL_VAR_SO_REUSEPORT = 130, /* VAR_SO_REUSEPORT */ - YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 131, /* VAR_HARDEN_BELOW_NXDOMAIN */ - YYSYMBOL_VAR_IGNORE_CD_FLAG = 132, /* VAR_IGNORE_CD_FLAG */ - YYSYMBOL_VAR_LOG_QUERIES = 133, /* VAR_LOG_QUERIES */ - YYSYMBOL_VAR_LOG_REPLIES = 134, /* VAR_LOG_REPLIES */ - YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 135, /* VAR_LOG_LOCAL_ACTIONS */ - YYSYMBOL_VAR_TCP_UPSTREAM = 136, /* VAR_TCP_UPSTREAM */ - YYSYMBOL_VAR_SSL_UPSTREAM = 137, /* VAR_SSL_UPSTREAM */ - YYSYMBOL_VAR_TCP_AUTH_QUERY_TIMEOUT = 138, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ - YYSYMBOL_VAR_SSL_SERVICE_KEY = 139, /* VAR_SSL_SERVICE_KEY */ - YYSYMBOL_VAR_SSL_SERVICE_PEM = 140, /* VAR_SSL_SERVICE_PEM */ - YYSYMBOL_VAR_SSL_PORT = 141, /* VAR_SSL_PORT */ - YYSYMBOL_VAR_FORWARD_FIRST = 142, /* VAR_FORWARD_FIRST */ - YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 143, /* VAR_STUB_SSL_UPSTREAM */ - YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 144, /* VAR_FORWARD_SSL_UPSTREAM */ - YYSYMBOL_VAR_TLS_CERT_BUNDLE = 145, /* VAR_TLS_CERT_BUNDLE */ - YYSYMBOL_VAR_STUB_TCP_UPSTREAM = 146, /* VAR_STUB_TCP_UPSTREAM */ - YYSYMBOL_VAR_FORWARD_TCP_UPSTREAM = 147, /* VAR_FORWARD_TCP_UPSTREAM */ - YYSYMBOL_VAR_HTTPS_PORT = 148, /* VAR_HTTPS_PORT */ - YYSYMBOL_VAR_HTTP_ENDPOINT = 149, /* VAR_HTTP_ENDPOINT */ - YYSYMBOL_VAR_HTTP_MAX_STREAMS = 150, /* VAR_HTTP_MAX_STREAMS */ - YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 151, /* VAR_HTTP_QUERY_BUFFER_SIZE */ - YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 152, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ - YYSYMBOL_VAR_HTTP_NODELAY = 153, /* VAR_HTTP_NODELAY */ - YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 154, /* VAR_HTTP_NOTLS_DOWNSTREAM */ - YYSYMBOL_VAR_STUB_FIRST = 155, /* VAR_STUB_FIRST */ - YYSYMBOL_VAR_MINIMAL_RESPONSES = 156, /* VAR_MINIMAL_RESPONSES */ - YYSYMBOL_VAR_RRSET_ROUNDROBIN = 157, /* VAR_RRSET_ROUNDROBIN */ - YYSYMBOL_VAR_MAX_UDP_SIZE = 158, /* VAR_MAX_UDP_SIZE */ - YYSYMBOL_VAR_DELAY_CLOSE = 159, /* VAR_DELAY_CLOSE */ - YYSYMBOL_VAR_UDP_CONNECT = 160, /* VAR_UDP_CONNECT */ - YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 161, /* VAR_UNBLOCK_LAN_ZONES */ - YYSYMBOL_VAR_INSECURE_LAN_ZONES = 162, /* VAR_INSECURE_LAN_ZONES */ - YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 163, /* VAR_INFRA_CACHE_MIN_RTT */ - YYSYMBOL_VAR_INFRA_CACHE_MAX_RTT = 164, /* VAR_INFRA_CACHE_MAX_RTT */ - YYSYMBOL_VAR_INFRA_KEEP_PROBING = 165, /* VAR_INFRA_KEEP_PROBING */ - YYSYMBOL_VAR_DNS64_PREFIX = 166, /* VAR_DNS64_PREFIX */ - YYSYMBOL_VAR_DNS64_SYNTHALL = 167, /* VAR_DNS64_SYNTHALL */ - YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 168, /* VAR_DNS64_IGNORE_AAAA */ - YYSYMBOL_VAR_DNSTAP = 169, /* VAR_DNSTAP */ - YYSYMBOL_VAR_DNSTAP_ENABLE = 170, /* VAR_DNSTAP_ENABLE */ - YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 171, /* VAR_DNSTAP_SOCKET_PATH */ - YYSYMBOL_VAR_DNSTAP_IP = 172, /* VAR_DNSTAP_IP */ - YYSYMBOL_VAR_DNSTAP_TLS = 173, /* VAR_DNSTAP_TLS */ - YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 174, /* VAR_DNSTAP_TLS_SERVER_NAME */ - YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 175, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ - YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 176, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ - YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 177, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ - YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 178, /* VAR_DNSTAP_SEND_IDENTITY */ - YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 179, /* VAR_DNSTAP_SEND_VERSION */ - YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 180, /* VAR_DNSTAP_BIDIRECTIONAL */ - YYSYMBOL_VAR_DNSTAP_IDENTITY = 181, /* VAR_DNSTAP_IDENTITY */ - YYSYMBOL_VAR_DNSTAP_VERSION = 182, /* VAR_DNSTAP_VERSION */ - YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 183, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 184, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 185, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 186, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 187, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ - YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 188, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ - YYSYMBOL_VAR_RESPONSE_IP_TAG = 189, /* VAR_RESPONSE_IP_TAG */ - YYSYMBOL_VAR_RESPONSE_IP = 190, /* VAR_RESPONSE_IP */ - YYSYMBOL_VAR_RESPONSE_IP_DATA = 191, /* VAR_RESPONSE_IP_DATA */ - YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 192, /* VAR_HARDEN_ALGO_DOWNGRADE */ - YYSYMBOL_VAR_IP_TRANSPARENT = 193, /* VAR_IP_TRANSPARENT */ - YYSYMBOL_VAR_IP_DSCP = 194, /* VAR_IP_DSCP */ - YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 195, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ - YYSYMBOL_VAR_IP_RATELIMIT = 196, /* VAR_IP_RATELIMIT */ - YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 197, /* VAR_IP_RATELIMIT_SLABS */ - YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 198, /* VAR_IP_RATELIMIT_SIZE */ - YYSYMBOL_VAR_RATELIMIT = 199, /* VAR_RATELIMIT */ - YYSYMBOL_VAR_RATELIMIT_SLABS = 200, /* VAR_RATELIMIT_SLABS */ - YYSYMBOL_VAR_RATELIMIT_SIZE = 201, /* VAR_RATELIMIT_SIZE */ - YYSYMBOL_VAR_OUTBOUND_MSG_RETRY = 202, /* VAR_OUTBOUND_MSG_RETRY */ - YYSYMBOL_VAR_MAX_SENT_COUNT = 203, /* VAR_MAX_SENT_COUNT */ - YYSYMBOL_VAR_MAX_QUERY_RESTARTS = 204, /* VAR_MAX_QUERY_RESTARTS */ - YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 205, /* VAR_RATELIMIT_FOR_DOMAIN */ - YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 206, /* VAR_RATELIMIT_BELOW_DOMAIN */ - YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 207, /* VAR_IP_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_RATELIMIT_FACTOR = 208, /* VAR_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_IP_RATELIMIT_BACKOFF = 209, /* VAR_IP_RATELIMIT_BACKOFF */ - YYSYMBOL_VAR_RATELIMIT_BACKOFF = 210, /* VAR_RATELIMIT_BACKOFF */ - YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 211, /* VAR_SEND_CLIENT_SUBNET */ - YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 212, /* VAR_CLIENT_SUBNET_ZONE */ - YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 213, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 214, /* VAR_CLIENT_SUBNET_OPCODE */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 215, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 216, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 217, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 218, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 219, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 220, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - YYSYMBOL_VAR_CAPS_WHITELIST = 221, /* VAR_CAPS_WHITELIST */ - YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 222, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 223, /* VAR_PERMIT_SMALL_HOLDDOWN */ - YYSYMBOL_VAR_QNAME_MINIMISATION = 224, /* VAR_QNAME_MINIMISATION */ - YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 225, /* VAR_QNAME_MINIMISATION_STRICT */ - YYSYMBOL_VAR_IP_FREEBIND = 226, /* VAR_IP_FREEBIND */ - YYSYMBOL_VAR_DEFINE_TAG = 227, /* VAR_DEFINE_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_TAG = 228, /* VAR_LOCAL_ZONE_TAG */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 229, /* VAR_ACCESS_CONTROL_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 230, /* VAR_LOCAL_ZONE_OVERRIDE */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 231, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 232, /* VAR_ACCESS_CONTROL_TAG_DATA */ - YYSYMBOL_VAR_VIEW = 233, /* VAR_VIEW */ - YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 234, /* VAR_ACCESS_CONTROL_VIEW */ - YYSYMBOL_VAR_VIEW_FIRST = 235, /* VAR_VIEW_FIRST */ - YYSYMBOL_VAR_SERVE_EXPIRED = 236, /* VAR_SERVE_EXPIRED */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 237, /* VAR_SERVE_EXPIRED_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 238, /* VAR_SERVE_EXPIRED_TTL_RESET */ - YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 239, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 240, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - YYSYMBOL_VAR_EDE_SERVE_EXPIRED = 241, /* VAR_EDE_SERVE_EXPIRED */ - YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 242, /* VAR_SERVE_ORIGINAL_TTL */ - YYSYMBOL_VAR_FAKE_DSA = 243, /* VAR_FAKE_DSA */ - YYSYMBOL_VAR_FAKE_SHA1 = 244, /* VAR_FAKE_SHA1 */ - YYSYMBOL_VAR_LOG_IDENTITY = 245, /* VAR_LOG_IDENTITY */ - YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 246, /* VAR_HIDE_TRUSTANCHOR */ - YYSYMBOL_VAR_HIDE_HTTP_USER_AGENT = 247, /* VAR_HIDE_HTTP_USER_AGENT */ - YYSYMBOL_VAR_HTTP_USER_AGENT = 248, /* VAR_HTTP_USER_AGENT */ - YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 249, /* VAR_TRUST_ANCHOR_SIGNALING */ - YYSYMBOL_VAR_AGGRESSIVE_NSEC = 250, /* VAR_AGGRESSIVE_NSEC */ - YYSYMBOL_VAR_USE_SYSTEMD = 251, /* VAR_USE_SYSTEMD */ - YYSYMBOL_VAR_SHM_ENABLE = 252, /* VAR_SHM_ENABLE */ - YYSYMBOL_VAR_SHM_KEY = 253, /* VAR_SHM_KEY */ - YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 254, /* VAR_ROOT_KEY_SENTINEL */ - YYSYMBOL_VAR_DNSCRYPT = 255, /* VAR_DNSCRYPT */ - YYSYMBOL_VAR_DNSCRYPT_ENABLE = 256, /* VAR_DNSCRYPT_ENABLE */ - YYSYMBOL_VAR_DNSCRYPT_PORT = 257, /* VAR_DNSCRYPT_PORT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 258, /* VAR_DNSCRYPT_PROVIDER */ - YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 259, /* VAR_DNSCRYPT_SECRET_KEY */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 260, /* VAR_DNSCRYPT_PROVIDER_CERT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 261, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 262, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 263, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 264, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 265, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - YYSYMBOL_VAR_PAD_RESPONSES = 266, /* VAR_PAD_RESPONSES */ - YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 267, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - YYSYMBOL_VAR_PAD_QUERIES = 268, /* VAR_PAD_QUERIES */ - YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 269, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - YYSYMBOL_VAR_IPSECMOD_ENABLED = 270, /* VAR_IPSECMOD_ENABLED */ - YYSYMBOL_VAR_IPSECMOD_HOOK = 271, /* VAR_IPSECMOD_HOOK */ - YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 272, /* VAR_IPSECMOD_IGNORE_BOGUS */ - YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 273, /* VAR_IPSECMOD_MAX_TTL */ - YYSYMBOL_VAR_IPSECMOD_WHITELIST = 274, /* VAR_IPSECMOD_WHITELIST */ - YYSYMBOL_VAR_IPSECMOD_STRICT = 275, /* VAR_IPSECMOD_STRICT */ - YYSYMBOL_VAR_CACHEDB = 276, /* VAR_CACHEDB */ - YYSYMBOL_VAR_CACHEDB_BACKEND = 277, /* VAR_CACHEDB_BACKEND */ - YYSYMBOL_VAR_CACHEDB_SECRETSEED = 278, /* VAR_CACHEDB_SECRETSEED */ - YYSYMBOL_VAR_CACHEDB_REDISHOST = 279, /* VAR_CACHEDB_REDISHOST */ - YYSYMBOL_VAR_CACHEDB_REDISPORT = 280, /* VAR_CACHEDB_REDISPORT */ - YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 281, /* VAR_CACHEDB_REDISTIMEOUT */ - YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 282, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 283, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - YYSYMBOL_VAR_FOR_UPSTREAM = 284, /* VAR_FOR_UPSTREAM */ - YYSYMBOL_VAR_AUTH_ZONE = 285, /* VAR_AUTH_ZONE */ - YYSYMBOL_VAR_ZONEFILE = 286, /* VAR_ZONEFILE */ - YYSYMBOL_VAR_MASTER = 287, /* VAR_MASTER */ - YYSYMBOL_VAR_URL = 288, /* VAR_URL */ - YYSYMBOL_VAR_FOR_DOWNSTREAM = 289, /* VAR_FOR_DOWNSTREAM */ - YYSYMBOL_VAR_FALLBACK_ENABLED = 290, /* VAR_FALLBACK_ENABLED */ - YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 291, /* VAR_TLS_ADDITIONAL_PORT */ - YYSYMBOL_VAR_LOW_RTT = 292, /* VAR_LOW_RTT */ - YYSYMBOL_VAR_LOW_RTT_PERMIL = 293, /* VAR_LOW_RTT_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_PERMIL = 294, /* VAR_FAST_SERVER_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_NUM = 295, /* VAR_FAST_SERVER_NUM */ - YYSYMBOL_VAR_ALLOW_NOTIFY = 296, /* VAR_ALLOW_NOTIFY */ - YYSYMBOL_VAR_TLS_WIN_CERT = 297, /* VAR_TLS_WIN_CERT */ - YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 298, /* VAR_TCP_CONNECTION_LIMIT */ - YYSYMBOL_VAR_FORWARD_NO_CACHE = 299, /* VAR_FORWARD_NO_CACHE */ - YYSYMBOL_VAR_STUB_NO_CACHE = 300, /* VAR_STUB_NO_CACHE */ - YYSYMBOL_VAR_LOG_SERVFAIL = 301, /* VAR_LOG_SERVFAIL */ - YYSYMBOL_VAR_DENY_ANY = 302, /* VAR_DENY_ANY */ - YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 303, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 304, /* VAR_LOG_TAG_QUERYREPLY */ - YYSYMBOL_VAR_STREAM_WAIT_SIZE = 305, /* VAR_STREAM_WAIT_SIZE */ - YYSYMBOL_VAR_TLS_CIPHERS = 306, /* VAR_TLS_CIPHERS */ - YYSYMBOL_VAR_TLS_CIPHERSUITES = 307, /* VAR_TLS_CIPHERSUITES */ - YYSYMBOL_VAR_TLS_USE_SNI = 308, /* VAR_TLS_USE_SNI */ - YYSYMBOL_VAR_IPSET = 309, /* VAR_IPSET */ - YYSYMBOL_VAR_IPSET_NAME_V4 = 310, /* VAR_IPSET_NAME_V4 */ - YYSYMBOL_VAR_IPSET_NAME_V6 = 311, /* VAR_IPSET_NAME_V6 */ - YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 312, /* VAR_TLS_SESSION_TICKET_KEYS */ - YYSYMBOL_VAR_RPZ = 313, /* VAR_RPZ */ - YYSYMBOL_VAR_TAGS = 314, /* VAR_TAGS */ - YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 315, /* VAR_RPZ_ACTION_OVERRIDE */ - YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 316, /* VAR_RPZ_CNAME_OVERRIDE */ - YYSYMBOL_VAR_RPZ_LOG = 317, /* VAR_RPZ_LOG */ - YYSYMBOL_VAR_RPZ_LOG_NAME = 318, /* VAR_RPZ_LOG_NAME */ - YYSYMBOL_VAR_DYNLIB = 319, /* VAR_DYNLIB */ - YYSYMBOL_VAR_DYNLIB_FILE = 320, /* VAR_DYNLIB_FILE */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING = 321, /* VAR_EDNS_CLIENT_STRING */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 322, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - YYSYMBOL_VAR_NSID = 323, /* VAR_NSID */ - YYSYMBOL_VAR_ZONEMD_PERMISSIVE_MODE = 324, /* VAR_ZONEMD_PERMISSIVE_MODE */ - YYSYMBOL_VAR_ZONEMD_CHECK = 325, /* VAR_ZONEMD_CHECK */ - YYSYMBOL_VAR_ZONEMD_REJECT_ABSENCE = 326, /* VAR_ZONEMD_REJECT_ABSENCE */ - YYSYMBOL_VAR_RPZ_SIGNAL_NXDOMAIN_RA = 327, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ - YYSYMBOL_VAR_INTERFACE_AUTOMATIC_PORTS = 328, /* VAR_INTERFACE_AUTOMATIC_PORTS */ - YYSYMBOL_VAR_EDE = 329, /* VAR_EDE */ - YYSYMBOL_VAR_INTERFACE_ACTION = 330, /* VAR_INTERFACE_ACTION */ - YYSYMBOL_VAR_INTERFACE_VIEW = 331, /* VAR_INTERFACE_VIEW */ - YYSYMBOL_VAR_INTERFACE_TAG = 332, /* VAR_INTERFACE_TAG */ - YYSYMBOL_VAR_INTERFACE_TAG_ACTION = 333, /* VAR_INTERFACE_TAG_ACTION */ - YYSYMBOL_VAR_INTERFACE_TAG_DATA = 334, /* VAR_INTERFACE_TAG_DATA */ - YYSYMBOL_VAR_PROXY_PROTOCOL_PORT = 335, /* VAR_PROXY_PROTOCOL_PORT */ - YYSYMBOL_VAR_STATISTICS_INHIBIT_ZERO = 336, /* VAR_STATISTICS_INHIBIT_ZERO */ - YYSYMBOL_YYACCEPT = 337, /* $accept */ - YYSYMBOL_toplevelvars = 338, /* toplevelvars */ - YYSYMBOL_toplevelvar = 339, /* toplevelvar */ - YYSYMBOL_force_toplevel = 340, /* force_toplevel */ - YYSYMBOL_serverstart = 341, /* serverstart */ - YYSYMBOL_contents_server = 342, /* contents_server */ - YYSYMBOL_content_server = 343, /* content_server */ - YYSYMBOL_stubstart = 344, /* stubstart */ - YYSYMBOL_contents_stub = 345, /* contents_stub */ - YYSYMBOL_content_stub = 346, /* content_stub */ - YYSYMBOL_forwardstart = 347, /* forwardstart */ - YYSYMBOL_contents_forward = 348, /* contents_forward */ - YYSYMBOL_content_forward = 349, /* content_forward */ - YYSYMBOL_viewstart = 350, /* viewstart */ - YYSYMBOL_contents_view = 351, /* contents_view */ - YYSYMBOL_content_view = 352, /* content_view */ - YYSYMBOL_authstart = 353, /* authstart */ - YYSYMBOL_contents_auth = 354, /* contents_auth */ - YYSYMBOL_content_auth = 355, /* content_auth */ - YYSYMBOL_rpz_tag = 356, /* rpz_tag */ - YYSYMBOL_rpz_action_override = 357, /* rpz_action_override */ - YYSYMBOL_rpz_cname_override = 358, /* rpz_cname_override */ - YYSYMBOL_rpz_log = 359, /* rpz_log */ - YYSYMBOL_rpz_log_name = 360, /* rpz_log_name */ - YYSYMBOL_rpz_signal_nxdomain_ra = 361, /* rpz_signal_nxdomain_ra */ - YYSYMBOL_rpzstart = 362, /* rpzstart */ - YYSYMBOL_contents_rpz = 363, /* contents_rpz */ - YYSYMBOL_content_rpz = 364, /* content_rpz */ - YYSYMBOL_server_num_threads = 365, /* server_num_threads */ - YYSYMBOL_server_verbosity = 366, /* server_verbosity */ - YYSYMBOL_server_statistics_interval = 367, /* server_statistics_interval */ - YYSYMBOL_server_statistics_cumulative = 368, /* server_statistics_cumulative */ - YYSYMBOL_server_extended_statistics = 369, /* server_extended_statistics */ - YYSYMBOL_server_statistics_inhibit_zero = 370, /* server_statistics_inhibit_zero */ - YYSYMBOL_server_shm_enable = 371, /* server_shm_enable */ - YYSYMBOL_server_shm_key = 372, /* server_shm_key */ - YYSYMBOL_server_port = 373, /* server_port */ - YYSYMBOL_server_send_client_subnet = 374, /* server_send_client_subnet */ - YYSYMBOL_server_client_subnet_zone = 375, /* server_client_subnet_zone */ - YYSYMBOL_server_client_subnet_always_forward = 376, /* server_client_subnet_always_forward */ - YYSYMBOL_server_client_subnet_opcode = 377, /* server_client_subnet_opcode */ - YYSYMBOL_server_max_client_subnet_ipv4 = 378, /* server_max_client_subnet_ipv4 */ - YYSYMBOL_server_max_client_subnet_ipv6 = 379, /* server_max_client_subnet_ipv6 */ - YYSYMBOL_server_min_client_subnet_ipv4 = 380, /* server_min_client_subnet_ipv4 */ - YYSYMBOL_server_min_client_subnet_ipv6 = 381, /* server_min_client_subnet_ipv6 */ - YYSYMBOL_server_max_ecs_tree_size_ipv4 = 382, /* server_max_ecs_tree_size_ipv4 */ - YYSYMBOL_server_max_ecs_tree_size_ipv6 = 383, /* server_max_ecs_tree_size_ipv6 */ - YYSYMBOL_server_interface = 384, /* server_interface */ - YYSYMBOL_server_outgoing_interface = 385, /* server_outgoing_interface */ - YYSYMBOL_server_outgoing_range = 386, /* server_outgoing_range */ - YYSYMBOL_server_outgoing_port_permit = 387, /* server_outgoing_port_permit */ - YYSYMBOL_server_outgoing_port_avoid = 388, /* server_outgoing_port_avoid */ - YYSYMBOL_server_outgoing_num_tcp = 389, /* server_outgoing_num_tcp */ - YYSYMBOL_server_incoming_num_tcp = 390, /* server_incoming_num_tcp */ - YYSYMBOL_server_interface_automatic = 391, /* server_interface_automatic */ - YYSYMBOL_server_interface_automatic_ports = 392, /* server_interface_automatic_ports */ - YYSYMBOL_server_do_ip4 = 393, /* server_do_ip4 */ - YYSYMBOL_server_do_ip6 = 394, /* server_do_ip6 */ - YYSYMBOL_server_do_udp = 395, /* server_do_udp */ - YYSYMBOL_server_do_tcp = 396, /* server_do_tcp */ - YYSYMBOL_server_prefer_ip4 = 397, /* server_prefer_ip4 */ - YYSYMBOL_server_prefer_ip6 = 398, /* server_prefer_ip6 */ - YYSYMBOL_server_tcp_mss = 399, /* server_tcp_mss */ - YYSYMBOL_server_outgoing_tcp_mss = 400, /* server_outgoing_tcp_mss */ - YYSYMBOL_server_tcp_idle_timeout = 401, /* server_tcp_idle_timeout */ - YYSYMBOL_server_max_reuse_tcp_queries = 402, /* server_max_reuse_tcp_queries */ - YYSYMBOL_server_tcp_reuse_timeout = 403, /* server_tcp_reuse_timeout */ - YYSYMBOL_server_tcp_auth_query_timeout = 404, /* server_tcp_auth_query_timeout */ - YYSYMBOL_server_tcp_keepalive = 405, /* server_tcp_keepalive */ - YYSYMBOL_server_tcp_keepalive_timeout = 406, /* server_tcp_keepalive_timeout */ - YYSYMBOL_server_tcp_upstream = 407, /* server_tcp_upstream */ - YYSYMBOL_server_udp_upstream_without_downstream = 408, /* server_udp_upstream_without_downstream */ - YYSYMBOL_server_ssl_upstream = 409, /* server_ssl_upstream */ - YYSYMBOL_server_ssl_service_key = 410, /* server_ssl_service_key */ - YYSYMBOL_server_ssl_service_pem = 411, /* server_ssl_service_pem */ - YYSYMBOL_server_ssl_port = 412, /* server_ssl_port */ - YYSYMBOL_server_tls_cert_bundle = 413, /* server_tls_cert_bundle */ - YYSYMBOL_server_tls_win_cert = 414, /* server_tls_win_cert */ - YYSYMBOL_server_tls_additional_port = 415, /* server_tls_additional_port */ - YYSYMBOL_server_tls_ciphers = 416, /* server_tls_ciphers */ - YYSYMBOL_server_tls_ciphersuites = 417, /* server_tls_ciphersuites */ - YYSYMBOL_server_tls_session_ticket_keys = 418, /* server_tls_session_ticket_keys */ - YYSYMBOL_server_tls_use_sni = 419, /* server_tls_use_sni */ - YYSYMBOL_server_https_port = 420, /* server_https_port */ - YYSYMBOL_server_http_endpoint = 421, /* server_http_endpoint */ - YYSYMBOL_server_http_max_streams = 422, /* server_http_max_streams */ - YYSYMBOL_server_http_query_buffer_size = 423, /* server_http_query_buffer_size */ - YYSYMBOL_server_http_response_buffer_size = 424, /* server_http_response_buffer_size */ - YYSYMBOL_server_http_nodelay = 425, /* server_http_nodelay */ - YYSYMBOL_server_http_notls_downstream = 426, /* server_http_notls_downstream */ - YYSYMBOL_server_use_systemd = 427, /* server_use_systemd */ - YYSYMBOL_server_do_daemonize = 428, /* server_do_daemonize */ - YYSYMBOL_server_use_syslog = 429, /* server_use_syslog */ - YYSYMBOL_server_log_time_ascii = 430, /* server_log_time_ascii */ - YYSYMBOL_server_log_queries = 431, /* server_log_queries */ - YYSYMBOL_server_log_replies = 432, /* server_log_replies */ - YYSYMBOL_server_log_tag_queryreply = 433, /* server_log_tag_queryreply */ - YYSYMBOL_server_log_servfail = 434, /* server_log_servfail */ - YYSYMBOL_server_log_local_actions = 435, /* server_log_local_actions */ - YYSYMBOL_server_chroot = 436, /* server_chroot */ - YYSYMBOL_server_username = 437, /* server_username */ - YYSYMBOL_server_directory = 438, /* server_directory */ - YYSYMBOL_server_logfile = 439, /* server_logfile */ - YYSYMBOL_server_pidfile = 440, /* server_pidfile */ - YYSYMBOL_server_root_hints = 441, /* server_root_hints */ - YYSYMBOL_server_dlv_anchor_file = 442, /* server_dlv_anchor_file */ - YYSYMBOL_server_dlv_anchor = 443, /* server_dlv_anchor */ - YYSYMBOL_server_auto_trust_anchor_file = 444, /* server_auto_trust_anchor_file */ - YYSYMBOL_server_trust_anchor_file = 445, /* server_trust_anchor_file */ - YYSYMBOL_server_trusted_keys_file = 446, /* server_trusted_keys_file */ - YYSYMBOL_server_trust_anchor = 447, /* server_trust_anchor */ - YYSYMBOL_server_trust_anchor_signaling = 448, /* server_trust_anchor_signaling */ - YYSYMBOL_server_root_key_sentinel = 449, /* server_root_key_sentinel */ - YYSYMBOL_server_domain_insecure = 450, /* server_domain_insecure */ - YYSYMBOL_server_hide_identity = 451, /* server_hide_identity */ - YYSYMBOL_server_hide_version = 452, /* server_hide_version */ - YYSYMBOL_server_hide_trustanchor = 453, /* server_hide_trustanchor */ - YYSYMBOL_server_hide_http_user_agent = 454, /* server_hide_http_user_agent */ - YYSYMBOL_server_identity = 455, /* server_identity */ - YYSYMBOL_server_version = 456, /* server_version */ - YYSYMBOL_server_http_user_agent = 457, /* server_http_user_agent */ - YYSYMBOL_server_nsid = 458, /* server_nsid */ - YYSYMBOL_server_so_rcvbuf = 459, /* server_so_rcvbuf */ - YYSYMBOL_server_so_sndbuf = 460, /* server_so_sndbuf */ - YYSYMBOL_server_so_reuseport = 461, /* server_so_reuseport */ - YYSYMBOL_server_ip_transparent = 462, /* server_ip_transparent */ - YYSYMBOL_server_ip_freebind = 463, /* server_ip_freebind */ - YYSYMBOL_server_ip_dscp = 464, /* server_ip_dscp */ - YYSYMBOL_server_stream_wait_size = 465, /* server_stream_wait_size */ - YYSYMBOL_server_edns_buffer_size = 466, /* server_edns_buffer_size */ - YYSYMBOL_server_msg_buffer_size = 467, /* server_msg_buffer_size */ - YYSYMBOL_server_msg_cache_size = 468, /* server_msg_cache_size */ - YYSYMBOL_server_msg_cache_slabs = 469, /* server_msg_cache_slabs */ - YYSYMBOL_server_num_queries_per_thread = 470, /* server_num_queries_per_thread */ - YYSYMBOL_server_jostle_timeout = 471, /* server_jostle_timeout */ - YYSYMBOL_server_delay_close = 472, /* server_delay_close */ - YYSYMBOL_server_udp_connect = 473, /* server_udp_connect */ - YYSYMBOL_server_unblock_lan_zones = 474, /* server_unblock_lan_zones */ - YYSYMBOL_server_insecure_lan_zones = 475, /* server_insecure_lan_zones */ - YYSYMBOL_server_rrset_cache_size = 476, /* server_rrset_cache_size */ - YYSYMBOL_server_rrset_cache_slabs = 477, /* server_rrset_cache_slabs */ - YYSYMBOL_server_infra_host_ttl = 478, /* server_infra_host_ttl */ - YYSYMBOL_server_infra_lame_ttl = 479, /* server_infra_lame_ttl */ - YYSYMBOL_server_infra_cache_numhosts = 480, /* server_infra_cache_numhosts */ - YYSYMBOL_server_infra_cache_lame_size = 481, /* server_infra_cache_lame_size */ - YYSYMBOL_server_infra_cache_slabs = 482, /* server_infra_cache_slabs */ - YYSYMBOL_server_infra_cache_min_rtt = 483, /* server_infra_cache_min_rtt */ - YYSYMBOL_server_infra_cache_max_rtt = 484, /* server_infra_cache_max_rtt */ - YYSYMBOL_server_infra_keep_probing = 485, /* server_infra_keep_probing */ - YYSYMBOL_server_target_fetch_policy = 486, /* server_target_fetch_policy */ - YYSYMBOL_server_harden_short_bufsize = 487, /* server_harden_short_bufsize */ - YYSYMBOL_server_harden_large_queries = 488, /* server_harden_large_queries */ - YYSYMBOL_server_harden_glue = 489, /* server_harden_glue */ - YYSYMBOL_server_harden_dnssec_stripped = 490, /* server_harden_dnssec_stripped */ - YYSYMBOL_server_harden_below_nxdomain = 491, /* server_harden_below_nxdomain */ - YYSYMBOL_server_harden_referral_path = 492, /* server_harden_referral_path */ - YYSYMBOL_server_harden_algo_downgrade = 493, /* server_harden_algo_downgrade */ - YYSYMBOL_server_use_caps_for_id = 494, /* server_use_caps_for_id */ - YYSYMBOL_server_caps_whitelist = 495, /* server_caps_whitelist */ - YYSYMBOL_server_private_address = 496, /* server_private_address */ - YYSYMBOL_server_private_domain = 497, /* server_private_domain */ - YYSYMBOL_server_prefetch = 498, /* server_prefetch */ - YYSYMBOL_server_prefetch_key = 499, /* server_prefetch_key */ - YYSYMBOL_server_deny_any = 500, /* server_deny_any */ - YYSYMBOL_server_unwanted_reply_threshold = 501, /* server_unwanted_reply_threshold */ - YYSYMBOL_server_do_not_query_address = 502, /* server_do_not_query_address */ - YYSYMBOL_server_do_not_query_localhost = 503, /* server_do_not_query_localhost */ - YYSYMBOL_server_access_control = 504, /* server_access_control */ - YYSYMBOL_server_interface_action = 505, /* server_interface_action */ - YYSYMBOL_server_module_conf = 506, /* server_module_conf */ - YYSYMBOL_server_val_override_date = 507, /* server_val_override_date */ - YYSYMBOL_server_val_sig_skew_min = 508, /* server_val_sig_skew_min */ - YYSYMBOL_server_val_sig_skew_max = 509, /* server_val_sig_skew_max */ - YYSYMBOL_server_val_max_restart = 510, /* server_val_max_restart */ - YYSYMBOL_server_cache_max_ttl = 511, /* server_cache_max_ttl */ - YYSYMBOL_server_cache_max_negative_ttl = 512, /* server_cache_max_negative_ttl */ - YYSYMBOL_server_cache_min_ttl = 513, /* server_cache_min_ttl */ - YYSYMBOL_server_bogus_ttl = 514, /* server_bogus_ttl */ - YYSYMBOL_server_val_clean_additional = 515, /* server_val_clean_additional */ - YYSYMBOL_server_val_permissive_mode = 516, /* server_val_permissive_mode */ - YYSYMBOL_server_aggressive_nsec = 517, /* server_aggressive_nsec */ - YYSYMBOL_server_ignore_cd_flag = 518, /* server_ignore_cd_flag */ - YYSYMBOL_server_serve_expired = 519, /* server_serve_expired */ - YYSYMBOL_server_serve_expired_ttl = 520, /* server_serve_expired_ttl */ - YYSYMBOL_server_serve_expired_ttl_reset = 521, /* server_serve_expired_ttl_reset */ - YYSYMBOL_server_serve_expired_reply_ttl = 522, /* server_serve_expired_reply_ttl */ - YYSYMBOL_server_serve_expired_client_timeout = 523, /* server_serve_expired_client_timeout */ - YYSYMBOL_server_ede_serve_expired = 524, /* server_ede_serve_expired */ - YYSYMBOL_server_serve_original_ttl = 525, /* server_serve_original_ttl */ - YYSYMBOL_server_fake_dsa = 526, /* server_fake_dsa */ - YYSYMBOL_server_fake_sha1 = 527, /* server_fake_sha1 */ - YYSYMBOL_server_val_log_level = 528, /* server_val_log_level */ - YYSYMBOL_server_val_nsec3_keysize_iterations = 529, /* server_val_nsec3_keysize_iterations */ - YYSYMBOL_server_zonemd_permissive_mode = 530, /* server_zonemd_permissive_mode */ - YYSYMBOL_server_add_holddown = 531, /* server_add_holddown */ - YYSYMBOL_server_del_holddown = 532, /* server_del_holddown */ - YYSYMBOL_server_keep_missing = 533, /* server_keep_missing */ - YYSYMBOL_server_permit_small_holddown = 534, /* server_permit_small_holddown */ - YYSYMBOL_server_key_cache_size = 535, /* server_key_cache_size */ - YYSYMBOL_server_key_cache_slabs = 536, /* server_key_cache_slabs */ - YYSYMBOL_server_neg_cache_size = 537, /* server_neg_cache_size */ - YYSYMBOL_server_local_zone = 538, /* server_local_zone */ - YYSYMBOL_server_local_data = 539, /* server_local_data */ - YYSYMBOL_server_local_data_ptr = 540, /* server_local_data_ptr */ - YYSYMBOL_server_minimal_responses = 541, /* server_minimal_responses */ - YYSYMBOL_server_rrset_roundrobin = 542, /* server_rrset_roundrobin */ - YYSYMBOL_server_unknown_server_time_limit = 543, /* server_unknown_server_time_limit */ - YYSYMBOL_server_max_udp_size = 544, /* server_max_udp_size */ - YYSYMBOL_server_dns64_prefix = 545, /* server_dns64_prefix */ - YYSYMBOL_server_dns64_synthall = 546, /* server_dns64_synthall */ - YYSYMBOL_server_dns64_ignore_aaaa = 547, /* server_dns64_ignore_aaaa */ - YYSYMBOL_server_define_tag = 548, /* server_define_tag */ - YYSYMBOL_server_local_zone_tag = 549, /* server_local_zone_tag */ - YYSYMBOL_server_access_control_tag = 550, /* server_access_control_tag */ - YYSYMBOL_server_access_control_tag_action = 551, /* server_access_control_tag_action */ - YYSYMBOL_server_access_control_tag_data = 552, /* server_access_control_tag_data */ - YYSYMBOL_server_local_zone_override = 553, /* server_local_zone_override */ - YYSYMBOL_server_access_control_view = 554, /* server_access_control_view */ - YYSYMBOL_server_interface_tag = 555, /* server_interface_tag */ - YYSYMBOL_server_interface_tag_action = 556, /* server_interface_tag_action */ - YYSYMBOL_server_interface_tag_data = 557, /* server_interface_tag_data */ - YYSYMBOL_server_interface_view = 558, /* server_interface_view */ - YYSYMBOL_server_response_ip_tag = 559, /* server_response_ip_tag */ - YYSYMBOL_server_ip_ratelimit = 560, /* server_ip_ratelimit */ - YYSYMBOL_server_ratelimit = 561, /* server_ratelimit */ - YYSYMBOL_server_ip_ratelimit_size = 562, /* server_ip_ratelimit_size */ - YYSYMBOL_server_ratelimit_size = 563, /* server_ratelimit_size */ - YYSYMBOL_server_ip_ratelimit_slabs = 564, /* server_ip_ratelimit_slabs */ - YYSYMBOL_server_ratelimit_slabs = 565, /* server_ratelimit_slabs */ - YYSYMBOL_server_ratelimit_for_domain = 566, /* server_ratelimit_for_domain */ - YYSYMBOL_server_ratelimit_below_domain = 567, /* server_ratelimit_below_domain */ - YYSYMBOL_server_ip_ratelimit_factor = 568, /* server_ip_ratelimit_factor */ - YYSYMBOL_server_ratelimit_factor = 569, /* server_ratelimit_factor */ - YYSYMBOL_server_ip_ratelimit_backoff = 570, /* server_ip_ratelimit_backoff */ - YYSYMBOL_server_ratelimit_backoff = 571, /* server_ratelimit_backoff */ - YYSYMBOL_server_outbound_msg_retry = 572, /* server_outbound_msg_retry */ - YYSYMBOL_server_max_sent_count = 573, /* server_max_sent_count */ - YYSYMBOL_server_max_query_restarts = 574, /* server_max_query_restarts */ - YYSYMBOL_server_low_rtt = 575, /* server_low_rtt */ - YYSYMBOL_server_fast_server_num = 576, /* server_fast_server_num */ - YYSYMBOL_server_fast_server_permil = 577, /* server_fast_server_permil */ - YYSYMBOL_server_qname_minimisation = 578, /* server_qname_minimisation */ - YYSYMBOL_server_qname_minimisation_strict = 579, /* server_qname_minimisation_strict */ - YYSYMBOL_server_pad_responses = 580, /* server_pad_responses */ - YYSYMBOL_server_pad_responses_block_size = 581, /* server_pad_responses_block_size */ - YYSYMBOL_server_pad_queries = 582, /* server_pad_queries */ - YYSYMBOL_server_pad_queries_block_size = 583, /* server_pad_queries_block_size */ - YYSYMBOL_server_ipsecmod_enabled = 584, /* server_ipsecmod_enabled */ - YYSYMBOL_server_ipsecmod_ignore_bogus = 585, /* server_ipsecmod_ignore_bogus */ - YYSYMBOL_server_ipsecmod_hook = 586, /* server_ipsecmod_hook */ - YYSYMBOL_server_ipsecmod_max_ttl = 587, /* server_ipsecmod_max_ttl */ - YYSYMBOL_server_ipsecmod_whitelist = 588, /* server_ipsecmod_whitelist */ - YYSYMBOL_server_ipsecmod_strict = 589, /* server_ipsecmod_strict */ - YYSYMBOL_server_edns_client_string = 590, /* server_edns_client_string */ - YYSYMBOL_server_edns_client_string_opcode = 591, /* server_edns_client_string_opcode */ - YYSYMBOL_server_ede = 592, /* server_ede */ - YYSYMBOL_server_proxy_protocol_port = 593, /* server_proxy_protocol_port */ - YYSYMBOL_stub_name = 594, /* stub_name */ - YYSYMBOL_stub_host = 595, /* stub_host */ - YYSYMBOL_stub_addr = 596, /* stub_addr */ - YYSYMBOL_stub_first = 597, /* stub_first */ - YYSYMBOL_stub_no_cache = 598, /* stub_no_cache */ - YYSYMBOL_stub_ssl_upstream = 599, /* stub_ssl_upstream */ - YYSYMBOL_stub_tcp_upstream = 600, /* stub_tcp_upstream */ - YYSYMBOL_stub_prime = 601, /* stub_prime */ - YYSYMBOL_forward_name = 602, /* forward_name */ - YYSYMBOL_forward_host = 603, /* forward_host */ - YYSYMBOL_forward_addr = 604, /* forward_addr */ - YYSYMBOL_forward_first = 605, /* forward_first */ - YYSYMBOL_forward_no_cache = 606, /* forward_no_cache */ - YYSYMBOL_forward_ssl_upstream = 607, /* forward_ssl_upstream */ - YYSYMBOL_forward_tcp_upstream = 608, /* forward_tcp_upstream */ - YYSYMBOL_auth_name = 609, /* auth_name */ - YYSYMBOL_auth_zonefile = 610, /* auth_zonefile */ - YYSYMBOL_auth_master = 611, /* auth_master */ - YYSYMBOL_auth_url = 612, /* auth_url */ - YYSYMBOL_auth_allow_notify = 613, /* auth_allow_notify */ - YYSYMBOL_auth_zonemd_check = 614, /* auth_zonemd_check */ - YYSYMBOL_auth_zonemd_reject_absence = 615, /* auth_zonemd_reject_absence */ - YYSYMBOL_auth_for_downstream = 616, /* auth_for_downstream */ - YYSYMBOL_auth_for_upstream = 617, /* auth_for_upstream */ - YYSYMBOL_auth_fallback_enabled = 618, /* auth_fallback_enabled */ - YYSYMBOL_view_name = 619, /* view_name */ - YYSYMBOL_view_local_zone = 620, /* view_local_zone */ - YYSYMBOL_view_response_ip = 621, /* view_response_ip */ - YYSYMBOL_view_response_ip_data = 622, /* view_response_ip_data */ - YYSYMBOL_view_local_data = 623, /* view_local_data */ - YYSYMBOL_view_local_data_ptr = 624, /* view_local_data_ptr */ - YYSYMBOL_view_first = 625, /* view_first */ - YYSYMBOL_rcstart = 626, /* rcstart */ - YYSYMBOL_contents_rc = 627, /* contents_rc */ - YYSYMBOL_content_rc = 628, /* content_rc */ - YYSYMBOL_rc_control_enable = 629, /* rc_control_enable */ - YYSYMBOL_rc_control_port = 630, /* rc_control_port */ - YYSYMBOL_rc_control_interface = 631, /* rc_control_interface */ - YYSYMBOL_rc_control_use_cert = 632, /* rc_control_use_cert */ - YYSYMBOL_rc_server_key_file = 633, /* rc_server_key_file */ - YYSYMBOL_rc_server_cert_file = 634, /* rc_server_cert_file */ - YYSYMBOL_rc_control_key_file = 635, /* rc_control_key_file */ - YYSYMBOL_rc_control_cert_file = 636, /* rc_control_cert_file */ - YYSYMBOL_dtstart = 637, /* dtstart */ - YYSYMBOL_contents_dt = 638, /* contents_dt */ - YYSYMBOL_content_dt = 639, /* content_dt */ - YYSYMBOL_dt_dnstap_enable = 640, /* dt_dnstap_enable */ - YYSYMBOL_dt_dnstap_bidirectional = 641, /* dt_dnstap_bidirectional */ - YYSYMBOL_dt_dnstap_socket_path = 642, /* dt_dnstap_socket_path */ - YYSYMBOL_dt_dnstap_ip = 643, /* dt_dnstap_ip */ - YYSYMBOL_dt_dnstap_tls = 644, /* dt_dnstap_tls */ - YYSYMBOL_dt_dnstap_tls_server_name = 645, /* dt_dnstap_tls_server_name */ - YYSYMBOL_dt_dnstap_tls_cert_bundle = 646, /* dt_dnstap_tls_cert_bundle */ - YYSYMBOL_dt_dnstap_tls_client_key_file = 647, /* dt_dnstap_tls_client_key_file */ - YYSYMBOL_dt_dnstap_tls_client_cert_file = 648, /* dt_dnstap_tls_client_cert_file */ - YYSYMBOL_dt_dnstap_send_identity = 649, /* dt_dnstap_send_identity */ - YYSYMBOL_dt_dnstap_send_version = 650, /* dt_dnstap_send_version */ - YYSYMBOL_dt_dnstap_identity = 651, /* dt_dnstap_identity */ - YYSYMBOL_dt_dnstap_version = 652, /* dt_dnstap_version */ - YYSYMBOL_dt_dnstap_log_resolver_query_messages = 653, /* dt_dnstap_log_resolver_query_messages */ - YYSYMBOL_dt_dnstap_log_resolver_response_messages = 654, /* dt_dnstap_log_resolver_response_messages */ - YYSYMBOL_dt_dnstap_log_client_query_messages = 655, /* dt_dnstap_log_client_query_messages */ - YYSYMBOL_dt_dnstap_log_client_response_messages = 656, /* dt_dnstap_log_client_response_messages */ - YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 657, /* dt_dnstap_log_forwarder_query_messages */ - YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 658, /* dt_dnstap_log_forwarder_response_messages */ - YYSYMBOL_pythonstart = 659, /* pythonstart */ - YYSYMBOL_contents_py = 660, /* contents_py */ - YYSYMBOL_content_py = 661, /* content_py */ - YYSYMBOL_py_script = 662, /* py_script */ - YYSYMBOL_dynlibstart = 663, /* dynlibstart */ - YYSYMBOL_contents_dl = 664, /* contents_dl */ - YYSYMBOL_content_dl = 665, /* content_dl */ - YYSYMBOL_dl_file = 666, /* dl_file */ - YYSYMBOL_server_disable_dnssec_lame_check = 667, /* server_disable_dnssec_lame_check */ - YYSYMBOL_server_log_identity = 668, /* server_log_identity */ - YYSYMBOL_server_response_ip = 669, /* server_response_ip */ - YYSYMBOL_server_response_ip_data = 670, /* server_response_ip_data */ - YYSYMBOL_dnscstart = 671, /* dnscstart */ - YYSYMBOL_contents_dnsc = 672, /* contents_dnsc */ - YYSYMBOL_content_dnsc = 673, /* content_dnsc */ - YYSYMBOL_dnsc_dnscrypt_enable = 674, /* dnsc_dnscrypt_enable */ - YYSYMBOL_dnsc_dnscrypt_port = 675, /* dnsc_dnscrypt_port */ - YYSYMBOL_dnsc_dnscrypt_provider = 676, /* dnsc_dnscrypt_provider */ - YYSYMBOL_dnsc_dnscrypt_provider_cert = 677, /* dnsc_dnscrypt_provider_cert */ - YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 678, /* dnsc_dnscrypt_provider_cert_rotated */ - YYSYMBOL_dnsc_dnscrypt_secret_key = 679, /* dnsc_dnscrypt_secret_key */ - YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 680, /* dnsc_dnscrypt_shared_secret_cache_size */ - YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 681, /* dnsc_dnscrypt_shared_secret_cache_slabs */ - YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 682, /* dnsc_dnscrypt_nonce_cache_size */ - YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 683, /* dnsc_dnscrypt_nonce_cache_slabs */ - YYSYMBOL_cachedbstart = 684, /* cachedbstart */ - YYSYMBOL_contents_cachedb = 685, /* contents_cachedb */ - YYSYMBOL_content_cachedb = 686, /* content_cachedb */ - YYSYMBOL_cachedb_backend_name = 687, /* cachedb_backend_name */ - YYSYMBOL_cachedb_secret_seed = 688, /* cachedb_secret_seed */ - YYSYMBOL_redis_server_host = 689, /* redis_server_host */ - YYSYMBOL_redis_server_port = 690, /* redis_server_port */ - YYSYMBOL_redis_timeout = 691, /* redis_timeout */ - YYSYMBOL_redis_expire_records = 692, /* redis_expire_records */ - YYSYMBOL_server_tcp_connection_limit = 693, /* server_tcp_connection_limit */ - YYSYMBOL_ipsetstart = 694, /* ipsetstart */ - YYSYMBOL_contents_ipset = 695, /* contents_ipset */ - YYSYMBOL_content_ipset = 696, /* content_ipset */ - YYSYMBOL_ipset_name_v4 = 697, /* ipset_name_v4 */ - YYSYMBOL_ipset_name_v6 = 698 /* ipset_name_v6 */ + YYSYMBOL_VAR_DO_NAT64 = 21, /* VAR_DO_NAT64 */ + YYSYMBOL_VAR_PREFER_IP6 = 22, /* VAR_PREFER_IP6 */ + YYSYMBOL_VAR_DO_UDP = 23, /* VAR_DO_UDP */ + YYSYMBOL_VAR_DO_TCP = 24, /* VAR_DO_TCP */ + YYSYMBOL_VAR_TCP_MSS = 25, /* VAR_TCP_MSS */ + YYSYMBOL_VAR_OUTGOING_TCP_MSS = 26, /* VAR_OUTGOING_TCP_MSS */ + YYSYMBOL_VAR_TCP_IDLE_TIMEOUT = 27, /* VAR_TCP_IDLE_TIMEOUT */ + YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE = 28, /* VAR_EDNS_TCP_KEEPALIVE */ + YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 29, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ + YYSYMBOL_VAR_SOCK_QUEUE_TIMEOUT = 30, /* VAR_SOCK_QUEUE_TIMEOUT */ + YYSYMBOL_VAR_CHROOT = 31, /* VAR_CHROOT */ + YYSYMBOL_VAR_USERNAME = 32, /* VAR_USERNAME */ + YYSYMBOL_VAR_DIRECTORY = 33, /* VAR_DIRECTORY */ + YYSYMBOL_VAR_LOGFILE = 34, /* VAR_LOGFILE */ + YYSYMBOL_VAR_PIDFILE = 35, /* VAR_PIDFILE */ + YYSYMBOL_VAR_MSG_CACHE_SIZE = 36, /* VAR_MSG_CACHE_SIZE */ + YYSYMBOL_VAR_MSG_CACHE_SLABS = 37, /* VAR_MSG_CACHE_SLABS */ + YYSYMBOL_VAR_NUM_QUERIES_PER_THREAD = 38, /* VAR_NUM_QUERIES_PER_THREAD */ + YYSYMBOL_VAR_RRSET_CACHE_SIZE = 39, /* VAR_RRSET_CACHE_SIZE */ + YYSYMBOL_VAR_RRSET_CACHE_SLABS = 40, /* VAR_RRSET_CACHE_SLABS */ + YYSYMBOL_VAR_OUTGOING_NUM_TCP = 41, /* VAR_OUTGOING_NUM_TCP */ + YYSYMBOL_VAR_INFRA_HOST_TTL = 42, /* VAR_INFRA_HOST_TTL */ + YYSYMBOL_VAR_INFRA_LAME_TTL = 43, /* VAR_INFRA_LAME_TTL */ + YYSYMBOL_VAR_INFRA_CACHE_SLABS = 44, /* VAR_INFRA_CACHE_SLABS */ + YYSYMBOL_VAR_INFRA_CACHE_NUMHOSTS = 45, /* VAR_INFRA_CACHE_NUMHOSTS */ + YYSYMBOL_VAR_INFRA_CACHE_LAME_SIZE = 46, /* VAR_INFRA_CACHE_LAME_SIZE */ + YYSYMBOL_VAR_NAME = 47, /* VAR_NAME */ + YYSYMBOL_VAR_STUB_ZONE = 48, /* VAR_STUB_ZONE */ + YYSYMBOL_VAR_STUB_HOST = 49, /* VAR_STUB_HOST */ + YYSYMBOL_VAR_STUB_ADDR = 50, /* VAR_STUB_ADDR */ + YYSYMBOL_VAR_TARGET_FETCH_POLICY = 51, /* VAR_TARGET_FETCH_POLICY */ + YYSYMBOL_VAR_HARDEN_SHORT_BUFSIZE = 52, /* VAR_HARDEN_SHORT_BUFSIZE */ + YYSYMBOL_VAR_HARDEN_LARGE_QUERIES = 53, /* VAR_HARDEN_LARGE_QUERIES */ + YYSYMBOL_VAR_FORWARD_ZONE = 54, /* VAR_FORWARD_ZONE */ + YYSYMBOL_VAR_FORWARD_HOST = 55, /* VAR_FORWARD_HOST */ + YYSYMBOL_VAR_FORWARD_ADDR = 56, /* VAR_FORWARD_ADDR */ + YYSYMBOL_VAR_DO_NOT_QUERY_ADDRESS = 57, /* VAR_DO_NOT_QUERY_ADDRESS */ + YYSYMBOL_VAR_HIDE_IDENTITY = 58, /* VAR_HIDE_IDENTITY */ + YYSYMBOL_VAR_HIDE_VERSION = 59, /* VAR_HIDE_VERSION */ + YYSYMBOL_VAR_IDENTITY = 60, /* VAR_IDENTITY */ + YYSYMBOL_VAR_VERSION = 61, /* VAR_VERSION */ + YYSYMBOL_VAR_HARDEN_GLUE = 62, /* VAR_HARDEN_GLUE */ + YYSYMBOL_VAR_MODULE_CONF = 63, /* VAR_MODULE_CONF */ + YYSYMBOL_VAR_TRUST_ANCHOR_FILE = 64, /* VAR_TRUST_ANCHOR_FILE */ + YYSYMBOL_VAR_TRUST_ANCHOR = 65, /* VAR_TRUST_ANCHOR */ + YYSYMBOL_VAR_VAL_OVERRIDE_DATE = 66, /* VAR_VAL_OVERRIDE_DATE */ + YYSYMBOL_VAR_BOGUS_TTL = 67, /* VAR_BOGUS_TTL */ + YYSYMBOL_VAR_VAL_CLEAN_ADDITIONAL = 68, /* VAR_VAL_CLEAN_ADDITIONAL */ + YYSYMBOL_VAR_VAL_PERMISSIVE_MODE = 69, /* VAR_VAL_PERMISSIVE_MODE */ + YYSYMBOL_VAR_INCOMING_NUM_TCP = 70, /* VAR_INCOMING_NUM_TCP */ + YYSYMBOL_VAR_MSG_BUFFER_SIZE = 71, /* VAR_MSG_BUFFER_SIZE */ + YYSYMBOL_VAR_KEY_CACHE_SIZE = 72, /* VAR_KEY_CACHE_SIZE */ + YYSYMBOL_VAR_KEY_CACHE_SLABS = 73, /* VAR_KEY_CACHE_SLABS */ + YYSYMBOL_VAR_TRUSTED_KEYS_FILE = 74, /* VAR_TRUSTED_KEYS_FILE */ + YYSYMBOL_VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 75, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ + YYSYMBOL_VAR_USE_SYSLOG = 76, /* VAR_USE_SYSLOG */ + YYSYMBOL_VAR_OUTGOING_INTERFACE = 77, /* VAR_OUTGOING_INTERFACE */ + YYSYMBOL_VAR_ROOT_HINTS = 78, /* VAR_ROOT_HINTS */ + YYSYMBOL_VAR_DO_NOT_QUERY_LOCALHOST = 79, /* VAR_DO_NOT_QUERY_LOCALHOST */ + YYSYMBOL_VAR_CACHE_MAX_TTL = 80, /* VAR_CACHE_MAX_TTL */ + YYSYMBOL_VAR_HARDEN_DNSSEC_STRIPPED = 81, /* VAR_HARDEN_DNSSEC_STRIPPED */ + YYSYMBOL_VAR_ACCESS_CONTROL = 82, /* VAR_ACCESS_CONTROL */ + YYSYMBOL_VAR_LOCAL_ZONE = 83, /* VAR_LOCAL_ZONE */ + YYSYMBOL_VAR_LOCAL_DATA = 84, /* VAR_LOCAL_DATA */ + YYSYMBOL_VAR_INTERFACE_AUTOMATIC = 85, /* VAR_INTERFACE_AUTOMATIC */ + YYSYMBOL_VAR_STATISTICS_INTERVAL = 86, /* VAR_STATISTICS_INTERVAL */ + YYSYMBOL_VAR_DO_DAEMONIZE = 87, /* VAR_DO_DAEMONIZE */ + YYSYMBOL_VAR_USE_CAPS_FOR_ID = 88, /* VAR_USE_CAPS_FOR_ID */ + YYSYMBOL_VAR_STATISTICS_CUMULATIVE = 89, /* VAR_STATISTICS_CUMULATIVE */ + YYSYMBOL_VAR_OUTGOING_PORT_PERMIT = 90, /* VAR_OUTGOING_PORT_PERMIT */ + YYSYMBOL_VAR_OUTGOING_PORT_AVOID = 91, /* VAR_OUTGOING_PORT_AVOID */ + YYSYMBOL_VAR_DLV_ANCHOR_FILE = 92, /* VAR_DLV_ANCHOR_FILE */ + YYSYMBOL_VAR_DLV_ANCHOR = 93, /* VAR_DLV_ANCHOR */ + YYSYMBOL_VAR_NEG_CACHE_SIZE = 94, /* VAR_NEG_CACHE_SIZE */ + YYSYMBOL_VAR_HARDEN_REFERRAL_PATH = 95, /* VAR_HARDEN_REFERRAL_PATH */ + YYSYMBOL_VAR_PRIVATE_ADDRESS = 96, /* VAR_PRIVATE_ADDRESS */ + YYSYMBOL_VAR_PRIVATE_DOMAIN = 97, /* VAR_PRIVATE_DOMAIN */ + YYSYMBOL_VAR_REMOTE_CONTROL = 98, /* VAR_REMOTE_CONTROL */ + YYSYMBOL_VAR_CONTROL_ENABLE = 99, /* VAR_CONTROL_ENABLE */ + YYSYMBOL_VAR_CONTROL_INTERFACE = 100, /* VAR_CONTROL_INTERFACE */ + YYSYMBOL_VAR_CONTROL_PORT = 101, /* VAR_CONTROL_PORT */ + YYSYMBOL_VAR_SERVER_KEY_FILE = 102, /* VAR_SERVER_KEY_FILE */ + YYSYMBOL_VAR_SERVER_CERT_FILE = 103, /* VAR_SERVER_CERT_FILE */ + YYSYMBOL_VAR_CONTROL_KEY_FILE = 104, /* VAR_CONTROL_KEY_FILE */ + YYSYMBOL_VAR_CONTROL_CERT_FILE = 105, /* VAR_CONTROL_CERT_FILE */ + YYSYMBOL_VAR_CONTROL_USE_CERT = 106, /* VAR_CONTROL_USE_CERT */ + YYSYMBOL_VAR_TCP_REUSE_TIMEOUT = 107, /* VAR_TCP_REUSE_TIMEOUT */ + YYSYMBOL_VAR_MAX_REUSE_TCP_QUERIES = 108, /* VAR_MAX_REUSE_TCP_QUERIES */ + YYSYMBOL_VAR_EXTENDED_STATISTICS = 109, /* VAR_EXTENDED_STATISTICS */ + YYSYMBOL_VAR_LOCAL_DATA_PTR = 110, /* VAR_LOCAL_DATA_PTR */ + YYSYMBOL_VAR_JOSTLE_TIMEOUT = 111, /* VAR_JOSTLE_TIMEOUT */ + YYSYMBOL_VAR_STUB_PRIME = 112, /* VAR_STUB_PRIME */ + YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 113, /* VAR_UNWANTED_REPLY_THRESHOLD */ + YYSYMBOL_VAR_LOG_TIME_ASCII = 114, /* VAR_LOG_TIME_ASCII */ + YYSYMBOL_VAR_DOMAIN_INSECURE = 115, /* VAR_DOMAIN_INSECURE */ + YYSYMBOL_VAR_PYTHON = 116, /* VAR_PYTHON */ + YYSYMBOL_VAR_PYTHON_SCRIPT = 117, /* VAR_PYTHON_SCRIPT */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 118, /* VAR_VAL_SIG_SKEW_MIN */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 119, /* VAR_VAL_SIG_SKEW_MAX */ + YYSYMBOL_VAR_VAL_MAX_RESTART = 120, /* VAR_VAL_MAX_RESTART */ + YYSYMBOL_VAR_CACHE_MIN_TTL = 121, /* VAR_CACHE_MIN_TTL */ + YYSYMBOL_VAR_VAL_LOG_LEVEL = 122, /* VAR_VAL_LOG_LEVEL */ + YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 123, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + YYSYMBOL_VAR_KEEP_MISSING = 124, /* VAR_KEEP_MISSING */ + YYSYMBOL_VAR_ADD_HOLDDOWN = 125, /* VAR_ADD_HOLDDOWN */ + YYSYMBOL_VAR_DEL_HOLDDOWN = 126, /* VAR_DEL_HOLDDOWN */ + YYSYMBOL_VAR_SO_RCVBUF = 127, /* VAR_SO_RCVBUF */ + YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 128, /* VAR_EDNS_BUFFER_SIZE */ + YYSYMBOL_VAR_PREFETCH = 129, /* VAR_PREFETCH */ + YYSYMBOL_VAR_PREFETCH_KEY = 130, /* VAR_PREFETCH_KEY */ + YYSYMBOL_VAR_SO_SNDBUF = 131, /* VAR_SO_SNDBUF */ + YYSYMBOL_VAR_SO_REUSEPORT = 132, /* VAR_SO_REUSEPORT */ + YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 133, /* VAR_HARDEN_BELOW_NXDOMAIN */ + YYSYMBOL_VAR_IGNORE_CD_FLAG = 134, /* VAR_IGNORE_CD_FLAG */ + YYSYMBOL_VAR_LOG_QUERIES = 135, /* VAR_LOG_QUERIES */ + YYSYMBOL_VAR_LOG_REPLIES = 136, /* VAR_LOG_REPLIES */ + YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 137, /* VAR_LOG_LOCAL_ACTIONS */ + YYSYMBOL_VAR_TCP_UPSTREAM = 138, /* VAR_TCP_UPSTREAM */ + YYSYMBOL_VAR_SSL_UPSTREAM = 139, /* VAR_SSL_UPSTREAM */ + YYSYMBOL_VAR_TCP_AUTH_QUERY_TIMEOUT = 140, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ + YYSYMBOL_VAR_SSL_SERVICE_KEY = 141, /* VAR_SSL_SERVICE_KEY */ + YYSYMBOL_VAR_SSL_SERVICE_PEM = 142, /* VAR_SSL_SERVICE_PEM */ + YYSYMBOL_VAR_SSL_PORT = 143, /* VAR_SSL_PORT */ + YYSYMBOL_VAR_FORWARD_FIRST = 144, /* VAR_FORWARD_FIRST */ + YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 145, /* VAR_STUB_SSL_UPSTREAM */ + YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 146, /* VAR_FORWARD_SSL_UPSTREAM */ + YYSYMBOL_VAR_TLS_CERT_BUNDLE = 147, /* VAR_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_STUB_TCP_UPSTREAM = 148, /* VAR_STUB_TCP_UPSTREAM */ + YYSYMBOL_VAR_FORWARD_TCP_UPSTREAM = 149, /* VAR_FORWARD_TCP_UPSTREAM */ + YYSYMBOL_VAR_HTTPS_PORT = 150, /* VAR_HTTPS_PORT */ + YYSYMBOL_VAR_HTTP_ENDPOINT = 151, /* VAR_HTTP_ENDPOINT */ + YYSYMBOL_VAR_HTTP_MAX_STREAMS = 152, /* VAR_HTTP_MAX_STREAMS */ + YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 153, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 154, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_NODELAY = 155, /* VAR_HTTP_NODELAY */ + YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 156, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + YYSYMBOL_VAR_STUB_FIRST = 157, /* VAR_STUB_FIRST */ + YYSYMBOL_VAR_MINIMAL_RESPONSES = 158, /* VAR_MINIMAL_RESPONSES */ + YYSYMBOL_VAR_RRSET_ROUNDROBIN = 159, /* VAR_RRSET_ROUNDROBIN */ + YYSYMBOL_VAR_MAX_UDP_SIZE = 160, /* VAR_MAX_UDP_SIZE */ + YYSYMBOL_VAR_DELAY_CLOSE = 161, /* VAR_DELAY_CLOSE */ + YYSYMBOL_VAR_UDP_CONNECT = 162, /* VAR_UDP_CONNECT */ + YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 163, /* VAR_UNBLOCK_LAN_ZONES */ + YYSYMBOL_VAR_INSECURE_LAN_ZONES = 164, /* VAR_INSECURE_LAN_ZONES */ + YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 165, /* VAR_INFRA_CACHE_MIN_RTT */ + YYSYMBOL_VAR_INFRA_CACHE_MAX_RTT = 166, /* VAR_INFRA_CACHE_MAX_RTT */ + YYSYMBOL_VAR_INFRA_KEEP_PROBING = 167, /* VAR_INFRA_KEEP_PROBING */ + YYSYMBOL_VAR_DNS64_PREFIX = 168, /* VAR_DNS64_PREFIX */ + YYSYMBOL_VAR_DNS64_SYNTHALL = 169, /* VAR_DNS64_SYNTHALL */ + YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 170, /* VAR_DNS64_IGNORE_AAAA */ + YYSYMBOL_VAR_NAT64_PREFIX = 171, /* VAR_NAT64_PREFIX */ + YYSYMBOL_VAR_DNSTAP = 172, /* VAR_DNSTAP */ + YYSYMBOL_VAR_DNSTAP_ENABLE = 173, /* VAR_DNSTAP_ENABLE */ + YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 174, /* VAR_DNSTAP_SOCKET_PATH */ + YYSYMBOL_VAR_DNSTAP_IP = 175, /* VAR_DNSTAP_IP */ + YYSYMBOL_VAR_DNSTAP_TLS = 176, /* VAR_DNSTAP_TLS */ + YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 177, /* VAR_DNSTAP_TLS_SERVER_NAME */ + YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 178, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 179, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 180, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 181, /* VAR_DNSTAP_SEND_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 182, /* VAR_DNSTAP_SEND_VERSION */ + YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 183, /* VAR_DNSTAP_BIDIRECTIONAL */ + YYSYMBOL_VAR_DNSTAP_IDENTITY = 184, /* VAR_DNSTAP_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_VERSION = 185, /* VAR_DNSTAP_VERSION */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 186, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 187, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 188, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 189, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 190, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 191, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_RESPONSE_IP_TAG = 192, /* VAR_RESPONSE_IP_TAG */ + YYSYMBOL_VAR_RESPONSE_IP = 193, /* VAR_RESPONSE_IP */ + YYSYMBOL_VAR_RESPONSE_IP_DATA = 194, /* VAR_RESPONSE_IP_DATA */ + YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 195, /* VAR_HARDEN_ALGO_DOWNGRADE */ + YYSYMBOL_VAR_IP_TRANSPARENT = 196, /* VAR_IP_TRANSPARENT */ + YYSYMBOL_VAR_IP_DSCP = 197, /* VAR_IP_DSCP */ + YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 198, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + YYSYMBOL_VAR_IP_RATELIMIT = 199, /* VAR_IP_RATELIMIT */ + YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 200, /* VAR_IP_RATELIMIT_SLABS */ + YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 201, /* VAR_IP_RATELIMIT_SIZE */ + YYSYMBOL_VAR_RATELIMIT = 202, /* VAR_RATELIMIT */ + YYSYMBOL_VAR_RATELIMIT_SLABS = 203, /* VAR_RATELIMIT_SLABS */ + YYSYMBOL_VAR_RATELIMIT_SIZE = 204, /* VAR_RATELIMIT_SIZE */ + YYSYMBOL_VAR_OUTBOUND_MSG_RETRY = 205, /* VAR_OUTBOUND_MSG_RETRY */ + YYSYMBOL_VAR_MAX_SENT_COUNT = 206, /* VAR_MAX_SENT_COUNT */ + YYSYMBOL_VAR_MAX_QUERY_RESTARTS = 207, /* VAR_MAX_QUERY_RESTARTS */ + YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 208, /* VAR_RATELIMIT_FOR_DOMAIN */ + YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 209, /* VAR_RATELIMIT_BELOW_DOMAIN */ + YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 210, /* VAR_IP_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_RATELIMIT_FACTOR = 211, /* VAR_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_IP_RATELIMIT_BACKOFF = 212, /* VAR_IP_RATELIMIT_BACKOFF */ + YYSYMBOL_VAR_RATELIMIT_BACKOFF = 213, /* VAR_RATELIMIT_BACKOFF */ + YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 214, /* VAR_SEND_CLIENT_SUBNET */ + YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 215, /* VAR_CLIENT_SUBNET_ZONE */ + YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 216, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 217, /* VAR_CLIENT_SUBNET_OPCODE */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 218, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 219, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 220, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 221, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 222, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 223, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + YYSYMBOL_VAR_CAPS_WHITELIST = 224, /* VAR_CAPS_WHITELIST */ + YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 225, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 226, /* VAR_PERMIT_SMALL_HOLDDOWN */ + YYSYMBOL_VAR_QNAME_MINIMISATION = 227, /* VAR_QNAME_MINIMISATION */ + YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 228, /* VAR_QNAME_MINIMISATION_STRICT */ + YYSYMBOL_VAR_IP_FREEBIND = 229, /* VAR_IP_FREEBIND */ + YYSYMBOL_VAR_DEFINE_TAG = 230, /* VAR_DEFINE_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_TAG = 231, /* VAR_LOCAL_ZONE_TAG */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 232, /* VAR_ACCESS_CONTROL_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 233, /* VAR_LOCAL_ZONE_OVERRIDE */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 234, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 235, /* VAR_ACCESS_CONTROL_TAG_DATA */ + YYSYMBOL_VAR_VIEW = 236, /* VAR_VIEW */ + YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 237, /* VAR_ACCESS_CONTROL_VIEW */ + YYSYMBOL_VAR_VIEW_FIRST = 238, /* VAR_VIEW_FIRST */ + YYSYMBOL_VAR_SERVE_EXPIRED = 239, /* VAR_SERVE_EXPIRED */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 240, /* VAR_SERVE_EXPIRED_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 241, /* VAR_SERVE_EXPIRED_TTL_RESET */ + YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 242, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 243, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + YYSYMBOL_VAR_EDE_SERVE_EXPIRED = 244, /* VAR_EDE_SERVE_EXPIRED */ + YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 245, /* VAR_SERVE_ORIGINAL_TTL */ + YYSYMBOL_VAR_FAKE_DSA = 246, /* VAR_FAKE_DSA */ + YYSYMBOL_VAR_FAKE_SHA1 = 247, /* VAR_FAKE_SHA1 */ + YYSYMBOL_VAR_LOG_IDENTITY = 248, /* VAR_LOG_IDENTITY */ + YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 249, /* VAR_HIDE_TRUSTANCHOR */ + YYSYMBOL_VAR_HIDE_HTTP_USER_AGENT = 250, /* VAR_HIDE_HTTP_USER_AGENT */ + YYSYMBOL_VAR_HTTP_USER_AGENT = 251, /* VAR_HTTP_USER_AGENT */ + YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 252, /* VAR_TRUST_ANCHOR_SIGNALING */ + YYSYMBOL_VAR_AGGRESSIVE_NSEC = 253, /* VAR_AGGRESSIVE_NSEC */ + YYSYMBOL_VAR_USE_SYSTEMD = 254, /* VAR_USE_SYSTEMD */ + YYSYMBOL_VAR_SHM_ENABLE = 255, /* VAR_SHM_ENABLE */ + YYSYMBOL_VAR_SHM_KEY = 256, /* VAR_SHM_KEY */ + YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 257, /* VAR_ROOT_KEY_SENTINEL */ + YYSYMBOL_VAR_DNSCRYPT = 258, /* VAR_DNSCRYPT */ + YYSYMBOL_VAR_DNSCRYPT_ENABLE = 259, /* VAR_DNSCRYPT_ENABLE */ + YYSYMBOL_VAR_DNSCRYPT_PORT = 260, /* VAR_DNSCRYPT_PORT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 261, /* VAR_DNSCRYPT_PROVIDER */ + YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 262, /* VAR_DNSCRYPT_SECRET_KEY */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 263, /* VAR_DNSCRYPT_PROVIDER_CERT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 264, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 265, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 266, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 267, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 268, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + YYSYMBOL_VAR_PAD_RESPONSES = 269, /* VAR_PAD_RESPONSES */ + YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 270, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + YYSYMBOL_VAR_PAD_QUERIES = 271, /* VAR_PAD_QUERIES */ + YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 272, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + YYSYMBOL_VAR_IPSECMOD_ENABLED = 273, /* VAR_IPSECMOD_ENABLED */ + YYSYMBOL_VAR_IPSECMOD_HOOK = 274, /* VAR_IPSECMOD_HOOK */ + YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 275, /* VAR_IPSECMOD_IGNORE_BOGUS */ + YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 276, /* VAR_IPSECMOD_MAX_TTL */ + YYSYMBOL_VAR_IPSECMOD_WHITELIST = 277, /* VAR_IPSECMOD_WHITELIST */ + YYSYMBOL_VAR_IPSECMOD_STRICT = 278, /* VAR_IPSECMOD_STRICT */ + YYSYMBOL_VAR_CACHEDB = 279, /* VAR_CACHEDB */ + YYSYMBOL_VAR_CACHEDB_BACKEND = 280, /* VAR_CACHEDB_BACKEND */ + YYSYMBOL_VAR_CACHEDB_SECRETSEED = 281, /* VAR_CACHEDB_SECRETSEED */ + YYSYMBOL_VAR_CACHEDB_REDISHOST = 282, /* VAR_CACHEDB_REDISHOST */ + YYSYMBOL_VAR_CACHEDB_REDISPORT = 283, /* VAR_CACHEDB_REDISPORT */ + YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 284, /* VAR_CACHEDB_REDISTIMEOUT */ + YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 285, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + YYSYMBOL_VAR_CACHEDB_REDISPATH = 286, /* VAR_CACHEDB_REDISPATH */ + YYSYMBOL_VAR_CACHEDB_REDISPASSWORD = 287, /* VAR_CACHEDB_REDISPASSWORD */ + YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 288, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + YYSYMBOL_VAR_FOR_UPSTREAM = 289, /* VAR_FOR_UPSTREAM */ + YYSYMBOL_VAR_AUTH_ZONE = 290, /* VAR_AUTH_ZONE */ + YYSYMBOL_VAR_ZONEFILE = 291, /* VAR_ZONEFILE */ + YYSYMBOL_VAR_MASTER = 292, /* VAR_MASTER */ + YYSYMBOL_VAR_URL = 293, /* VAR_URL */ + YYSYMBOL_VAR_FOR_DOWNSTREAM = 294, /* VAR_FOR_DOWNSTREAM */ + YYSYMBOL_VAR_FALLBACK_ENABLED = 295, /* VAR_FALLBACK_ENABLED */ + YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 296, /* VAR_TLS_ADDITIONAL_PORT */ + YYSYMBOL_VAR_LOW_RTT = 297, /* VAR_LOW_RTT */ + YYSYMBOL_VAR_LOW_RTT_PERMIL = 298, /* VAR_LOW_RTT_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_PERMIL = 299, /* VAR_FAST_SERVER_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_NUM = 300, /* VAR_FAST_SERVER_NUM */ + YYSYMBOL_VAR_ALLOW_NOTIFY = 301, /* VAR_ALLOW_NOTIFY */ + YYSYMBOL_VAR_TLS_WIN_CERT = 302, /* VAR_TLS_WIN_CERT */ + YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 303, /* VAR_TCP_CONNECTION_LIMIT */ + YYSYMBOL_VAR_ANSWER_COOKIE = 304, /* VAR_ANSWER_COOKIE */ + YYSYMBOL_VAR_COOKIE_SECRET = 305, /* VAR_COOKIE_SECRET */ + YYSYMBOL_VAR_IP_RATELIMIT_COOKIE = 306, /* VAR_IP_RATELIMIT_COOKIE */ + YYSYMBOL_VAR_FORWARD_NO_CACHE = 307, /* VAR_FORWARD_NO_CACHE */ + YYSYMBOL_VAR_STUB_NO_CACHE = 308, /* VAR_STUB_NO_CACHE */ + YYSYMBOL_VAR_LOG_SERVFAIL = 309, /* VAR_LOG_SERVFAIL */ + YYSYMBOL_VAR_DENY_ANY = 310, /* VAR_DENY_ANY */ + YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 311, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 312, /* VAR_LOG_TAG_QUERYREPLY */ + YYSYMBOL_VAR_STREAM_WAIT_SIZE = 313, /* VAR_STREAM_WAIT_SIZE */ + YYSYMBOL_VAR_TLS_CIPHERS = 314, /* VAR_TLS_CIPHERS */ + YYSYMBOL_VAR_TLS_CIPHERSUITES = 315, /* VAR_TLS_CIPHERSUITES */ + YYSYMBOL_VAR_TLS_USE_SNI = 316, /* VAR_TLS_USE_SNI */ + YYSYMBOL_VAR_IPSET = 317, /* VAR_IPSET */ + YYSYMBOL_VAR_IPSET_NAME_V4 = 318, /* VAR_IPSET_NAME_V4 */ + YYSYMBOL_VAR_IPSET_NAME_V6 = 319, /* VAR_IPSET_NAME_V6 */ + YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 320, /* VAR_TLS_SESSION_TICKET_KEYS */ + YYSYMBOL_VAR_RPZ = 321, /* VAR_RPZ */ + YYSYMBOL_VAR_TAGS = 322, /* VAR_TAGS */ + YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 323, /* VAR_RPZ_ACTION_OVERRIDE */ + YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 324, /* VAR_RPZ_CNAME_OVERRIDE */ + YYSYMBOL_VAR_RPZ_LOG = 325, /* VAR_RPZ_LOG */ + YYSYMBOL_VAR_RPZ_LOG_NAME = 326, /* VAR_RPZ_LOG_NAME */ + YYSYMBOL_VAR_DYNLIB = 327, /* VAR_DYNLIB */ + YYSYMBOL_VAR_DYNLIB_FILE = 328, /* VAR_DYNLIB_FILE */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING = 329, /* VAR_EDNS_CLIENT_STRING */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 330, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + YYSYMBOL_VAR_NSID = 331, /* VAR_NSID */ + YYSYMBOL_VAR_ZONEMD_PERMISSIVE_MODE = 332, /* VAR_ZONEMD_PERMISSIVE_MODE */ + YYSYMBOL_VAR_ZONEMD_CHECK = 333, /* VAR_ZONEMD_CHECK */ + YYSYMBOL_VAR_ZONEMD_REJECT_ABSENCE = 334, /* VAR_ZONEMD_REJECT_ABSENCE */ + YYSYMBOL_VAR_RPZ_SIGNAL_NXDOMAIN_RA = 335, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ + YYSYMBOL_VAR_INTERFACE_AUTOMATIC_PORTS = 336, /* VAR_INTERFACE_AUTOMATIC_PORTS */ + YYSYMBOL_VAR_EDE = 337, /* VAR_EDE */ + YYSYMBOL_VAR_INTERFACE_ACTION = 338, /* VAR_INTERFACE_ACTION */ + YYSYMBOL_VAR_INTERFACE_VIEW = 339, /* VAR_INTERFACE_VIEW */ + YYSYMBOL_VAR_INTERFACE_TAG = 340, /* VAR_INTERFACE_TAG */ + YYSYMBOL_VAR_INTERFACE_TAG_ACTION = 341, /* VAR_INTERFACE_TAG_ACTION */ + YYSYMBOL_VAR_INTERFACE_TAG_DATA = 342, /* VAR_INTERFACE_TAG_DATA */ + YYSYMBOL_VAR_PROXY_PROTOCOL_PORT = 343, /* VAR_PROXY_PROTOCOL_PORT */ + YYSYMBOL_VAR_STATISTICS_INHIBIT_ZERO = 344, /* VAR_STATISTICS_INHIBIT_ZERO */ + YYSYMBOL_VAR_HARDEN_UNKNOWN_ADDITIONAL = 345, /* VAR_HARDEN_UNKNOWN_ADDITIONAL */ + YYSYMBOL_YYACCEPT = 346, /* $accept */ + YYSYMBOL_toplevelvars = 347, /* toplevelvars */ + YYSYMBOL_toplevelvar = 348, /* toplevelvar */ + YYSYMBOL_force_toplevel = 349, /* force_toplevel */ + YYSYMBOL_serverstart = 350, /* serverstart */ + YYSYMBOL_contents_server = 351, /* contents_server */ + YYSYMBOL_content_server = 352, /* content_server */ + YYSYMBOL_stubstart = 353, /* stubstart */ + YYSYMBOL_contents_stub = 354, /* contents_stub */ + YYSYMBOL_content_stub = 355, /* content_stub */ + YYSYMBOL_forwardstart = 356, /* forwardstart */ + YYSYMBOL_contents_forward = 357, /* contents_forward */ + YYSYMBOL_content_forward = 358, /* content_forward */ + YYSYMBOL_viewstart = 359, /* viewstart */ + YYSYMBOL_contents_view = 360, /* contents_view */ + YYSYMBOL_content_view = 361, /* content_view */ + YYSYMBOL_authstart = 362, /* authstart */ + YYSYMBOL_contents_auth = 363, /* contents_auth */ + YYSYMBOL_content_auth = 364, /* content_auth */ + YYSYMBOL_rpz_tag = 365, /* rpz_tag */ + YYSYMBOL_rpz_action_override = 366, /* rpz_action_override */ + YYSYMBOL_rpz_cname_override = 367, /* rpz_cname_override */ + YYSYMBOL_rpz_log = 368, /* rpz_log */ + YYSYMBOL_rpz_log_name = 369, /* rpz_log_name */ + YYSYMBOL_rpz_signal_nxdomain_ra = 370, /* rpz_signal_nxdomain_ra */ + YYSYMBOL_rpzstart = 371, /* rpzstart */ + YYSYMBOL_contents_rpz = 372, /* contents_rpz */ + YYSYMBOL_content_rpz = 373, /* content_rpz */ + YYSYMBOL_server_num_threads = 374, /* server_num_threads */ + YYSYMBOL_server_verbosity = 375, /* server_verbosity */ + YYSYMBOL_server_statistics_interval = 376, /* server_statistics_interval */ + YYSYMBOL_server_statistics_cumulative = 377, /* server_statistics_cumulative */ + YYSYMBOL_server_extended_statistics = 378, /* server_extended_statistics */ + YYSYMBOL_server_statistics_inhibit_zero = 379, /* server_statistics_inhibit_zero */ + YYSYMBOL_server_shm_enable = 380, /* server_shm_enable */ + YYSYMBOL_server_shm_key = 381, /* server_shm_key */ + YYSYMBOL_server_port = 382, /* server_port */ + YYSYMBOL_server_send_client_subnet = 383, /* server_send_client_subnet */ + YYSYMBOL_server_client_subnet_zone = 384, /* server_client_subnet_zone */ + YYSYMBOL_server_client_subnet_always_forward = 385, /* server_client_subnet_always_forward */ + YYSYMBOL_server_client_subnet_opcode = 386, /* server_client_subnet_opcode */ + YYSYMBOL_server_max_client_subnet_ipv4 = 387, /* server_max_client_subnet_ipv4 */ + YYSYMBOL_server_max_client_subnet_ipv6 = 388, /* server_max_client_subnet_ipv6 */ + YYSYMBOL_server_min_client_subnet_ipv4 = 389, /* server_min_client_subnet_ipv4 */ + YYSYMBOL_server_min_client_subnet_ipv6 = 390, /* server_min_client_subnet_ipv6 */ + YYSYMBOL_server_max_ecs_tree_size_ipv4 = 391, /* server_max_ecs_tree_size_ipv4 */ + YYSYMBOL_server_max_ecs_tree_size_ipv6 = 392, /* server_max_ecs_tree_size_ipv6 */ + YYSYMBOL_server_interface = 393, /* server_interface */ + YYSYMBOL_server_outgoing_interface = 394, /* server_outgoing_interface */ + YYSYMBOL_server_outgoing_range = 395, /* server_outgoing_range */ + YYSYMBOL_server_outgoing_port_permit = 396, /* server_outgoing_port_permit */ + YYSYMBOL_server_outgoing_port_avoid = 397, /* server_outgoing_port_avoid */ + YYSYMBOL_server_outgoing_num_tcp = 398, /* server_outgoing_num_tcp */ + YYSYMBOL_server_incoming_num_tcp = 399, /* server_incoming_num_tcp */ + YYSYMBOL_server_interface_automatic = 400, /* server_interface_automatic */ + YYSYMBOL_server_interface_automatic_ports = 401, /* server_interface_automatic_ports */ + YYSYMBOL_server_do_ip4 = 402, /* server_do_ip4 */ + YYSYMBOL_server_do_ip6 = 403, /* server_do_ip6 */ + YYSYMBOL_server_do_nat64 = 404, /* server_do_nat64 */ + YYSYMBOL_server_do_udp = 405, /* server_do_udp */ + YYSYMBOL_server_do_tcp = 406, /* server_do_tcp */ + YYSYMBOL_server_prefer_ip4 = 407, /* server_prefer_ip4 */ + YYSYMBOL_server_prefer_ip6 = 408, /* server_prefer_ip6 */ + YYSYMBOL_server_tcp_mss = 409, /* server_tcp_mss */ + YYSYMBOL_server_outgoing_tcp_mss = 410, /* server_outgoing_tcp_mss */ + YYSYMBOL_server_tcp_idle_timeout = 411, /* server_tcp_idle_timeout */ + YYSYMBOL_server_max_reuse_tcp_queries = 412, /* server_max_reuse_tcp_queries */ + YYSYMBOL_server_tcp_reuse_timeout = 413, /* server_tcp_reuse_timeout */ + YYSYMBOL_server_tcp_auth_query_timeout = 414, /* server_tcp_auth_query_timeout */ + YYSYMBOL_server_tcp_keepalive = 415, /* server_tcp_keepalive */ + YYSYMBOL_server_tcp_keepalive_timeout = 416, /* server_tcp_keepalive_timeout */ + YYSYMBOL_server_sock_queue_timeout = 417, /* server_sock_queue_timeout */ + YYSYMBOL_server_tcp_upstream = 418, /* server_tcp_upstream */ + YYSYMBOL_server_udp_upstream_without_downstream = 419, /* server_udp_upstream_without_downstream */ + YYSYMBOL_server_ssl_upstream = 420, /* server_ssl_upstream */ + YYSYMBOL_server_ssl_service_key = 421, /* server_ssl_service_key */ + YYSYMBOL_server_ssl_service_pem = 422, /* server_ssl_service_pem */ + YYSYMBOL_server_ssl_port = 423, /* server_ssl_port */ + YYSYMBOL_server_tls_cert_bundle = 424, /* server_tls_cert_bundle */ + YYSYMBOL_server_tls_win_cert = 425, /* server_tls_win_cert */ + YYSYMBOL_server_tls_additional_port = 426, /* server_tls_additional_port */ + YYSYMBOL_server_tls_ciphers = 427, /* server_tls_ciphers */ + YYSYMBOL_server_tls_ciphersuites = 428, /* server_tls_ciphersuites */ + YYSYMBOL_server_tls_session_ticket_keys = 429, /* server_tls_session_ticket_keys */ + YYSYMBOL_server_tls_use_sni = 430, /* server_tls_use_sni */ + YYSYMBOL_server_https_port = 431, /* server_https_port */ + YYSYMBOL_server_http_endpoint = 432, /* server_http_endpoint */ + YYSYMBOL_server_http_max_streams = 433, /* server_http_max_streams */ + YYSYMBOL_server_http_query_buffer_size = 434, /* server_http_query_buffer_size */ + YYSYMBOL_server_http_response_buffer_size = 435, /* server_http_response_buffer_size */ + YYSYMBOL_server_http_nodelay = 436, /* server_http_nodelay */ + YYSYMBOL_server_http_notls_downstream = 437, /* server_http_notls_downstream */ + YYSYMBOL_server_use_systemd = 438, /* server_use_systemd */ + YYSYMBOL_server_do_daemonize = 439, /* server_do_daemonize */ + YYSYMBOL_server_use_syslog = 440, /* server_use_syslog */ + YYSYMBOL_server_log_time_ascii = 441, /* server_log_time_ascii */ + YYSYMBOL_server_log_queries = 442, /* server_log_queries */ + YYSYMBOL_server_log_replies = 443, /* server_log_replies */ + YYSYMBOL_server_log_tag_queryreply = 444, /* server_log_tag_queryreply */ + YYSYMBOL_server_log_servfail = 445, /* server_log_servfail */ + YYSYMBOL_server_log_local_actions = 446, /* server_log_local_actions */ + YYSYMBOL_server_chroot = 447, /* server_chroot */ + YYSYMBOL_server_username = 448, /* server_username */ + YYSYMBOL_server_directory = 449, /* server_directory */ + YYSYMBOL_server_logfile = 450, /* server_logfile */ + YYSYMBOL_server_pidfile = 451, /* server_pidfile */ + YYSYMBOL_server_root_hints = 452, /* server_root_hints */ + YYSYMBOL_server_dlv_anchor_file = 453, /* server_dlv_anchor_file */ + YYSYMBOL_server_dlv_anchor = 454, /* server_dlv_anchor */ + YYSYMBOL_server_auto_trust_anchor_file = 455, /* server_auto_trust_anchor_file */ + YYSYMBOL_server_trust_anchor_file = 456, /* server_trust_anchor_file */ + YYSYMBOL_server_trusted_keys_file = 457, /* server_trusted_keys_file */ + YYSYMBOL_server_trust_anchor = 458, /* server_trust_anchor */ + YYSYMBOL_server_trust_anchor_signaling = 459, /* server_trust_anchor_signaling */ + YYSYMBOL_server_root_key_sentinel = 460, /* server_root_key_sentinel */ + YYSYMBOL_server_domain_insecure = 461, /* server_domain_insecure */ + YYSYMBOL_server_hide_identity = 462, /* server_hide_identity */ + YYSYMBOL_server_hide_version = 463, /* server_hide_version */ + YYSYMBOL_server_hide_trustanchor = 464, /* server_hide_trustanchor */ + YYSYMBOL_server_hide_http_user_agent = 465, /* server_hide_http_user_agent */ + YYSYMBOL_server_identity = 466, /* server_identity */ + YYSYMBOL_server_version = 467, /* server_version */ + YYSYMBOL_server_http_user_agent = 468, /* server_http_user_agent */ + YYSYMBOL_server_nsid = 469, /* server_nsid */ + YYSYMBOL_server_so_rcvbuf = 470, /* server_so_rcvbuf */ + YYSYMBOL_server_so_sndbuf = 471, /* server_so_sndbuf */ + YYSYMBOL_server_so_reuseport = 472, /* server_so_reuseport */ + YYSYMBOL_server_ip_transparent = 473, /* server_ip_transparent */ + YYSYMBOL_server_ip_freebind = 474, /* server_ip_freebind */ + YYSYMBOL_server_ip_dscp = 475, /* server_ip_dscp */ + YYSYMBOL_server_stream_wait_size = 476, /* server_stream_wait_size */ + YYSYMBOL_server_edns_buffer_size = 477, /* server_edns_buffer_size */ + YYSYMBOL_server_msg_buffer_size = 478, /* server_msg_buffer_size */ + YYSYMBOL_server_msg_cache_size = 479, /* server_msg_cache_size */ + YYSYMBOL_server_msg_cache_slabs = 480, /* server_msg_cache_slabs */ + YYSYMBOL_server_num_queries_per_thread = 481, /* server_num_queries_per_thread */ + YYSYMBOL_server_jostle_timeout = 482, /* server_jostle_timeout */ + YYSYMBOL_server_delay_close = 483, /* server_delay_close */ + YYSYMBOL_server_udp_connect = 484, /* server_udp_connect */ + YYSYMBOL_server_unblock_lan_zones = 485, /* server_unblock_lan_zones */ + YYSYMBOL_server_insecure_lan_zones = 486, /* server_insecure_lan_zones */ + YYSYMBOL_server_rrset_cache_size = 487, /* server_rrset_cache_size */ + YYSYMBOL_server_rrset_cache_slabs = 488, /* server_rrset_cache_slabs */ + YYSYMBOL_server_infra_host_ttl = 489, /* server_infra_host_ttl */ + YYSYMBOL_server_infra_lame_ttl = 490, /* server_infra_lame_ttl */ + YYSYMBOL_server_infra_cache_numhosts = 491, /* server_infra_cache_numhosts */ + YYSYMBOL_server_infra_cache_lame_size = 492, /* server_infra_cache_lame_size */ + YYSYMBOL_server_infra_cache_slabs = 493, /* server_infra_cache_slabs */ + YYSYMBOL_server_infra_cache_min_rtt = 494, /* server_infra_cache_min_rtt */ + YYSYMBOL_server_infra_cache_max_rtt = 495, /* server_infra_cache_max_rtt */ + YYSYMBOL_server_infra_keep_probing = 496, /* server_infra_keep_probing */ + YYSYMBOL_server_target_fetch_policy = 497, /* server_target_fetch_policy */ + YYSYMBOL_server_harden_short_bufsize = 498, /* server_harden_short_bufsize */ + YYSYMBOL_server_harden_large_queries = 499, /* server_harden_large_queries */ + YYSYMBOL_server_harden_glue = 500, /* server_harden_glue */ + YYSYMBOL_server_harden_dnssec_stripped = 501, /* server_harden_dnssec_stripped */ + YYSYMBOL_server_harden_below_nxdomain = 502, /* server_harden_below_nxdomain */ + YYSYMBOL_server_harden_referral_path = 503, /* server_harden_referral_path */ + YYSYMBOL_server_harden_algo_downgrade = 504, /* server_harden_algo_downgrade */ + YYSYMBOL_server_harden_unknown_additional = 505, /* server_harden_unknown_additional */ + YYSYMBOL_server_use_caps_for_id = 506, /* server_use_caps_for_id */ + YYSYMBOL_server_caps_whitelist = 507, /* server_caps_whitelist */ + YYSYMBOL_server_private_address = 508, /* server_private_address */ + YYSYMBOL_server_private_domain = 509, /* server_private_domain */ + YYSYMBOL_server_prefetch = 510, /* server_prefetch */ + YYSYMBOL_server_prefetch_key = 511, /* server_prefetch_key */ + YYSYMBOL_server_deny_any = 512, /* server_deny_any */ + YYSYMBOL_server_unwanted_reply_threshold = 513, /* server_unwanted_reply_threshold */ + YYSYMBOL_server_do_not_query_address = 514, /* server_do_not_query_address */ + YYSYMBOL_server_do_not_query_localhost = 515, /* server_do_not_query_localhost */ + YYSYMBOL_server_access_control = 516, /* server_access_control */ + YYSYMBOL_server_interface_action = 517, /* server_interface_action */ + YYSYMBOL_server_module_conf = 518, /* server_module_conf */ + YYSYMBOL_server_val_override_date = 519, /* server_val_override_date */ + YYSYMBOL_server_val_sig_skew_min = 520, /* server_val_sig_skew_min */ + YYSYMBOL_server_val_sig_skew_max = 521, /* server_val_sig_skew_max */ + YYSYMBOL_server_val_max_restart = 522, /* server_val_max_restart */ + YYSYMBOL_server_cache_max_ttl = 523, /* server_cache_max_ttl */ + YYSYMBOL_server_cache_max_negative_ttl = 524, /* server_cache_max_negative_ttl */ + YYSYMBOL_server_cache_min_ttl = 525, /* server_cache_min_ttl */ + YYSYMBOL_server_bogus_ttl = 526, /* server_bogus_ttl */ + YYSYMBOL_server_val_clean_additional = 527, /* server_val_clean_additional */ + YYSYMBOL_server_val_permissive_mode = 528, /* server_val_permissive_mode */ + YYSYMBOL_server_aggressive_nsec = 529, /* server_aggressive_nsec */ + YYSYMBOL_server_ignore_cd_flag = 530, /* server_ignore_cd_flag */ + YYSYMBOL_server_serve_expired = 531, /* server_serve_expired */ + YYSYMBOL_server_serve_expired_ttl = 532, /* server_serve_expired_ttl */ + YYSYMBOL_server_serve_expired_ttl_reset = 533, /* server_serve_expired_ttl_reset */ + YYSYMBOL_server_serve_expired_reply_ttl = 534, /* server_serve_expired_reply_ttl */ + YYSYMBOL_server_serve_expired_client_timeout = 535, /* server_serve_expired_client_timeout */ + YYSYMBOL_server_ede_serve_expired = 536, /* server_ede_serve_expired */ + YYSYMBOL_server_serve_original_ttl = 537, /* server_serve_original_ttl */ + YYSYMBOL_server_fake_dsa = 538, /* server_fake_dsa */ + YYSYMBOL_server_fake_sha1 = 539, /* server_fake_sha1 */ + YYSYMBOL_server_val_log_level = 540, /* server_val_log_level */ + YYSYMBOL_server_val_nsec3_keysize_iterations = 541, /* server_val_nsec3_keysize_iterations */ + YYSYMBOL_server_zonemd_permissive_mode = 542, /* server_zonemd_permissive_mode */ + YYSYMBOL_server_add_holddown = 543, /* server_add_holddown */ + YYSYMBOL_server_del_holddown = 544, /* server_del_holddown */ + YYSYMBOL_server_keep_missing = 545, /* server_keep_missing */ + YYSYMBOL_server_permit_small_holddown = 546, /* server_permit_small_holddown */ + YYSYMBOL_server_key_cache_size = 547, /* server_key_cache_size */ + YYSYMBOL_server_key_cache_slabs = 548, /* server_key_cache_slabs */ + YYSYMBOL_server_neg_cache_size = 549, /* server_neg_cache_size */ + YYSYMBOL_server_local_zone = 550, /* server_local_zone */ + YYSYMBOL_server_local_data = 551, /* server_local_data */ + YYSYMBOL_server_local_data_ptr = 552, /* server_local_data_ptr */ + YYSYMBOL_server_minimal_responses = 553, /* server_minimal_responses */ + YYSYMBOL_server_rrset_roundrobin = 554, /* server_rrset_roundrobin */ + YYSYMBOL_server_unknown_server_time_limit = 555, /* server_unknown_server_time_limit */ + YYSYMBOL_server_max_udp_size = 556, /* server_max_udp_size */ + YYSYMBOL_server_dns64_prefix = 557, /* server_dns64_prefix */ + YYSYMBOL_server_dns64_synthall = 558, /* server_dns64_synthall */ + YYSYMBOL_server_dns64_ignore_aaaa = 559, /* server_dns64_ignore_aaaa */ + YYSYMBOL_server_nat64_prefix = 560, /* server_nat64_prefix */ + YYSYMBOL_server_define_tag = 561, /* server_define_tag */ + YYSYMBOL_server_local_zone_tag = 562, /* server_local_zone_tag */ + YYSYMBOL_server_access_control_tag = 563, /* server_access_control_tag */ + YYSYMBOL_server_access_control_tag_action = 564, /* server_access_control_tag_action */ + YYSYMBOL_server_access_control_tag_data = 565, /* server_access_control_tag_data */ + YYSYMBOL_server_local_zone_override = 566, /* server_local_zone_override */ + YYSYMBOL_server_access_control_view = 567, /* server_access_control_view */ + YYSYMBOL_server_interface_tag = 568, /* server_interface_tag */ + YYSYMBOL_server_interface_tag_action = 569, /* server_interface_tag_action */ + YYSYMBOL_server_interface_tag_data = 570, /* server_interface_tag_data */ + YYSYMBOL_server_interface_view = 571, /* server_interface_view */ + YYSYMBOL_server_response_ip_tag = 572, /* server_response_ip_tag */ + YYSYMBOL_server_ip_ratelimit = 573, /* server_ip_ratelimit */ + YYSYMBOL_server_ip_ratelimit_cookie = 574, /* server_ip_ratelimit_cookie */ + YYSYMBOL_server_ratelimit = 575, /* server_ratelimit */ + YYSYMBOL_server_ip_ratelimit_size = 576, /* server_ip_ratelimit_size */ + YYSYMBOL_server_ratelimit_size = 577, /* server_ratelimit_size */ + YYSYMBOL_server_ip_ratelimit_slabs = 578, /* server_ip_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_slabs = 579, /* server_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_for_domain = 580, /* server_ratelimit_for_domain */ + YYSYMBOL_server_ratelimit_below_domain = 581, /* server_ratelimit_below_domain */ + YYSYMBOL_server_ip_ratelimit_factor = 582, /* server_ip_ratelimit_factor */ + YYSYMBOL_server_ratelimit_factor = 583, /* server_ratelimit_factor */ + YYSYMBOL_server_ip_ratelimit_backoff = 584, /* server_ip_ratelimit_backoff */ + YYSYMBOL_server_ratelimit_backoff = 585, /* server_ratelimit_backoff */ + YYSYMBOL_server_outbound_msg_retry = 586, /* server_outbound_msg_retry */ + YYSYMBOL_server_max_sent_count = 587, /* server_max_sent_count */ + YYSYMBOL_server_max_query_restarts = 588, /* server_max_query_restarts */ + YYSYMBOL_server_low_rtt = 589, /* server_low_rtt */ + YYSYMBOL_server_fast_server_num = 590, /* server_fast_server_num */ + YYSYMBOL_server_fast_server_permil = 591, /* server_fast_server_permil */ + YYSYMBOL_server_qname_minimisation = 592, /* server_qname_minimisation */ + YYSYMBOL_server_qname_minimisation_strict = 593, /* server_qname_minimisation_strict */ + YYSYMBOL_server_pad_responses = 594, /* server_pad_responses */ + YYSYMBOL_server_pad_responses_block_size = 595, /* server_pad_responses_block_size */ + YYSYMBOL_server_pad_queries = 596, /* server_pad_queries */ + YYSYMBOL_server_pad_queries_block_size = 597, /* server_pad_queries_block_size */ + YYSYMBOL_server_ipsecmod_enabled = 598, /* server_ipsecmod_enabled */ + YYSYMBOL_server_ipsecmod_ignore_bogus = 599, /* server_ipsecmod_ignore_bogus */ + YYSYMBOL_server_ipsecmod_hook = 600, /* server_ipsecmod_hook */ + YYSYMBOL_server_ipsecmod_max_ttl = 601, /* server_ipsecmod_max_ttl */ + YYSYMBOL_server_ipsecmod_whitelist = 602, /* server_ipsecmod_whitelist */ + YYSYMBOL_server_ipsecmod_strict = 603, /* server_ipsecmod_strict */ + YYSYMBOL_server_edns_client_string = 604, /* server_edns_client_string */ + YYSYMBOL_server_edns_client_string_opcode = 605, /* server_edns_client_string_opcode */ + YYSYMBOL_server_ede = 606, /* server_ede */ + YYSYMBOL_server_proxy_protocol_port = 607, /* server_proxy_protocol_port */ + YYSYMBOL_stub_name = 608, /* stub_name */ + YYSYMBOL_stub_host = 609, /* stub_host */ + YYSYMBOL_stub_addr = 610, /* stub_addr */ + YYSYMBOL_stub_first = 611, /* stub_first */ + YYSYMBOL_stub_no_cache = 612, /* stub_no_cache */ + YYSYMBOL_stub_ssl_upstream = 613, /* stub_ssl_upstream */ + YYSYMBOL_stub_tcp_upstream = 614, /* stub_tcp_upstream */ + YYSYMBOL_stub_prime = 615, /* stub_prime */ + YYSYMBOL_forward_name = 616, /* forward_name */ + YYSYMBOL_forward_host = 617, /* forward_host */ + YYSYMBOL_forward_addr = 618, /* forward_addr */ + YYSYMBOL_forward_first = 619, /* forward_first */ + YYSYMBOL_forward_no_cache = 620, /* forward_no_cache */ + YYSYMBOL_forward_ssl_upstream = 621, /* forward_ssl_upstream */ + YYSYMBOL_forward_tcp_upstream = 622, /* forward_tcp_upstream */ + YYSYMBOL_auth_name = 623, /* auth_name */ + YYSYMBOL_auth_zonefile = 624, /* auth_zonefile */ + YYSYMBOL_auth_master = 625, /* auth_master */ + YYSYMBOL_auth_url = 626, /* auth_url */ + YYSYMBOL_auth_allow_notify = 627, /* auth_allow_notify */ + YYSYMBOL_auth_zonemd_check = 628, /* auth_zonemd_check */ + YYSYMBOL_auth_zonemd_reject_absence = 629, /* auth_zonemd_reject_absence */ + YYSYMBOL_auth_for_downstream = 630, /* auth_for_downstream */ + YYSYMBOL_auth_for_upstream = 631, /* auth_for_upstream */ + YYSYMBOL_auth_fallback_enabled = 632, /* auth_fallback_enabled */ + YYSYMBOL_view_name = 633, /* view_name */ + YYSYMBOL_view_local_zone = 634, /* view_local_zone */ + YYSYMBOL_view_response_ip = 635, /* view_response_ip */ + YYSYMBOL_view_response_ip_data = 636, /* view_response_ip_data */ + YYSYMBOL_view_local_data = 637, /* view_local_data */ + YYSYMBOL_view_local_data_ptr = 638, /* view_local_data_ptr */ + YYSYMBOL_view_first = 639, /* view_first */ + YYSYMBOL_rcstart = 640, /* rcstart */ + YYSYMBOL_contents_rc = 641, /* contents_rc */ + YYSYMBOL_content_rc = 642, /* content_rc */ + YYSYMBOL_rc_control_enable = 643, /* rc_control_enable */ + YYSYMBOL_rc_control_port = 644, /* rc_control_port */ + YYSYMBOL_rc_control_interface = 645, /* rc_control_interface */ + YYSYMBOL_rc_control_use_cert = 646, /* rc_control_use_cert */ + YYSYMBOL_rc_server_key_file = 647, /* rc_server_key_file */ + YYSYMBOL_rc_server_cert_file = 648, /* rc_server_cert_file */ + YYSYMBOL_rc_control_key_file = 649, /* rc_control_key_file */ + YYSYMBOL_rc_control_cert_file = 650, /* rc_control_cert_file */ + YYSYMBOL_dtstart = 651, /* dtstart */ + YYSYMBOL_contents_dt = 652, /* contents_dt */ + YYSYMBOL_content_dt = 653, /* content_dt */ + YYSYMBOL_dt_dnstap_enable = 654, /* dt_dnstap_enable */ + YYSYMBOL_dt_dnstap_bidirectional = 655, /* dt_dnstap_bidirectional */ + YYSYMBOL_dt_dnstap_socket_path = 656, /* dt_dnstap_socket_path */ + YYSYMBOL_dt_dnstap_ip = 657, /* dt_dnstap_ip */ + YYSYMBOL_dt_dnstap_tls = 658, /* dt_dnstap_tls */ + YYSYMBOL_dt_dnstap_tls_server_name = 659, /* dt_dnstap_tls_server_name */ + YYSYMBOL_dt_dnstap_tls_cert_bundle = 660, /* dt_dnstap_tls_cert_bundle */ + YYSYMBOL_dt_dnstap_tls_client_key_file = 661, /* dt_dnstap_tls_client_key_file */ + YYSYMBOL_dt_dnstap_tls_client_cert_file = 662, /* dt_dnstap_tls_client_cert_file */ + YYSYMBOL_dt_dnstap_send_identity = 663, /* dt_dnstap_send_identity */ + YYSYMBOL_dt_dnstap_send_version = 664, /* dt_dnstap_send_version */ + YYSYMBOL_dt_dnstap_identity = 665, /* dt_dnstap_identity */ + YYSYMBOL_dt_dnstap_version = 666, /* dt_dnstap_version */ + YYSYMBOL_dt_dnstap_log_resolver_query_messages = 667, /* dt_dnstap_log_resolver_query_messages */ + YYSYMBOL_dt_dnstap_log_resolver_response_messages = 668, /* dt_dnstap_log_resolver_response_messages */ + YYSYMBOL_dt_dnstap_log_client_query_messages = 669, /* dt_dnstap_log_client_query_messages */ + YYSYMBOL_dt_dnstap_log_client_response_messages = 670, /* dt_dnstap_log_client_response_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 671, /* dt_dnstap_log_forwarder_query_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 672, /* dt_dnstap_log_forwarder_response_messages */ + YYSYMBOL_pythonstart = 673, /* pythonstart */ + YYSYMBOL_contents_py = 674, /* contents_py */ + YYSYMBOL_content_py = 675, /* content_py */ + YYSYMBOL_py_script = 676, /* py_script */ + YYSYMBOL_dynlibstart = 677, /* dynlibstart */ + YYSYMBOL_contents_dl = 678, /* contents_dl */ + YYSYMBOL_content_dl = 679, /* content_dl */ + YYSYMBOL_dl_file = 680, /* dl_file */ + YYSYMBOL_server_disable_dnssec_lame_check = 681, /* server_disable_dnssec_lame_check */ + YYSYMBOL_server_log_identity = 682, /* server_log_identity */ + YYSYMBOL_server_response_ip = 683, /* server_response_ip */ + YYSYMBOL_server_response_ip_data = 684, /* server_response_ip_data */ + YYSYMBOL_dnscstart = 685, /* dnscstart */ + YYSYMBOL_contents_dnsc = 686, /* contents_dnsc */ + YYSYMBOL_content_dnsc = 687, /* content_dnsc */ + YYSYMBOL_dnsc_dnscrypt_enable = 688, /* dnsc_dnscrypt_enable */ + YYSYMBOL_dnsc_dnscrypt_port = 689, /* dnsc_dnscrypt_port */ + YYSYMBOL_dnsc_dnscrypt_provider = 690, /* dnsc_dnscrypt_provider */ + YYSYMBOL_dnsc_dnscrypt_provider_cert = 691, /* dnsc_dnscrypt_provider_cert */ + YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 692, /* dnsc_dnscrypt_provider_cert_rotated */ + YYSYMBOL_dnsc_dnscrypt_secret_key = 693, /* dnsc_dnscrypt_secret_key */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 694, /* dnsc_dnscrypt_shared_secret_cache_size */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 695, /* dnsc_dnscrypt_shared_secret_cache_slabs */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 696, /* dnsc_dnscrypt_nonce_cache_size */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 697, /* dnsc_dnscrypt_nonce_cache_slabs */ + YYSYMBOL_cachedbstart = 698, /* cachedbstart */ + YYSYMBOL_contents_cachedb = 699, /* contents_cachedb */ + YYSYMBOL_content_cachedb = 700, /* content_cachedb */ + YYSYMBOL_cachedb_backend_name = 701, /* cachedb_backend_name */ + YYSYMBOL_cachedb_secret_seed = 702, /* cachedb_secret_seed */ + YYSYMBOL_redis_server_host = 703, /* redis_server_host */ + YYSYMBOL_redis_server_port = 704, /* redis_server_port */ + YYSYMBOL_redis_server_path = 705, /* redis_server_path */ + YYSYMBOL_redis_server_password = 706, /* redis_server_password */ + YYSYMBOL_redis_timeout = 707, /* redis_timeout */ + YYSYMBOL_redis_expire_records = 708, /* redis_expire_records */ + YYSYMBOL_server_tcp_connection_limit = 709, /* server_tcp_connection_limit */ + YYSYMBOL_server_answer_cookie = 710, /* server_answer_cookie */ + YYSYMBOL_server_cookie_secret = 711, /* server_cookie_secret */ + YYSYMBOL_ipsetstart = 712, /* ipsetstart */ + YYSYMBOL_contents_ipset = 713, /* contents_ipset */ + YYSYMBOL_content_ipset = 714, /* content_ipset */ + YYSYMBOL_ipset_name_v4 = 715, /* ipset_name_v4 */ + YYSYMBOL_ipset_name_v6 = 716 /* ipset_name_v6 */ }; typedef enum yysymbol_kind_t yysymbol_kind_t; @@ -1145,19 +1164,19 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 719 +#define YYLAST 737 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 337 +#define YYNTOKENS 346 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 362 +#define YYNNTS 371 /* YYNRULES -- Number of rules. */ -#define YYNRULES 701 +#define YYNRULES 719 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 1049 +#define YYNSTATES 1076 /* YYMAXUTOK -- Last valid token kind. */ -#define YYMAXUTOK 591 +#define YYMAXUTOK 600 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM @@ -1230,84 +1249,86 @@ static const yytype_int16 yytranslate[] = 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336 + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_int16 yyrline[] = { - 0, 199, 199, 199, 200, 200, 201, 201, 202, 202, - 202, 203, 203, 204, 204, 205, 205, 206, 208, 215, - 221, 222, 223, 223, 223, 224, 224, 225, 225, 225, - 226, 226, 227, 227, 227, 228, 228, 229, 229, 229, - 230, 230, 230, 231, 231, 232, 232, 233, 233, 234, - 234, 235, 235, 236, 236, 237, 237, 238, 238, 239, - 239, 239, 240, 240, 241, 241, 241, 242, 242, 242, - 243, 243, 244, 244, 245, 245, 246, 246, 247, 247, - 247, 248, 248, 249, 249, 250, 250, 250, 251, 251, - 252, 252, 253, 253, 254, 254, 254, 255, 255, 256, - 256, 257, 257, 258, 258, 259, 259, 260, 260, 261, - 261, 262, 262, 263, 263, 263, 264, 264, 264, 265, - 265, 265, 266, 266, 266, 266, 267, 268, 268, 268, - 269, 269, 269, 270, 270, 271, 271, 272, 272, 272, - 273, 273, 273, 274, 274, 275, 275, 275, 276, 276, - 276, 277, 277, 277, 278, 278, 279, 279, 280, 280, - 281, 282, 282, 283, 283, 284, 284, 285, 285, 286, - 286, 287, 287, 288, 288, 289, 289, 290, 290, 291, - 291, 292, 292, 293, 293, 293, 294, 294, 295, 295, - 296, 296, 297, 297, 297, 298, 298, 299, 300, 300, - 301, 301, 302, 303, 303, 304, 304, 305, 305, 305, - 306, 306, 307, 307, 307, 308, 308, 308, 309, 309, - 310, 311, 311, 312, 312, 313, 313, 314, 314, 315, - 315, 315, 316, 316, 316, 317, 317, 317, 318, 318, - 319, 319, 320, 320, 321, 321, 322, 322, 323, 323, - 324, 324, 325, 325, 326, 326, 328, 342, 343, 344, - 344, 344, 344, 344, 345, 345, 345, 347, 361, 362, - 363, 363, 363, 363, 364, 364, 364, 366, 382, 383, - 384, 384, 384, 384, 385, 385, 385, 387, 408, 409, - 410, 410, 410, 410, 411, 411, 411, 412, 412, 412, - 415, 434, 451, 459, 469, 476, 486, 505, 506, 507, - 507, 507, 507, 507, 508, 508, 508, 509, 509, 509, - 509, 511, 520, 529, 540, 549, 558, 567, 576, 587, - 596, 608, 622, 637, 648, 665, 682, 699, 716, 731, - 746, 759, 774, 783, 792, 801, 810, 819, 828, 835, - 844, 853, 862, 871, 880, 889, 898, 907, 920, 931, - 942, 953, 962, 975, 984, 993, 1002, 1009, 1016, 1025, - 1032, 1041, 1049, 1056, 1063, 1071, 1080, 1088, 1104, 1112, - 1120, 1128, 1136, 1144, 1153, 1162, 1176, 1185, 1194, 1203, - 1212, 1221, 1230, 1237, 1244, 1270, 1278, 1285, 1292, 1299, - 1306, 1314, 1322, 1330, 1337, 1348, 1359, 1366, 1375, 1384, - 1393, 1402, 1409, 1416, 1423, 1439, 1447, 1455, 1465, 1475, - 1485, 1499, 1507, 1520, 1531, 1539, 1552, 1561, 1570, 1579, - 1588, 1598, 1608, 1616, 1629, 1638, 1646, 1655, 1663, 1676, - 1685, 1694, 1704, 1711, 1721, 1731, 1741, 1751, 1761, 1771, - 1781, 1791, 1798, 1805, 1812, 1821, 1830, 1839, 1848, 1855, - 1865, 1873, 1882, 1889, 1907, 1920, 1933, 1946, 1955, 1964, - 1973, 1982, 1992, 2002, 2013, 2022, 2031, 2040, 2049, 2058, - 2067, 2076, 2085, 2098, 2111, 2120, 2127, 2136, 2145, 2154, - 2163, 2172, 2180, 2193, 2201, 2256, 2263, 2278, 2288, 2298, - 2305, 2312, 2319, 2328, 2336, 2350, 2371, 2392, 2404, 2416, - 2428, 2437, 2458, 2470, 2482, 2491, 2512, 2521, 2530, 2538, - 2546, 2559, 2572, 2587, 2602, 2611, 2620, 2630, 2640, 2649, - 2658, 2667, 2673, 2682, 2691, 2701, 2711, 2721, 2730, 2740, - 2749, 2762, 2775, 2787, 2801, 2813, 2827, 2836, 2847, 2856, - 2863, 2873, 2880, 2887, 2896, 2905, 2915, 2925, 2935, 2945, - 2952, 2959, 2968, 2977, 2987, 2997, 3007, 3014, 3021, 3028, - 3036, 3046, 3056, 3066, 3076, 3086, 3096, 3152, 3162, 3170, - 3178, 3193, 3202, 3208, 3209, 3210, 3210, 3210, 3211, 3211, - 3211, 3212, 3212, 3214, 3224, 3233, 3240, 3247, 3254, 3261, - 3268, 3275, 3281, 3282, 3283, 3283, 3283, 3284, 3284, 3284, - 3285, 3286, 3286, 3287, 3287, 3288, 3288, 3289, 3290, 3291, - 3292, 3293, 3294, 3296, 3305, 3315, 3322, 3329, 3338, 3345, - 3352, 3359, 3366, 3375, 3384, 3391, 3398, 3408, 3418, 3428, - 3438, 3448, 3458, 3464, 3465, 3466, 3468, 3474, 3480, 3481, - 3482, 3484, 3490, 3500, 3507, 3516, 3524, 3530, 3531, 3533, - 3533, 3533, 3534, 3534, 3535, 3536, 3537, 3538, 3539, 3541, - 3551, 3560, 3567, 3576, 3583, 3592, 3600, 3613, 3621, 3634, - 3640, 3641, 3642, 3642, 3643, 3643, 3643, 3644, 3646, 3658, - 3670, 3682, 3697, 3710, 3723, 3734, 3740, 3741, 3742, 3742, - 3744, 3759 + 0, 204, 204, 204, 205, 205, 206, 206, 207, 207, + 207, 208, 208, 209, 209, 210, 210, 211, 213, 220, + 226, 227, 228, 228, 228, 229, 229, 230, 230, 230, + 231, 231, 231, 232, 232, 232, 233, 233, 234, 235, + 235, 235, 236, 236, 236, 237, 237, 238, 238, 239, + 239, 240, 240, 241, 241, 242, 242, 243, 243, 244, + 244, 245, 245, 245, 246, 246, 247, 247, 247, 248, + 248, 248, 249, 249, 250, 250, 251, 251, 252, 252, + 253, 253, 253, 254, 254, 255, 255, 256, 256, 256, + 257, 257, 258, 258, 259, 259, 260, 260, 260, 261, + 261, 262, 262, 263, 263, 264, 264, 265, 265, 266, + 266, 267, 267, 268, 268, 269, 269, 269, 270, 270, + 270, 271, 271, 271, 272, 272, 272, 272, 273, 274, + 274, 274, 275, 275, 275, 276, 276, 277, 277, 278, + 278, 278, 279, 279, 279, 280, 280, 281, 281, 281, + 282, 283, 283, 283, 284, 284, 284, 285, 285, 286, + 286, 287, 287, 288, 289, 289, 290, 290, 291, 291, + 292, 292, 293, 293, 294, 294, 295, 295, 296, 296, + 297, 297, 298, 298, 299, 299, 300, 300, 300, 301, + 301, 302, 302, 303, 303, 304, 304, 304, 305, 305, + 306, 307, 307, 308, 308, 309, 310, 310, 311, 311, + 312, 312, 312, 313, 313, 314, 314, 314, 315, 315, + 315, 316, 316, 317, 318, 318, 319, 319, 320, 320, + 321, 321, 322, 322, 322, 323, 323, 323, 324, 324, + 324, 325, 325, 326, 326, 327, 327, 328, 328, 328, + 329, 329, 330, 330, 331, 331, 332, 332, 333, 333, + 334, 334, 335, 337, 351, 352, 353, 353, 353, 353, + 353, 354, 354, 354, 356, 370, 371, 372, 372, 372, + 372, 373, 373, 373, 375, 391, 392, 393, 393, 393, + 393, 394, 394, 394, 396, 417, 418, 419, 419, 419, + 419, 420, 420, 420, 421, 421, 421, 424, 443, 460, + 468, 478, 485, 495, 514, 515, 516, 516, 516, 516, + 516, 517, 517, 517, 518, 518, 518, 518, 520, 529, + 538, 549, 558, 567, 576, 585, 596, 605, 617, 631, + 646, 657, 674, 691, 708, 725, 740, 755, 768, 783, + 792, 801, 810, 819, 828, 837, 844, 853, 862, 871, + 880, 889, 898, 907, 916, 925, 938, 949, 960, 971, + 980, 993, 1006, 1015, 1024, 1033, 1040, 1047, 1056, 1063, + 1072, 1080, 1087, 1094, 1102, 1111, 1119, 1135, 1143, 1151, + 1159, 1167, 1175, 1184, 1193, 1207, 1216, 1225, 1234, 1243, + 1252, 1261, 1268, 1275, 1301, 1309, 1316, 1323, 1330, 1337, + 1345, 1353, 1361, 1368, 1379, 1390, 1397, 1406, 1415, 1424, + 1433, 1440, 1447, 1454, 1470, 1478, 1486, 1496, 1506, 1516, + 1530, 1538, 1551, 1562, 1570, 1583, 1592, 1601, 1610, 1619, + 1629, 1639, 1647, 1660, 1669, 1677, 1686, 1694, 1707, 1716, + 1725, 1735, 1742, 1752, 1762, 1772, 1782, 1792, 1802, 1812, + 1822, 1832, 1839, 1846, 1853, 1862, 1871, 1880, 1889, 1896, + 1906, 1914, 1923, 1930, 1948, 1961, 1974, 1987, 1996, 2005, + 2014, 2023, 2033, 2043, 2054, 2063, 2072, 2081, 2090, 2099, + 2108, 2117, 2126, 2139, 2152, 2161, 2168, 2177, 2186, 2195, + 2204, 2214, 2222, 2235, 2243, 2299, 2306, 2321, 2331, 2341, + 2348, 2355, 2362, 2371, 2379, 2386, 2400, 2421, 2442, 2454, + 2466, 2478, 2487, 2508, 2520, 2532, 2541, 2562, 2571, 2580, + 2589, 2597, 2605, 2618, 2631, 2646, 2661, 2670, 2679, 2689, + 2699, 2708, 2717, 2726, 2732, 2741, 2750, 2760, 2770, 2780, + 2789, 2799, 2808, 2821, 2834, 2846, 2860, 2872, 2886, 2895, + 2906, 2915, 2922, 2932, 2939, 2946, 2955, 2964, 2974, 2984, + 2994, 3004, 3011, 3018, 3027, 3036, 3046, 3056, 3066, 3073, + 3080, 3087, 3095, 3105, 3115, 3125, 3135, 3145, 3155, 3211, + 3221, 3229, 3237, 3252, 3261, 3267, 3268, 3269, 3269, 3269, + 3270, 3270, 3270, 3271, 3271, 3273, 3283, 3292, 3299, 3306, + 3313, 3320, 3327, 3334, 3340, 3341, 3342, 3342, 3342, 3343, + 3343, 3343, 3344, 3345, 3345, 3346, 3346, 3347, 3347, 3348, + 3349, 3350, 3351, 3352, 3353, 3355, 3364, 3374, 3381, 3388, + 3397, 3404, 3411, 3418, 3425, 3434, 3443, 3450, 3457, 3467, + 3477, 3487, 3497, 3507, 3517, 3523, 3524, 3525, 3527, 3534, + 3540, 3541, 3542, 3544, 3551, 3561, 3568, 3577, 3585, 3591, + 3592, 3594, 3594, 3594, 3595, 3595, 3596, 3597, 3598, 3599, + 3600, 3602, 3611, 3620, 3627, 3636, 3643, 3652, 3660, 3673, + 3681, 3694, 3700, 3701, 3702, 3702, 3703, 3703, 3703, 3704, + 3704, 3704, 3706, 3718, 3730, 3742, 3757, 3769, 3781, 3794, + 3807, 3818, 3827, 3843, 3849, 3850, 3851, 3851, 3853, 3868 }; #endif @@ -1327,9 +1348,10 @@ static const char *const yytname[] = "NEWLINE", "COMMENT", "COLON", "ANY", "ZONESTR", "STRING_ARG", "VAR_FORCE_TOPLEVEL", "VAR_SERVER", "VAR_VERBOSITY", "VAR_NUM_THREADS", "VAR_PORT", "VAR_OUTGOING_RANGE", "VAR_INTERFACE", "VAR_PREFER_IP4", - "VAR_DO_IP4", "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", - "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", "VAR_TCP_IDLE_TIMEOUT", - "VAR_EDNS_TCP_KEEPALIVE", "VAR_EDNS_TCP_KEEPALIVE_TIMEOUT", "VAR_CHROOT", + "VAR_DO_IP4", "VAR_DO_IP6", "VAR_DO_NAT64", "VAR_PREFER_IP6", + "VAR_DO_UDP", "VAR_DO_TCP", "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", + "VAR_TCP_IDLE_TIMEOUT", "VAR_EDNS_TCP_KEEPALIVE", + "VAR_EDNS_TCP_KEEPALIVE_TIMEOUT", "VAR_SOCK_QUEUE_TIMEOUT", "VAR_CHROOT", "VAR_USERNAME", "VAR_DIRECTORY", "VAR_LOGFILE", "VAR_PIDFILE", "VAR_MSG_CACHE_SIZE", "VAR_MSG_CACHE_SLABS", "VAR_NUM_QUERIES_PER_THREAD", "VAR_RRSET_CACHE_SIZE", @@ -1380,12 +1402,13 @@ static const char *const yytname[] = "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", "VAR_INFRA_CACHE_MAX_RTT", "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", - "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", - "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", "VAR_DNSTAP_TLS", - "VAR_DNSTAP_TLS_SERVER_NAME", "VAR_DNSTAP_TLS_CERT_BUNDLE", - "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", - "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", - "VAR_DNSTAP_BIDIRECTIONAL", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", + "VAR_DNS64_IGNORE_AAAA", "VAR_NAT64_PREFIX", "VAR_DNSTAP", + "VAR_DNSTAP_ENABLE", "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", + "VAR_DNSTAP_TLS", "VAR_DNSTAP_TLS_SERVER_NAME", + "VAR_DNSTAP_TLS_CERT_BUNDLE", "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", + "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", "VAR_DNSTAP_SEND_IDENTITY", + "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_BIDIRECTIONAL", + "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", @@ -1431,12 +1454,14 @@ static const char *const yytname[] = "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", "VAR_CACHEDB", "VAR_CACHEDB_BACKEND", "VAR_CACHEDB_SECRETSEED", "VAR_CACHEDB_REDISHOST", "VAR_CACHEDB_REDISPORT", "VAR_CACHEDB_REDISTIMEOUT", - "VAR_CACHEDB_REDISEXPIRERECORDS", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", + "VAR_CACHEDB_REDISEXPIRERECORDS", "VAR_CACHEDB_REDISPATH", + "VAR_CACHEDB_REDISPASSWORD", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", "VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", "VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", "VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", "VAR_FAST_SERVER_PERMIL", "VAR_FAST_SERVER_NUM", "VAR_ALLOW_NOTIFY", - "VAR_TLS_WIN_CERT", "VAR_TCP_CONNECTION_LIMIT", "VAR_FORWARD_NO_CACHE", + "VAR_TLS_WIN_CERT", "VAR_TCP_CONNECTION_LIMIT", "VAR_ANSWER_COOKIE", + "VAR_COOKIE_SECRET", "VAR_IP_RATELIMIT_COOKIE", "VAR_FORWARD_NO_CACHE", "VAR_STUB_NO_CACHE", "VAR_LOG_SERVFAIL", "VAR_DENY_ANY", "VAR_UNKNOWN_SERVER_TIME_LIMIT", "VAR_LOG_TAG_QUERYREPLY", "VAR_STREAM_WAIT_SIZE", "VAR_TLS_CIPHERS", "VAR_TLS_CIPHERSUITES", @@ -1450,11 +1475,12 @@ static const char *const yytname[] = "VAR_INTERFACE_AUTOMATIC_PORTS", "VAR_EDE", "VAR_INTERFACE_ACTION", "VAR_INTERFACE_VIEW", "VAR_INTERFACE_TAG", "VAR_INTERFACE_TAG_ACTION", "VAR_INTERFACE_TAG_DATA", "VAR_PROXY_PROTOCOL_PORT", - "VAR_STATISTICS_INHIBIT_ZERO", "$accept", "toplevelvars", "toplevelvar", - "force_toplevel", "serverstart", "contents_server", "content_server", - "stubstart", "contents_stub", "content_stub", "forwardstart", - "contents_forward", "content_forward", "viewstart", "contents_view", - "content_view", "authstart", "contents_auth", "content_auth", "rpz_tag", + "VAR_STATISTICS_INHIBIT_ZERO", "VAR_HARDEN_UNKNOWN_ADDITIONAL", + "$accept", "toplevelvars", "toplevelvar", "force_toplevel", + "serverstart", "contents_server", "content_server", "stubstart", + "contents_stub", "content_stub", "forwardstart", "contents_forward", + "content_forward", "viewstart", "contents_view", "content_view", + "authstart", "contents_auth", "content_auth", "rpz_tag", "rpz_action_override", "rpz_cname_override", "rpz_log", "rpz_log_name", "rpz_signal_nxdomain_ra", "rpzstart", "contents_rpz", "content_rpz", "server_num_threads", "server_verbosity", "server_statistics_interval", @@ -1469,49 +1495,50 @@ static const char *const yytname[] = "server_outgoing_port_permit", "server_outgoing_port_avoid", "server_outgoing_num_tcp", "server_incoming_num_tcp", "server_interface_automatic", "server_interface_automatic_ports", - "server_do_ip4", "server_do_ip6", "server_do_udp", "server_do_tcp", - "server_prefer_ip4", "server_prefer_ip6", "server_tcp_mss", - "server_outgoing_tcp_mss", "server_tcp_idle_timeout", + "server_do_ip4", "server_do_ip6", "server_do_nat64", "server_do_udp", + "server_do_tcp", "server_prefer_ip4", "server_prefer_ip6", + "server_tcp_mss", "server_outgoing_tcp_mss", "server_tcp_idle_timeout", "server_max_reuse_tcp_queries", "server_tcp_reuse_timeout", "server_tcp_auth_query_timeout", "server_tcp_keepalive", - "server_tcp_keepalive_timeout", "server_tcp_upstream", - "server_udp_upstream_without_downstream", "server_ssl_upstream", - "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", - "server_tls_cert_bundle", "server_tls_win_cert", - "server_tls_additional_port", "server_tls_ciphers", - "server_tls_ciphersuites", "server_tls_session_ticket_keys", - "server_tls_use_sni", "server_https_port", "server_http_endpoint", - "server_http_max_streams", "server_http_query_buffer_size", - "server_http_response_buffer_size", "server_http_nodelay", - "server_http_notls_downstream", "server_use_systemd", - "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", - "server_log_queries", "server_log_replies", "server_log_tag_queryreply", - "server_log_servfail", "server_log_local_actions", "server_chroot", - "server_username", "server_directory", "server_logfile", - "server_pidfile", "server_root_hints", "server_dlv_anchor_file", - "server_dlv_anchor", "server_auto_trust_anchor_file", - "server_trust_anchor_file", "server_trusted_keys_file", - "server_trust_anchor", "server_trust_anchor_signaling", - "server_root_key_sentinel", "server_domain_insecure", - "server_hide_identity", "server_hide_version", "server_hide_trustanchor", - "server_hide_http_user_agent", "server_identity", "server_version", - "server_http_user_agent", "server_nsid", "server_so_rcvbuf", - "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", - "server_ip_freebind", "server_ip_dscp", "server_stream_wait_size", - "server_edns_buffer_size", "server_msg_buffer_size", - "server_msg_cache_size", "server_msg_cache_slabs", - "server_num_queries_per_thread", "server_jostle_timeout", - "server_delay_close", "server_udp_connect", "server_unblock_lan_zones", - "server_insecure_lan_zones", "server_rrset_cache_size", - "server_rrset_cache_slabs", "server_infra_host_ttl", - "server_infra_lame_ttl", "server_infra_cache_numhosts", - "server_infra_cache_lame_size", "server_infra_cache_slabs", - "server_infra_cache_min_rtt", "server_infra_cache_max_rtt", - "server_infra_keep_probing", "server_target_fetch_policy", - "server_harden_short_bufsize", "server_harden_large_queries", - "server_harden_glue", "server_harden_dnssec_stripped", - "server_harden_below_nxdomain", "server_harden_referral_path", - "server_harden_algo_downgrade", "server_use_caps_for_id", + "server_tcp_keepalive_timeout", "server_sock_queue_timeout", + "server_tcp_upstream", "server_udp_upstream_without_downstream", + "server_ssl_upstream", "server_ssl_service_key", + "server_ssl_service_pem", "server_ssl_port", "server_tls_cert_bundle", + "server_tls_win_cert", "server_tls_additional_port", + "server_tls_ciphers", "server_tls_ciphersuites", + "server_tls_session_ticket_keys", "server_tls_use_sni", + "server_https_port", "server_http_endpoint", "server_http_max_streams", + "server_http_query_buffer_size", "server_http_response_buffer_size", + "server_http_nodelay", "server_http_notls_downstream", + "server_use_systemd", "server_do_daemonize", "server_use_syslog", + "server_log_time_ascii", "server_log_queries", "server_log_replies", + "server_log_tag_queryreply", "server_log_servfail", + "server_log_local_actions", "server_chroot", "server_username", + "server_directory", "server_logfile", "server_pidfile", + "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor", + "server_auto_trust_anchor_file", "server_trust_anchor_file", + "server_trusted_keys_file", "server_trust_anchor", + "server_trust_anchor_signaling", "server_root_key_sentinel", + "server_domain_insecure", "server_hide_identity", "server_hide_version", + "server_hide_trustanchor", "server_hide_http_user_agent", + "server_identity", "server_version", "server_http_user_agent", + "server_nsid", "server_so_rcvbuf", "server_so_sndbuf", + "server_so_reuseport", "server_ip_transparent", "server_ip_freebind", + "server_ip_dscp", "server_stream_wait_size", "server_edns_buffer_size", + "server_msg_buffer_size", "server_msg_cache_size", + "server_msg_cache_slabs", "server_num_queries_per_thread", + "server_jostle_timeout", "server_delay_close", "server_udp_connect", + "server_unblock_lan_zones", "server_insecure_lan_zones", + "server_rrset_cache_size", "server_rrset_cache_slabs", + "server_infra_host_ttl", "server_infra_lame_ttl", + "server_infra_cache_numhosts", "server_infra_cache_lame_size", + "server_infra_cache_slabs", "server_infra_cache_min_rtt", + "server_infra_cache_max_rtt", "server_infra_keep_probing", + "server_target_fetch_policy", "server_harden_short_bufsize", + "server_harden_large_queries", "server_harden_glue", + "server_harden_dnssec_stripped", "server_harden_below_nxdomain", + "server_harden_referral_path", "server_harden_algo_downgrade", + "server_harden_unknown_additional", "server_use_caps_for_id", "server_caps_whitelist", "server_private_address", "server_private_domain", "server_prefetch", "server_prefetch_key", "server_deny_any", "server_unwanted_reply_threshold", @@ -1535,13 +1562,15 @@ static const char *const yytname[] = "server_local_data", "server_local_data_ptr", "server_minimal_responses", "server_rrset_roundrobin", "server_unknown_server_time_limit", "server_max_udp_size", "server_dns64_prefix", "server_dns64_synthall", - "server_dns64_ignore_aaaa", "server_define_tag", "server_local_zone_tag", - "server_access_control_tag", "server_access_control_tag_action", - "server_access_control_tag_data", "server_local_zone_override", - "server_access_control_view", "server_interface_tag", - "server_interface_tag_action", "server_interface_tag_data", - "server_interface_view", "server_response_ip_tag", "server_ip_ratelimit", - "server_ratelimit", "server_ip_ratelimit_size", "server_ratelimit_size", + "server_dns64_ignore_aaaa", "server_nat64_prefix", "server_define_tag", + "server_local_zone_tag", "server_access_control_tag", + "server_access_control_tag_action", "server_access_control_tag_data", + "server_local_zone_override", "server_access_control_view", + "server_interface_tag", "server_interface_tag_action", + "server_interface_tag_data", "server_interface_view", + "server_response_ip_tag", "server_ip_ratelimit", + "server_ip_ratelimit_cookie", "server_ratelimit", + "server_ip_ratelimit_size", "server_ratelimit_size", "server_ip_ratelimit_slabs", "server_ratelimit_slabs", "server_ratelimit_for_domain", "server_ratelimit_below_domain", "server_ip_ratelimit_factor", "server_ratelimit_factor", @@ -1592,9 +1621,10 @@ static const char *const yytname[] = "dnsc_dnscrypt_nonce_cache_size", "dnsc_dnscrypt_nonce_cache_slabs", "cachedbstart", "contents_cachedb", "content_cachedb", "cachedb_backend_name", "cachedb_secret_seed", "redis_server_host", - "redis_server_port", "redis_timeout", "redis_expire_records", - "server_tcp_connection_limit", "ipsetstart", "contents_ipset", - "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR + "redis_server_port", "redis_server_path", "redis_server_password", + "redis_timeout", "redis_expire_records", "server_tcp_connection_limit", + "server_answer_cookie", "server_cookie_secret", "ipsetstart", + "contents_ipset", "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR }; static const char * @@ -1642,11 +1672,12 @@ static const yytype_int16 yytoknum[] = 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591 + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600 }; #endif -#define YYPACT_NINF (-286) +#define YYPACT_NINF (-292) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) @@ -1660,111 +1691,114 @@ static const yytype_int16 yytoknum[] = STATE-NUM. */ static const yytype_int16 yypact[] = { - -286, 252, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -13, 203, 220, 52, 84, 38, 238, 211, - -81, -285, -95, -193, -278, 29, 30, 31, 80, 81, - 91, 92, 120, 121, 132, 146, 147, 148, 149, 161, - 162, 163, 164, 165, 210, 212, 234, 235, 236, 237, - 239, 256, 257, 258, 259, 261, 262, 265, 266, 267, - 270, 273, 276, 286, 287, 290, 291, 292, 293, 295, - 296, 297, 302, 304, 318, 319, 320, 321, 322, 323, - 333, 334, 335, 337, 340, 341, 347, 349, 350, 351, - 353, 359, 365, 366, 367, 368, 369, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 412, 413, 414, 415, - 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, - 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, - 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, - 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 466, 467, 468, 469, 470, 471, 472, 473, 474, 476, - 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, - 487, 488, 489, 490, 491, 492, 494, 495, 496, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 510, 511, 512, 513, 514, 515, 516, 517, 519, 520, - 521, 522, 523, 524, 525, 526, 528, 529, 530, 531, - 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 552, - 553, 554, 556, 557, 558, 559, 560, 562, 563, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, 564, 565, 566, 567, 568, 569, - 570, 571, -286, -286, -286, -286, -286, -286, -286, -286, - -286, 572, 573, 574, 575, 576, 577, 578, -286, -286, - -286, -286, -286, -286, -286, -286, 579, 580, 581, 582, - 583, 584, 585, -286, -286, -286, -286, -286, -286, -286, - -286, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 596, 597, 598, 599, 600, 601, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, 602, 603, 604, 605, 606, 607, 608, 609, -286, - -286, -286, -286, -286, -286, -286, -286, -286, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, 629, -286, -286, - 630, -286, -286, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, 641, 642, 643, 644, 645, 646, - -286, -286, -286, -286, -286, -286, -286, 647, 648, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 649, 650, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, 651, 652, 653, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, 654, - 655, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 656, 657, 658, 659, 660, 661, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, 662, -286, -286, -286, -286, -286, -286, - -286, -286, -286, 663, -286, -286, -286, -286, -286, 664, - 665, 666, 667, 668, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 669, -286, -286, 670, 671, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - 672, 673, 674, -286, -286, -286, -286, -286, -286, 675, - 676, -286, -286, -286, -286, -286, -286, -286, -286 + -292, 266, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -13, 198, 226, 229, 56, 43, 302, -14, + -81, -291, 132, 129, -284, 31, 32, 33, 75, 76, + 77, 78, 79, 81, 82, 83, 89, 94, 121, 122, + 123, 125, 126, 134, 168, 213, 215, 236, 239, 240, + 241, 242, 243, 244, 245, 257, 258, 259, 260, 261, + 262, 264, 269, 270, 275, 278, 284, 285, 294, 295, + 296, 298, 299, 301, 305, 311, 312, 323, 328, 330, + 331, 332, 342, 343, 344, 346, 348, 349, 350, 351, + 352, 353, 361, 363, 364, 366, 367, 369, 370, 371, + 373, 374, 375, 376, 377, 378, 407, 408, 409, 410, + 411, 414, 415, 416, 417, 418, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, + 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 458, 459, 460, 461, 462, 463, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 493, 494, 495, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 515, 516, 517, + 518, 519, 520, 521, 522, 524, 525, 526, 527, 528, + 529, 530, 531, 532, 533, 534, 536, 537, 538, 539, + 540, 541, 542, 543, 544, 545, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 574, 575, 576, 578, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, 579, 580, + 581, 582, 584, 585, 586, 587, -292, -292, -292, -292, + -292, -292, -292, -292, -292, 588, 589, 590, 591, 592, + 593, 594, -292, -292, -292, -292, -292, -292, -292, -292, + 595, 596, 597, 598, 599, 600, 601, -292, -292, -292, + -292, -292, -292, -292, -292, 602, 603, 604, 605, 606, + 607, 608, 609, 610, 611, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, 612, 613, 614, 615, + 616, 617, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, 618, 619, 620, 621, 622, + 623, 624, 625, -292, -292, -292, -292, -292, -292, -292, + -292, -292, 626, 627, 628, 629, 630, 631, 632, 633, + 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, + 644, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, 645, -292, -292, 646, -292, -292, 647, 648, 649, + 650, 651, 652, 653, 654, 655, 656, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, 657, 658, + 659, 660, 661, 662, 663, 664, -292, -292, -292, -292, + -292, -292, -292, -292, -292, 665, 666, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, 667, 668, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, 669, 670, 671, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + 672, 673, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, 674, 675, 676, 677, 678, 679, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, 680, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, 681, -292, -292, + -292, -292, -292, 682, 683, 684, 685, 686, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, 687, -292, -292, + 688, 689, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, 690, 691, 692, + -292, -292, -292, -292, -292, -292, 693, 694, -292, -292, + -292, -292, -292, -292, -292, -292 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -1772,10 +1806,10 @@ static const yytype_int16 yypact[] = means the default is an error. */ static const yytype_int16 yydefact[] = { - 2, 0, 1, 18, 19, 256, 267, 582, 642, 601, - 277, 656, 679, 287, 695, 306, 647, 3, 17, 21, - 258, 269, 279, 289, 308, 584, 603, 644, 649, 658, - 681, 697, 4, 5, 6, 10, 14, 15, 8, 9, + 2, 0, 1, 18, 19, 263, 274, 594, 654, 613, + 284, 668, 691, 294, 713, 313, 659, 3, 17, 21, + 265, 276, 286, 296, 315, 596, 615, 656, 661, 670, + 693, 715, 4, 5, 6, 10, 14, 15, 8, 9, 7, 16, 11, 12, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1799,168 +1833,173 @@ static const yytype_int16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, - 22, 23, 88, 91, 100, 255, 215, 216, 24, 169, - 170, 171, 172, 173, 174, 175, 176, 177, 178, 37, - 79, 25, 92, 93, 48, 72, 87, 252, 26, 27, - 30, 31, 28, 29, 32, 33, 34, 249, 250, 251, - 35, 36, 124, 227, 125, 127, 128, 129, 229, 234, - 230, 241, 242, 243, 244, 130, 131, 132, 133, 134, - 135, 136, 211, 89, 78, 104, 122, 123, 239, 236, - 126, 38, 39, 40, 41, 42, 80, 94, 95, 111, - 66, 76, 67, 219, 220, 105, 58, 59, 218, 62, - 60, 61, 63, 247, 115, 119, 140, 151, 183, 154, - 240, 116, 73, 43, 44, 45, 102, 141, 142, 143, - 144, 46, 47, 49, 50, 52, 53, 51, 148, 149, - 155, 54, 55, 56, 64, 83, 120, 97, 150, 90, - 179, 98, 99, 117, 118, 237, 103, 57, 81, 84, - 192, 65, 68, 106, 107, 108, 82, 180, 109, 69, - 70, 71, 228, 121, 202, 203, 204, 205, 206, 207, - 208, 209, 217, 110, 77, 248, 112, 113, 114, 181, - 74, 75, 96, 85, 86, 101, 137, 138, 238, 139, - 145, 146, 147, 184, 185, 187, 189, 190, 188, 191, - 194, 195, 196, 193, 212, 152, 153, 158, 159, 156, - 157, 160, 161, 163, 162, 165, 164, 166, 167, 168, - 231, 233, 232, 182, 197, 198, 199, 200, 201, 221, - 223, 222, 224, 225, 226, 245, 246, 253, 254, 186, - 210, 213, 214, 235, 0, 0, 0, 0, 0, 0, - 0, 0, 257, 259, 260, 261, 263, 264, 265, 266, - 262, 0, 0, 0, 0, 0, 0, 0, 268, 270, - 271, 272, 273, 274, 275, 276, 0, 0, 0, 0, - 0, 0, 0, 278, 280, 281, 284, 285, 282, 286, - 283, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 288, 290, 291, 292, 293, 297, 298, 299, 294, - 295, 296, 0, 0, 0, 0, 0, 0, 311, 315, - 316, 317, 318, 319, 307, 309, 310, 312, 313, 314, - 320, 0, 0, 0, 0, 0, 0, 0, 0, 583, - 585, 587, 586, 592, 588, 589, 590, 591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 602, 604, 606, - 605, 607, 608, 609, 610, 611, 612, 613, 614, 615, - 616, 617, 618, 619, 620, 621, 622, 0, 643, 645, - 0, 648, 650, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 657, 659, 660, 661, 663, 664, 662, - 665, 666, 667, 668, 0, 0, 0, 0, 0, 0, - 680, 682, 683, 684, 685, 686, 687, 0, 0, 696, - 698, 699, 322, 321, 329, 342, 340, 353, 349, 350, - 354, 351, 352, 355, 356, 357, 361, 362, 392, 393, - 394, 395, 396, 424, 425, 426, 432, 433, 345, 434, - 435, 438, 436, 437, 442, 443, 444, 458, 407, 408, - 411, 412, 445, 462, 401, 403, 463, 470, 471, 472, - 346, 423, 491, 492, 402, 485, 385, 341, 397, 459, - 467, 446, 0, 0, 495, 347, 323, 384, 450, 324, - 343, 344, 398, 399, 493, 448, 452, 453, 359, 358, - 325, 496, 427, 457, 386, 406, 464, 465, 466, 469, - 484, 400, 489, 487, 488, 415, 422, 454, 455, 416, - 417, 447, 474, 387, 388, 391, 363, 365, 360, 366, - 367, 368, 369, 376, 377, 378, 379, 380, 381, 382, - 497, 498, 500, 428, 429, 430, 431, 439, 440, 441, - 501, 502, 503, 0, 0, 0, 449, 418, 420, 652, - 516, 520, 518, 517, 521, 519, 528, 529, 530, 0, - 0, 524, 525, 526, 527, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 451, 468, 490, 534, 535, - 419, 504, 0, 0, 0, 0, 0, 0, 475, 476, - 477, 478, 479, 480, 481, 482, 483, 653, 409, 410, - 413, 404, 473, 383, 327, 328, 405, 536, 537, 538, - 539, 540, 542, 541, 543, 544, 545, 364, 371, 531, - 533, 532, 370, 0, 390, 456, 499, 389, 421, 372, - 373, 375, 374, 0, 547, 414, 486, 348, 548, 0, - 0, 0, 0, 0, 549, 326, 550, 551, 552, 557, - 555, 556, 553, 554, 558, 559, 560, 561, 563, 564, - 562, 575, 0, 579, 580, 0, 0, 581, 565, 573, - 566, 567, 568, 572, 574, 569, 570, 571, 300, 301, - 302, 303, 304, 305, 593, 595, 594, 597, 598, 599, - 600, 596, 623, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 624, 634, 635, 636, 637, 638, 639, 640, - 641, 646, 651, 669, 670, 671, 674, 672, 673, 675, - 676, 677, 678, 688, 689, 690, 691, 692, 693, 700, - 701, 460, 494, 515, 654, 655, 522, 523, 505, 506, - 0, 0, 0, 510, 694, 546, 461, 514, 511, 0, - 0, 576, 577, 578, 509, 507, 508, 512, 513 + 0, 0, 0, 0, 0, 0, 20, 22, 23, 90, + 93, 102, 261, 218, 219, 24, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 181, 39, 81, 25, 94, + 95, 50, 74, 89, 258, 26, 27, 28, 31, 32, + 29, 30, 33, 34, 35, 255, 256, 257, 36, 37, + 38, 126, 230, 127, 129, 130, 131, 232, 237, 233, + 244, 245, 246, 250, 132, 133, 134, 135, 136, 137, + 138, 214, 91, 80, 106, 124, 125, 242, 239, 128, + 40, 41, 42, 43, 44, 82, 96, 97, 113, 68, + 78, 69, 222, 223, 107, 60, 61, 221, 64, 62, + 63, 65, 253, 117, 121, 142, 154, 186, 157, 243, + 118, 75, 45, 46, 47, 104, 143, 144, 145, 146, + 48, 49, 51, 52, 54, 55, 53, 151, 152, 158, + 56, 57, 58, 66, 85, 122, 99, 153, 262, 92, + 182, 100, 101, 119, 120, 240, 105, 59, 83, 86, + 195, 67, 70, 108, 109, 110, 84, 183, 111, 71, + 72, 73, 231, 123, 205, 206, 207, 208, 209, 210, + 211, 212, 220, 112, 79, 254, 114, 115, 116, 184, + 76, 77, 98, 87, 88, 103, 139, 140, 241, 141, + 147, 148, 149, 150, 187, 188, 190, 192, 193, 191, + 194, 197, 198, 199, 196, 215, 155, 249, 156, 161, + 162, 159, 160, 163, 164, 166, 165, 168, 167, 169, + 170, 171, 234, 236, 235, 185, 200, 201, 202, 203, + 204, 224, 226, 225, 227, 228, 229, 251, 252, 259, + 260, 189, 213, 216, 217, 238, 247, 248, 0, 0, + 0, 0, 0, 0, 0, 0, 264, 266, 267, 268, + 270, 271, 272, 273, 269, 0, 0, 0, 0, 0, + 0, 0, 275, 277, 278, 279, 280, 281, 282, 283, + 0, 0, 0, 0, 0, 0, 0, 285, 287, 288, + 291, 292, 289, 293, 290, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 295, 297, 298, 299, 300, + 304, 305, 306, 301, 302, 303, 0, 0, 0, 0, + 0, 0, 318, 322, 323, 324, 325, 326, 314, 316, + 317, 319, 320, 321, 327, 0, 0, 0, 0, 0, + 0, 0, 0, 595, 597, 599, 598, 604, 600, 601, + 602, 603, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 614, 616, 618, 617, 619, 620, 621, 622, 623, + 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, + 634, 0, 655, 657, 0, 660, 662, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 669, 671, 672, + 673, 675, 676, 674, 677, 678, 679, 680, 0, 0, + 0, 0, 0, 0, 0, 0, 692, 694, 695, 696, + 697, 700, 701, 698, 699, 0, 0, 714, 716, 717, + 329, 328, 336, 349, 347, 361, 356, 357, 358, 362, + 359, 360, 363, 364, 365, 369, 370, 371, 401, 402, + 403, 404, 405, 433, 434, 435, 441, 442, 352, 443, + 444, 447, 445, 446, 451, 452, 453, 468, 416, 417, + 420, 421, 454, 472, 410, 412, 473, 480, 481, 482, + 353, 432, 501, 502, 411, 495, 394, 348, 406, 469, + 477, 455, 0, 0, 505, 354, 330, 393, 460, 331, + 350, 351, 407, 408, 503, 457, 462, 463, 367, 366, + 332, 506, 436, 467, 395, 415, 474, 475, 476, 479, + 494, 409, 499, 497, 498, 424, 431, 464, 465, 425, + 426, 456, 484, 396, 397, 400, 372, 374, 368, 375, + 376, 377, 378, 385, 386, 387, 388, 389, 390, 391, + 507, 508, 510, 437, 438, 439, 440, 448, 449, 450, + 511, 512, 513, 514, 0, 0, 0, 458, 427, 429, + 664, 527, 532, 530, 529, 533, 531, 540, 541, 542, + 0, 0, 536, 537, 538, 539, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 461, 478, 500, 546, + 547, 428, 515, 0, 0, 0, 0, 0, 0, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 665, 418, + 419, 422, 413, 483, 392, 334, 335, 414, 548, 549, + 550, 551, 552, 554, 553, 555, 556, 557, 373, 380, + 543, 545, 544, 379, 0, 711, 712, 528, 399, 466, + 509, 398, 430, 381, 382, 384, 383, 0, 559, 423, + 496, 355, 560, 0, 0, 0, 0, 0, 561, 333, + 459, 562, 563, 564, 569, 567, 568, 565, 566, 570, + 571, 572, 573, 575, 576, 574, 587, 0, 591, 592, + 0, 0, 593, 577, 585, 578, 579, 580, 584, 586, + 581, 582, 583, 307, 308, 309, 310, 311, 312, 605, + 607, 606, 609, 610, 611, 612, 608, 635, 637, 638, + 639, 640, 641, 642, 643, 644, 645, 636, 646, 647, + 648, 649, 650, 651, 652, 653, 658, 663, 681, 682, + 683, 686, 684, 685, 687, 688, 689, 690, 702, 703, + 704, 705, 708, 709, 706, 707, 718, 719, 470, 504, + 526, 666, 667, 534, 535, 516, 517, 0, 0, 0, + 521, 710, 558, 471, 525, 522, 0, 0, 588, 589, + 590, 520, 518, 519, 523, 524 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 677, 678, 679, 680, 681, -286, -286, 682, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286 + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, 695, 696, 697, + 698, 699, -292, -292, 700, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - 0, 1, 17, 18, 19, 32, 279, 20, 33, 522, - 21, 34, 538, 22, 35, 553, 23, 36, 571, 588, - 589, 590, 591, 592, 593, 24, 37, 594, 280, 281, - 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, - 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, - 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, - 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, - 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 523, 524, 525, - 526, 527, 528, 529, 530, 539, 540, 541, 542, 543, - 544, 545, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 554, 555, 556, 557, 558, 559, 560, 25, - 38, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 26, 39, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 27, 40, 658, 659, 28, 41, 661, 662, - 509, 510, 511, 512, 29, 42, 673, 674, 675, 676, - 677, 678, 679, 680, 681, 682, 683, 30, 43, 690, - 691, 692, 693, 694, 695, 696, 513, 31, 44, 699, - 700, 701 + 0, 1, 17, 18, 19, 32, 286, 20, 33, 536, + 21, 34, 552, 22, 35, 567, 23, 36, 585, 602, + 603, 604, 605, 606, 607, 24, 37, 608, 287, 288, + 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, + 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, + 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, + 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, + 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, + 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, + 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, + 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, + 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, + 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, + 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, + 519, 520, 537, 538, 539, 540, 541, 542, 543, 544, + 553, 554, 555, 556, 557, 558, 559, 586, 587, 588, + 589, 590, 591, 592, 593, 594, 595, 568, 569, 570, + 571, 572, 573, 574, 25, 38, 623, 624, 625, 626, + 627, 628, 629, 630, 631, 26, 39, 651, 652, 653, + 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, + 664, 665, 666, 667, 668, 669, 670, 27, 40, 672, + 673, 28, 41, 675, 676, 521, 522, 523, 524, 29, + 42, 687, 688, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 30, 43, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 525, 526, 527, 31, 44, 717, 718, + 719 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -1971,75 +2010,77 @@ static const yytype_int16 yytable[] = 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 697, 698, 657, 660, 77, 78, 79, 702, - 703, 704, 80, 81, 82, 83, 84, 85, 86, 87, + 75, 76, 77, 78, 715, 716, 671, 674, 79, 80, + 81, 720, 721, 722, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, - 118, 119, 120, 561, 684, 685, 686, 687, 688, 689, - 705, 706, 121, 122, 123, 124, 125, 546, 126, 127, - 128, 707, 708, 129, 130, 131, 132, 133, 134, 135, + 118, 119, 120, 121, 122, 723, 724, 725, 726, 727, + 575, 728, 729, 730, 123, 124, 125, 126, 127, 731, + 128, 129, 130, 575, 732, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, - 146, 147, 148, 149, 150, 151, 152, 153, 154, 561, - 709, 710, 155, 547, 548, 156, 157, 158, 159, 160, - 161, 162, 711, 163, 164, 165, 166, 167, 168, 169, - 170, 171, 172, 173, 174, 175, 712, 713, 714, 715, - 549, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 716, 717, 718, 719, 720, 176, 177, 178, 179, + 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 733, 734, 735, 157, 736, 737, 158, 159, 160, + 161, 162, 163, 164, 738, 165, 166, 167, 168, 169, + 170, 171, 172, 173, 174, 175, 176, 177, 178, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 739, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 721, 220, 722, 221, 222, 223, 224, 225, 226, 227, + 220, 221, 222, 740, 223, 741, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, - 238, 239, 550, 551, 723, 724, 725, 726, 514, 727, - 515, 516, 2, 240, 241, 242, 243, 244, 245, 246, - 247, 248, 249, 3, 4, 531, 728, 729, 730, 731, - 250, 732, 733, 532, 533, 734, 735, 736, 251, 252, - 737, 253, 254, 738, 255, 256, 739, 552, 257, 258, - 259, 260, 261, 262, 263, 264, 740, 741, 5, 265, - 742, 743, 744, 745, 6, 746, 747, 748, 266, 267, - 268, 269, 749, 517, 750, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 563, 564, 565, 566, 751, 752, - 753, 754, 755, 756, 568, 601, 602, 603, 604, 605, - 606, 607, 608, 757, 758, 759, 518, 760, 7, 519, - 761, 762, 582, 583, 584, 585, 586, 763, 520, 764, - 765, 766, 534, 767, 535, 587, 8, 536, 562, 768, - 563, 564, 565, 566, 567, 769, 770, 771, 772, 773, - 568, 618, 619, 620, 621, 622, 623, 624, 625, 626, - 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, - 774, 775, 776, 777, 778, 779, 780, 781, 782, 569, - 570, 783, 784, 785, 786, 787, 788, 789, 790, 791, - 792, 9, 793, 794, 795, 796, 797, 798, 799, 800, - 801, 802, 803, 804, 805, 806, 807, 808, 809, 810, - 811, 812, 813, 814, 815, 816, 817, 818, 819, 820, + 238, 239, 240, 241, 242, 528, 742, 529, 530, 743, + 744, 745, 746, 747, 748, 749, 243, 244, 245, 246, + 247, 248, 249, 250, 251, 252, 2, 750, 751, 752, + 753, 754, 755, 545, 756, 253, 560, 3, 4, 757, + 758, 546, 547, 254, 255, 759, 256, 257, 760, 258, + 259, 260, 261, 262, 761, 762, 263, 264, 265, 266, + 267, 268, 269, 270, 763, 764, 765, 271, 766, 767, + 531, 768, 561, 562, 5, 769, 272, 273, 274, 275, + 6, 770, 771, 276, 277, 278, 279, 280, 281, 282, + 283, 284, 285, 772, 577, 578, 579, 580, 773, 563, + 774, 775, 776, 532, 582, 576, 533, 577, 578, 579, + 580, 581, 777, 778, 779, 534, 780, 582, 781, 782, + 783, 784, 785, 786, 7, 596, 597, 598, 599, 600, + 548, 787, 549, 788, 789, 550, 790, 791, 601, 792, + 793, 794, 8, 795, 796, 797, 798, 799, 800, 583, + 584, 677, 678, 679, 680, 681, 682, 683, 684, 685, + 686, 615, 616, 617, 618, 619, 620, 621, 622, 698, + 699, 700, 701, 702, 703, 704, 705, 801, 802, 803, + 804, 805, 564, 565, 806, 807, 808, 809, 810, 811, + 812, 813, 814, 815, 816, 817, 818, 819, 9, 820, 821, 822, 823, 824, 825, 826, 827, 828, 829, 830, 831, 832, 833, 834, 835, 836, 837, 838, 839, 840, - 841, 842, 843, 844, 845, 846, 847, 848, 849, 850, - 851, 852, 853, 854, 855, 10, 856, 857, 858, 859, + 841, 842, 843, 844, 845, 846, 847, 566, 848, 849, + 850, 851, 852, 853, 854, 855, 856, 857, 858, 859, 860, 861, 862, 863, 864, 865, 866, 867, 868, 869, - 870, 871, 872, 521, 873, 874, 875, 11, 876, 877, - 878, 879, 880, 881, 882, 883, 884, 885, 886, 537, - 887, 888, 889, 890, 891, 892, 893, 894, 12, 895, - 896, 897, 898, 899, 900, 901, 902, 13, 903, 904, - 905, 906, 907, 908, 909, 910, 911, 912, 913, 914, - 915, 916, 917, 918, 919, 920, 921, 922, 923, 924, - 925, 14, 926, 927, 928, 15, 929, 930, 931, 932, - 933, 16, 934, 935, 936, 937, 938, 939, 940, 941, - 942, 943, 944, 945, 946, 947, 948, 949, 950, 951, - 952, 953, 954, 955, 956, 957, 958, 959, 960, 961, - 962, 963, 964, 965, 966, 967, 968, 969, 970, 971, - 972, 973, 974, 975, 976, 977, 978, 979, 980, 981, - 982, 983, 984, 985, 986, 987, 988, 989, 990, 991, - 992, 993, 994, 995, 996, 997, 998, 999, 1000, 1001, - 1002, 1003, 1004, 1005, 1006, 1007, 1008, 1009, 1010, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 1022, 1023, 1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, - 1032, 1033, 1034, 1035, 1036, 1037, 1038, 1039, 1040, 1041, - 1042, 1043, 1044, 1045, 1046, 1047, 1048, 0, 0, 0, + 870, 871, 872, 873, 874, 875, 876, 877, 878, 879, + 880, 881, 10, 882, 883, 884, 535, 885, 886, 887, + 888, 889, 890, 891, 892, 893, 894, 895, 896, 897, + 898, 899, 900, 901, 11, 902, 903, 904, 905, 906, + 907, 908, 909, 551, 910, 911, 912, 913, 914, 915, + 916, 917, 918, 919, 920, 12, 921, 922, 923, 924, + 925, 926, 927, 928, 929, 930, 13, 931, 932, 933, + 934, 935, 936, 937, 938, 939, 940, 941, 942, 943, + 944, 945, 946, 947, 948, 949, 950, 951, 952, 953, + 954, 955, 956, 14, 957, 958, 959, 15, 960, 961, + 962, 963, 964, 16, 965, 966, 967, 968, 969, 970, + 971, 972, 973, 974, 975, 976, 977, 978, 979, 980, + 981, 982, 983, 984, 985, 986, 987, 988, 989, 990, + 991, 992, 993, 994, 995, 996, 997, 998, 999, 1000, + 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, 1009, 1010, + 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, + 1021, 1022, 1023, 1024, 1025, 1026, 1027, 1028, 1029, 1030, + 1031, 1032, 1033, 1034, 1035, 1036, 1037, 1038, 1039, 1040, + 1041, 1042, 1043, 1044, 1045, 1046, 1047, 1048, 1049, 1050, + 1051, 1052, 1053, 1054, 1055, 1056, 1057, 1058, 1059, 1060, + 1061, 1062, 1063, 1064, 1065, 1066, 1067, 1068, 1069, 1070, + 1071, 1072, 1073, 1074, 1075, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 595, 596, 597, 598, 599, 600 + 0, 0, 609, 610, 611, 612, 613, 614 }; static const yytype_int16 yycheck[] = @@ -2047,61 +2088,63 @@ static const yytype_int16 yycheck[] = 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, - 43, 44, 310, 311, 115, 320, 49, 50, 51, 10, - 10, 10, 55, 56, 57, 58, 59, 60, 61, 62, + 43, 44, 45, 46, 318, 319, 117, 328, 51, 52, + 53, 10, 10, 10, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, - 93, 94, 95, 45, 277, 278, 279, 280, 281, 282, - 10, 10, 105, 106, 107, 108, 109, 45, 111, 112, - 113, 10, 10, 116, 117, 118, 119, 120, 121, 122, + 93, 94, 95, 96, 97, 10, 10, 10, 10, 10, + 47, 10, 10, 10, 107, 108, 109, 110, 111, 10, + 113, 114, 115, 47, 10, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 139, 140, 141, 45, - 10, 10, 145, 81, 82, 148, 149, 150, 151, 152, - 153, 154, 10, 156, 157, 158, 159, 160, 161, 162, - 163, 164, 165, 166, 167, 168, 10, 10, 10, 10, - 108, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 10, 10, 10, 10, 10, 189, 190, 191, 192, + 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, + 143, 10, 10, 10, 147, 10, 10, 150, 151, 152, + 153, 154, 155, 156, 10, 158, 159, 160, 161, 162, + 163, 164, 165, 166, 167, 168, 169, 170, 171, 173, + 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, + 184, 185, 186, 187, 188, 189, 190, 191, 10, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 10, 234, 10, 236, 237, 238, 239, 240, 241, 242, + 233, 234, 235, 10, 237, 10, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, - 253, 254, 190, 191, 10, 10, 10, 10, 45, 10, - 47, 48, 0, 266, 267, 268, 269, 270, 271, 272, - 273, 274, 275, 11, 12, 45, 10, 10, 10, 10, - 283, 10, 10, 53, 54, 10, 10, 10, 291, 292, - 10, 294, 295, 10, 297, 298, 10, 235, 301, 302, - 303, 304, 305, 306, 307, 308, 10, 10, 46, 312, - 10, 10, 10, 10, 52, 10, 10, 10, 321, 322, - 323, 324, 10, 110, 10, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 286, 287, 288, 289, 10, 10, - 10, 10, 10, 10, 296, 97, 98, 99, 100, 101, - 102, 103, 104, 10, 10, 10, 143, 10, 96, 146, - 10, 10, 314, 315, 316, 317, 318, 10, 155, 10, - 10, 10, 142, 10, 144, 327, 114, 147, 284, 10, - 286, 287, 288, 289, 290, 10, 10, 10, 10, 10, - 296, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 325, - 326, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 169, 10, 10, 10, 10, 10, 10, 10, 10, + 253, 254, 255, 256, 257, 47, 10, 49, 50, 10, + 10, 10, 10, 10, 10, 10, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 10, 10, 10, + 10, 10, 10, 47, 10, 288, 47, 11, 12, 10, + 10, 55, 56, 296, 297, 10, 299, 300, 10, 302, + 303, 304, 305, 306, 10, 10, 309, 310, 311, 312, + 313, 314, 315, 316, 10, 10, 10, 320, 10, 10, + 112, 10, 83, 84, 48, 10, 329, 330, 331, 332, + 54, 10, 10, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 10, 291, 292, 293, 294, 10, 110, + 10, 10, 10, 145, 301, 289, 148, 291, 292, 293, + 294, 295, 10, 10, 10, 157, 10, 301, 10, 10, + 10, 10, 10, 10, 98, 322, 323, 324, 325, 326, + 144, 10, 146, 10, 10, 149, 10, 10, 335, 10, + 10, 10, 116, 10, 10, 10, 10, 10, 10, 333, + 334, 259, 260, 261, 262, 263, 264, 265, 266, 267, + 268, 99, 100, 101, 102, 103, 104, 105, 106, 280, + 281, 282, 283, 284, 285, 286, 287, 10, 10, 10, + 10, 10, 193, 194, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 172, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 238, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 233, 10, 10, 10, 10, + 10, 10, 236, 10, 10, 10, 308, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 300, 10, 10, 10, 255, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 299, - 10, 10, 10, 10, 10, 10, 10, 10, 276, 10, - 10, 10, 10, 10, 10, 10, 10, 285, 10, 10, + 10, 10, 10, 10, 258, 10, 10, 10, 10, 10, + 10, 10, 10, 307, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 279, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 290, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 309, 10, 10, 10, 313, 10, 10, 10, 10, - 10, 319, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 317, 10, 10, 10, 321, 10, 10, + 10, 10, 10, 327, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -2112,87 +2155,90 @@ static const yytype_int16 yycheck[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, -1, -1, -1, + 10, 10, 10, 10, 10, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 37, 37, 37, 37, 37, 37 + -1, -1, 37, 37, 37, 37, 37, 37 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_int16 yystos[] = { - 0, 338, 0, 11, 12, 46, 52, 96, 114, 169, - 233, 255, 276, 285, 309, 313, 319, 339, 340, 341, - 344, 347, 350, 353, 362, 626, 637, 659, 663, 671, - 684, 694, 342, 345, 348, 351, 354, 363, 627, 638, - 660, 664, 672, 685, 695, 13, 14, 15, 16, 17, + 0, 347, 0, 11, 12, 48, 54, 98, 116, 172, + 236, 258, 279, 290, 317, 321, 327, 348, 349, 350, + 353, 356, 359, 362, 371, 640, 651, 673, 677, 685, + 698, 712, 351, 354, 357, 360, 363, 372, 641, 652, + 674, 678, 686, 699, 713, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 49, 50, 51, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 38, 39, 40, 41, 42, 43, 44, 45, 46, 51, + 52, 53, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, - 95, 105, 106, 107, 108, 109, 111, 112, 113, 116, - 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, + 95, 96, 97, 107, 108, 109, 110, 111, 113, 114, + 115, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 141, 145, 148, 149, 150, 151, - 152, 153, 154, 156, 157, 158, 159, 160, 161, 162, - 163, 164, 165, 166, 167, 168, 189, 190, 191, 192, + 137, 138, 139, 140, 141, 142, 143, 147, 150, 151, + 152, 153, 154, 155, 156, 158, 159, 160, 161, 162, + 163, 164, 165, 166, 167, 168, 169, 170, 171, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 234, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 233, 234, 235, 237, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 283, 291, 292, 294, 295, 297, 298, 301, 302, 303, - 304, 305, 306, 307, 308, 312, 321, 322, 323, 324, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 343, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 667, - 668, 669, 670, 693, 45, 47, 48, 110, 143, 146, - 155, 300, 346, 594, 595, 596, 597, 598, 599, 600, - 601, 45, 53, 54, 142, 144, 147, 299, 349, 602, - 603, 604, 605, 606, 607, 608, 45, 81, 82, 108, - 190, 191, 235, 352, 619, 620, 621, 622, 623, 624, - 625, 45, 284, 286, 287, 288, 289, 290, 296, 325, - 326, 355, 609, 610, 611, 612, 613, 614, 615, 616, - 617, 618, 314, 315, 316, 317, 318, 327, 356, 357, - 358, 359, 360, 361, 364, 609, 610, 611, 612, 613, - 616, 97, 98, 99, 100, 101, 102, 103, 104, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 170, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, - 182, 183, 184, 185, 186, 187, 188, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 115, 661, 662, - 320, 665, 666, 256, 257, 258, 259, 260, 261, 262, - 263, 264, 265, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, 277, 278, 279, 280, 281, 282, - 686, 687, 688, 689, 690, 691, 692, 310, 311, 696, - 697, 698, 10, 10, 10, 10, 10, 10, 10, 10, + 255, 256, 257, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 288, 296, 297, 299, 300, 302, 303, + 304, 305, 306, 309, 310, 311, 312, 313, 314, 315, + 316, 320, 329, 330, 331, 332, 336, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 352, 374, 375, 376, + 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, + 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, + 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, + 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, + 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, + 607, 681, 682, 683, 684, 709, 710, 711, 47, 49, + 50, 112, 145, 148, 157, 308, 355, 608, 609, 610, + 611, 612, 613, 614, 615, 47, 55, 56, 144, 146, + 149, 307, 358, 616, 617, 618, 619, 620, 621, 622, + 47, 83, 84, 110, 193, 194, 238, 361, 633, 634, + 635, 636, 637, 638, 639, 47, 289, 291, 292, 293, + 294, 295, 301, 333, 334, 364, 623, 624, 625, 626, + 627, 628, 629, 630, 631, 632, 322, 323, 324, 325, + 326, 335, 365, 366, 367, 368, 369, 370, 373, 623, + 624, 625, 626, 627, 630, 99, 100, 101, 102, 103, + 104, 105, 106, 642, 643, 644, 645, 646, 647, 648, + 649, 650, 173, 174, 175, 176, 177, 178, 179, 180, + 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 191, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 117, 675, 676, 328, 679, 680, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 687, 688, 689, + 690, 691, 692, 693, 694, 695, 696, 697, 280, 281, + 282, 283, 284, 285, 286, 287, 700, 701, 702, 703, + 704, 705, 706, 707, 708, 318, 319, 714, 715, 716, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -2226,83 +2272,84 @@ static const yytype_int16 yystos[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10 + 10, 10, 10, 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_int16 yyr1[] = { - 0, 337, 338, 338, 339, 339, 339, 339, 339, 339, - 339, 339, 339, 339, 339, 339, 339, 339, 340, 341, - 342, 342, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 343, 343, 343, 343, 343, 343, 344, 345, 345, 346, - 346, 346, 346, 346, 346, 346, 346, 347, 348, 348, - 349, 349, 349, 349, 349, 349, 349, 350, 351, 351, - 352, 352, 352, 352, 352, 352, 352, 353, 354, 354, - 355, 355, 355, 355, 355, 355, 355, 355, 355, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 363, 364, - 364, 364, 364, 364, 364, 364, 364, 364, 364, 364, - 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, - 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, - 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, - 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, - 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, - 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, - 624, 625, 626, 627, 627, 628, 628, 628, 628, 628, - 628, 628, 628, 629, 630, 631, 632, 633, 634, 635, - 636, 637, 638, 638, 639, 639, 639, 639, 639, 639, - 639, 639, 639, 639, 639, 639, 639, 639, 639, 639, - 639, 639, 639, 640, 641, 642, 643, 644, 645, 646, - 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, - 657, 658, 659, 660, 660, 661, 662, 663, 664, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 672, 673, - 673, 673, 673, 673, 673, 673, 673, 673, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, 684, - 685, 685, 686, 686, 686, 686, 686, 686, 687, 688, - 689, 690, 691, 692, 693, 694, 695, 695, 696, 696, - 697, 698 + 0, 346, 347, 347, 348, 348, 348, 348, 348, 348, + 348, 348, 348, 348, 348, 348, 348, 348, 349, 350, + 351, 351, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 352, 352, 352, 352, 352, 352, 352, + 352, 352, 352, 353, 354, 354, 355, 355, 355, 355, + 355, 355, 355, 355, 356, 357, 357, 358, 358, 358, + 358, 358, 358, 358, 359, 360, 360, 361, 361, 361, + 361, 361, 361, 361, 362, 363, 363, 364, 364, 364, + 364, 364, 364, 364, 364, 364, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 372, 373, 373, 373, 373, + 373, 373, 373, 373, 373, 373, 373, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 641, 642, 642, 642, + 642, 642, 642, 642, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 652, 653, 653, 653, 653, + 653, 653, 653, 653, 653, 653, 653, 653, 653, 653, + 653, 653, 653, 653, 653, 654, 655, 656, 657, 658, + 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, + 669, 670, 671, 672, 673, 674, 674, 675, 676, 677, + 678, 678, 679, 680, 681, 682, 683, 684, 685, 686, + 686, 687, 687, 687, 687, 687, 687, 687, 687, 687, + 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, + 697, 698, 699, 699, 700, 700, 700, 700, 700, 700, + 700, 700, 701, 702, 703, 704, 705, 706, 707, 708, + 709, 710, 711, 712, 713, 713, 714, 714, 715, 716 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ @@ -2333,14 +2380,15 @@ static const yytype_int8 yyr2[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, + 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -2358,27 +2406,27 @@ static const yytype_int8 yyr2[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 3, 3, 4, 4, 4, - 3, 3, 4, 4, 3, 3, 2, 2, 2, 2, - 2, 2, 3, 3, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 3, 3, 4, 4, + 4, 3, 3, 4, 4, 3, 3, 2, 2, 2, + 2, 2, 2, 2, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 3, 3, 2, - 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, - 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, + 3, 2, 2, 2, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, + 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, + 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 1, 2, 0, 1, 2, 1, 2, 0, - 1, 2, 2, 2, 3, 3, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 2, 2, - 2, 2, 2, 2, 3, 1, 2, 0, 1, 1, - 2, 2 + 2, 2, 2, 2, 1, 2, 0, 1, 2, 1, + 2, 0, 1, 2, 2, 2, 3, 3, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, + 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, + 3, 2, 2, 1, 2, 0, 1, 1, 2, 2 }; @@ -2846,25 +2894,25 @@ yyreduce: switch (yyn) { case 18: /* force_toplevel: VAR_FORCE_TOPLEVEL */ -#line 209 "util/configparser.y" +#line 214 "util/configparser.y" { OUTYY(("\nP(force-toplevel)\n")); cfg_parser->started_toplevel = 0; } -#line 2855 "util/configparser.c" +#line 2903 "util/configparser.c" break; case 19: /* serverstart: VAR_SERVER */ -#line 216 "util/configparser.y" +#line 221 "util/configparser.y" { OUTYY(("\nP(server:)\n")); cfg_parser->started_toplevel = 1; } -#line 2864 "util/configparser.c" +#line 2912 "util/configparser.c" break; - case 256: /* stubstart: VAR_STUB_ZONE */ -#line 329 "util/configparser.y" + case 263: /* stubstart: VAR_STUB_ZONE */ +#line 338 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -2877,11 +2925,11 @@ yyreduce: yyerror("out of memory"); } } -#line 2881 "util/configparser.c" +#line 2929 "util/configparser.c" break; - case 267: /* forwardstart: VAR_FORWARD_ZONE */ -#line 348 "util/configparser.y" + case 274: /* forwardstart: VAR_FORWARD_ZONE */ +#line 357 "util/configparser.y" { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -2894,11 +2942,11 @@ yyreduce: yyerror("out of memory"); } } -#line 2898 "util/configparser.c" +#line 2946 "util/configparser.c" break; - case 277: /* viewstart: VAR_VIEW */ -#line 367 "util/configparser.y" + case 284: /* viewstart: VAR_VIEW */ +#line 376 "util/configparser.y" { struct config_view* s; OUTYY(("\nP(view:)\n")); @@ -2913,11 +2961,11 @@ yyreduce: yyerror("out of memory"); } } -#line 2917 "util/configparser.c" +#line 2965 "util/configparser.c" break; - case 287: /* authstart: VAR_AUTH_ZONE */ -#line 388 "util/configparser.y" + case 294: /* authstart: VAR_AUTH_ZONE */ +#line 397 "util/configparser.y" { struct config_auth* s; OUTYY(("\nP(auth_zone:)\n")); @@ -2937,11 +2985,11 @@ yyreduce: yyerror("out of memory"); } } -#line 2941 "util/configparser.c" +#line 2989 "util/configparser.c" break; - case 300: /* rpz_tag: VAR_TAGS STRING_ARG */ -#line 416 "util/configparser.y" + case 307: /* rpz_tag: VAR_TAGS STRING_ARG */ +#line 425 "util/configparser.y" { uint8_t* bitlist; size_t len = 0; @@ -2958,11 +3006,11 @@ yyreduce: } } -#line 2962 "util/configparser.c" +#line 3010 "util/configparser.c" break; - case 301: /* rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG */ -#line 435 "util/configparser.y" + case 308: /* rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG */ +#line 444 "util/configparser.y" { OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 && @@ -2977,21 +3025,21 @@ yyreduce: cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str); } } -#line 2981 "util/configparser.c" +#line 3029 "util/configparser.c" break; - case 302: /* rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG */ -#line 452 "util/configparser.y" + case 309: /* rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG */ +#line 461 "util/configparser.y" { OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_cname); cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str); } -#line 2991 "util/configparser.c" +#line 3039 "util/configparser.c" break; - case 303: /* rpz_log: VAR_RPZ_LOG STRING_ARG */ -#line 460 "util/configparser.y" + case 310: /* rpz_log: VAR_RPZ_LOG STRING_ARG */ +#line 469 "util/configparser.y" { OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2999,21 +3047,21 @@ yyreduce: else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3003 "util/configparser.c" +#line 3051 "util/configparser.c" break; - case 304: /* rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG */ -#line 470 "util/configparser.y" + case 311: /* rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG */ +#line 479 "util/configparser.y" { OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_log_name); cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str); } -#line 3013 "util/configparser.c" +#line 3061 "util/configparser.c" break; - case 305: /* rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG */ -#line 477 "util/configparser.y" + case 312: /* rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG */ +#line 486 "util/configparser.y" { OUTYY(("P(rpz_signal_nxdomain_ra:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3021,14 +3069,14 @@ yyreduce: else cfg_parser->cfg->auths->rpz_signal_nxdomain_ra = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3025 "util/configparser.c" +#line 3073 "util/configparser.c" break; - case 306: /* rpzstart: VAR_RPZ */ -#line 487 "util/configparser.y" + case 313: /* rpzstart: VAR_RPZ */ +#line 496 "util/configparser.y" { struct config_auth* s; - OUTYY(("\nP(rpz:)\n")); + OUTYY(("\nP(rpz:)\n")); cfg_parser->started_toplevel = 1; s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); if(s) { @@ -3043,11 +3091,11 @@ yyreduce: yyerror("out of memory"); } } -#line 3047 "util/configparser.c" +#line 3095 "util/configparser.c" break; - case 321: /* server_num_threads: VAR_NUM_THREADS STRING_ARG */ -#line 512 "util/configparser.y" + case 328: /* server_num_threads: VAR_NUM_THREADS STRING_ARG */ +#line 521 "util/configparser.y" { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3055,11 +3103,11 @@ yyreduce: else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3059 "util/configparser.c" +#line 3107 "util/configparser.c" break; - case 322: /* server_verbosity: VAR_VERBOSITY STRING_ARG */ -#line 521 "util/configparser.y" + case 329: /* server_verbosity: VAR_VERBOSITY STRING_ARG */ +#line 530 "util/configparser.y" { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3067,11 +3115,11 @@ yyreduce: else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3071 "util/configparser.c" +#line 3119 "util/configparser.c" break; - case 323: /* server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG */ -#line 530 "util/configparser.y" + case 330: /* server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG */ +#line 539 "util/configparser.y" { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -3081,11 +3129,11 @@ yyreduce: else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3085 "util/configparser.c" +#line 3133 "util/configparser.c" break; - case 324: /* server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG */ -#line 541 "util/configparser.y" + case 331: /* server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG */ +#line 550 "util/configparser.y" { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3093,11 +3141,11 @@ yyreduce: else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3097 "util/configparser.c" +#line 3145 "util/configparser.c" break; - case 325: /* server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG */ -#line 550 "util/configparser.y" + case 332: /* server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG */ +#line 559 "util/configparser.y" { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3105,11 +3153,11 @@ yyreduce: else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3109 "util/configparser.c" +#line 3157 "util/configparser.c" break; - case 326: /* server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG */ -#line 559 "util/configparser.y" + case 333: /* server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG */ +#line 568 "util/configparser.y" { OUTYY(("P(server_statistics_inhibit_zero:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3117,11 +3165,11 @@ yyreduce: else cfg_parser->cfg->stat_inhibit_zero = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3121 "util/configparser.c" +#line 3169 "util/configparser.c" break; - case 327: /* server_shm_enable: VAR_SHM_ENABLE STRING_ARG */ -#line 568 "util/configparser.y" + case 334: /* server_shm_enable: VAR_SHM_ENABLE STRING_ARG */ +#line 577 "util/configparser.y" { OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3129,11 +3177,11 @@ yyreduce: else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3133 "util/configparser.c" +#line 3181 "util/configparser.c" break; - case 328: /* server_shm_key: VAR_SHM_KEY STRING_ARG */ -#line 577 "util/configparser.y" + case 335: /* server_shm_key: VAR_SHM_KEY STRING_ARG */ +#line 586 "util/configparser.y" { OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -3143,11 +3191,11 @@ yyreduce: else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3147 "util/configparser.c" +#line 3195 "util/configparser.c" break; - case 329: /* server_port: VAR_PORT STRING_ARG */ -#line 588 "util/configparser.y" + case 336: /* server_port: VAR_PORT STRING_ARG */ +#line 597 "util/configparser.y" { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3155,11 +3203,11 @@ yyreduce: else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3159 "util/configparser.c" +#line 3207 "util/configparser.c" break; - case 330: /* server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG */ -#line 597 "util/configparser.y" + case 337: /* server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG */ +#line 606 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); @@ -3170,11 +3218,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 3174 "util/configparser.c" +#line 3222 "util/configparser.c" break; - case 331: /* server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG */ -#line 609 "util/configparser.y" + case 338: /* server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG */ +#line 618 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -3186,11 +3234,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 3190 "util/configparser.c" +#line 3238 "util/configparser.c" break; - case 332: /* server_client_subnet_always_forward: VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG */ -#line 623 "util/configparser.y" + case 339: /* server_client_subnet_always_forward: VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG */ +#line 632 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -3204,11 +3252,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3208 "util/configparser.c" +#line 3256 "util/configparser.c" break; - case 333: /* server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG */ -#line 638 "util/configparser.y" + case 340: /* server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG */ +#line 647 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -3218,11 +3266,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3222 "util/configparser.c" +#line 3270 "util/configparser.c" break; - case 334: /* server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG */ -#line 649 "util/configparser.y" + case 341: /* server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG */ +#line 658 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3238,11 +3286,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3242 "util/configparser.c" +#line 3290 "util/configparser.c" break; - case 335: /* server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG */ -#line 666 "util/configparser.y" + case 342: /* server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG */ +#line 675 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3258,11 +3306,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3262 "util/configparser.c" +#line 3310 "util/configparser.c" break; - case 336: /* server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG */ -#line 683 "util/configparser.y" + case 343: /* server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG */ +#line 692 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3278,11 +3326,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3282 "util/configparser.c" +#line 3330 "util/configparser.c" break; - case 337: /* server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG */ -#line 700 "util/configparser.y" + case 344: /* server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG */ +#line 709 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3298,11 +3346,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3302 "util/configparser.c" +#line 3350 "util/configparser.c" break; - case 338: /* server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG */ -#line 717 "util/configparser.y" + case 345: /* server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG */ +#line 726 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); @@ -3316,11 +3364,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3320 "util/configparser.c" +#line 3368 "util/configparser.c" break; - case 339: /* server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG */ -#line 732 "util/configparser.y" + case 346: /* server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG */ +#line 741 "util/configparser.y" { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); @@ -3334,11 +3382,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3338 "util/configparser.c" +#line 3386 "util/configparser.c" break; - case 340: /* server_interface: VAR_INTERFACE STRING_ARG */ -#line 747 "util/configparser.y" + case 347: /* server_interface: VAR_INTERFACE STRING_ARG */ +#line 756 "util/configparser.y" { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -3350,11 +3398,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 3354 "util/configparser.c" +#line 3402 "util/configparser.c" break; - case 341: /* server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG */ -#line 760 "util/configparser.y" + case 348: /* server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG */ +#line 769 "util/configparser.y" { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -3368,11 +3416,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 3372 "util/configparser.c" +#line 3420 "util/configparser.c" break; - case 342: /* server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG */ -#line 775 "util/configparser.y" + case 349: /* server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG */ +#line 784 "util/configparser.y" { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3380,11 +3428,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3384 "util/configparser.c" +#line 3432 "util/configparser.c" break; - case 343: /* server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG */ -#line 784 "util/configparser.y" + case 350: /* server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG */ +#line 793 "util/configparser.y" { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -3392,11 +3440,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3396 "util/configparser.c" +#line 3444 "util/configparser.c" break; - case 344: /* server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG */ -#line 793 "util/configparser.y" + case 351: /* server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG */ +#line 802 "util/configparser.y" { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -3404,11 +3452,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3408 "util/configparser.c" +#line 3456 "util/configparser.c" break; - case 345: /* server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG */ -#line 802 "util/configparser.y" + case 352: /* server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG */ +#line 811 "util/configparser.y" { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3416,11 +3464,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3420 "util/configparser.c" +#line 3468 "util/configparser.c" break; - case 346: /* server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG */ -#line 811 "util/configparser.y" + case 353: /* server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG */ +#line 820 "util/configparser.y" { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3428,11 +3476,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3432 "util/configparser.c" +#line 3480 "util/configparser.c" break; - case 347: /* server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG */ -#line 820 "util/configparser.y" + case 354: /* server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG */ +#line 829 "util/configparser.y" { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3440,21 +3488,21 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3444 "util/configparser.c" +#line 3492 "util/configparser.c" break; - case 348: /* server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG */ -#line 829 "util/configparser.y" + case 355: /* server_interface_automatic_ports: VAR_INTERFACE_AUTOMATIC_PORTS STRING_ARG */ +#line 838 "util/configparser.y" { OUTYY(("P(server_interface_automatic_ports:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->if_automatic_ports); cfg_parser->cfg->if_automatic_ports = (yyvsp[0].str); } -#line 3454 "util/configparser.c" +#line 3502 "util/configparser.c" break; - case 349: /* server_do_ip4: VAR_DO_IP4 STRING_ARG */ -#line 836 "util/configparser.y" + case 356: /* server_do_ip4: VAR_DO_IP4 STRING_ARG */ +#line 845 "util/configparser.y" { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3462,11 +3510,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3466 "util/configparser.c" +#line 3514 "util/configparser.c" break; - case 350: /* server_do_ip6: VAR_DO_IP6 STRING_ARG */ -#line 845 "util/configparser.y" + case 357: /* server_do_ip6: VAR_DO_IP6 STRING_ARG */ +#line 854 "util/configparser.y" { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3474,11 +3522,23 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3478 "util/configparser.c" +#line 3526 "util/configparser.c" break; - case 351: /* server_do_udp: VAR_DO_UDP STRING_ARG */ -#line 854 "util/configparser.y" + case 358: /* server_do_nat64: VAR_DO_NAT64 STRING_ARG */ +#line 863 "util/configparser.y" + { + OUTYY(("P(server_do_nat64:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_nat64 = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3538 "util/configparser.c" + break; + + case 359: /* server_do_udp: VAR_DO_UDP STRING_ARG */ +#line 872 "util/configparser.y" { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3486,11 +3546,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3490 "util/configparser.c" +#line 3550 "util/configparser.c" break; - case 352: /* server_do_tcp: VAR_DO_TCP STRING_ARG */ -#line 863 "util/configparser.y" + case 360: /* server_do_tcp: VAR_DO_TCP STRING_ARG */ +#line 881 "util/configparser.y" { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3498,11 +3558,11 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3502 "util/configparser.c" +#line 3562 "util/configparser.c" break; - case 353: /* server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG */ -#line 872 "util/configparser.y" + case 361: /* server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG */ +#line 890 "util/configparser.y" { OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3510,11 +3570,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3514 "util/configparser.c" +#line 3574 "util/configparser.c" break; - case 354: /* server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG */ -#line 881 "util/configparser.y" + case 362: /* server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG */ +#line 899 "util/configparser.y" { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3522,11 +3582,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3526 "util/configparser.c" +#line 3586 "util/configparser.c" break; - case 355: /* server_tcp_mss: VAR_TCP_MSS STRING_ARG */ -#line 890 "util/configparser.y" + case 363: /* server_tcp_mss: VAR_TCP_MSS STRING_ARG */ +#line 908 "util/configparser.y" { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3534,11 +3594,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3538 "util/configparser.c" +#line 3598 "util/configparser.c" break; - case 356: /* server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG */ -#line 899 "util/configparser.y" + case 364: /* server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG */ +#line 917 "util/configparser.y" { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3546,11 +3606,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3550 "util/configparser.c" +#line 3610 "util/configparser.c" break; - case 357: /* server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG */ -#line 908 "util/configparser.y" + case 365: /* server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG */ +#line 926 "util/configparser.y" { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3562,11 +3622,11 @@ yyreduce: else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3566 "util/configparser.c" +#line 3626 "util/configparser.c" break; - case 358: /* server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG */ -#line 921 "util/configparser.y" + case 366: /* server_max_reuse_tcp_queries: VAR_MAX_REUSE_TCP_QUERIES STRING_ARG */ +#line 939 "util/configparser.y" { OUTYY(("P(server_max_reuse_tcp_queries:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3576,11 +3636,11 @@ yyreduce: else cfg_parser->cfg->max_reuse_tcp_queries = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3580 "util/configparser.c" +#line 3640 "util/configparser.c" break; - case 359: /* server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG */ -#line 932 "util/configparser.y" + case 367: /* server_tcp_reuse_timeout: VAR_TCP_REUSE_TIMEOUT STRING_ARG */ +#line 950 "util/configparser.y" { OUTYY(("P(server_tcp_reuse_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3590,11 +3650,11 @@ yyreduce: else cfg_parser->cfg->tcp_reuse_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3594 "util/configparser.c" +#line 3654 "util/configparser.c" break; - case 360: /* server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG */ -#line 943 "util/configparser.y" + case 368: /* server_tcp_auth_query_timeout: VAR_TCP_AUTH_QUERY_TIMEOUT STRING_ARG */ +#line 961 "util/configparser.y" { OUTYY(("P(server_tcp_auth_query_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3604,11 +3664,11 @@ yyreduce: else cfg_parser->cfg->tcp_auth_query_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3608 "util/configparser.c" +#line 3668 "util/configparser.c" break; - case 361: /* server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG */ -#line 954 "util/configparser.y" + case 369: /* server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG */ +#line 972 "util/configparser.y" { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3616,11 +3676,11 @@ yyreduce: else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3620 "util/configparser.c" +#line 3680 "util/configparser.c" break; - case 362: /* server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG */ -#line 963 "util/configparser.y" + case 370: /* server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG */ +#line 981 "util/configparser.y" { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3632,11 +3692,27 @@ yyreduce: else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3636 "util/configparser.c" +#line 3696 "util/configparser.c" break; - case 363: /* server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG */ -#line 976 "util/configparser.y" + case 371: /* server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG */ +#line 994 "util/configparser.y" + { + OUTYY(("P(server_sock_queue_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) > 6553500) + cfg_parser->cfg->sock_queue_timeout = 6553500; + else if (atoi((yyvsp[0].str)) < 1) + cfg_parser->cfg->sock_queue_timeout = 0; + else cfg_parser->cfg->sock_queue_timeout = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3712 "util/configparser.c" + break; + + case 372: /* server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG */ +#line 1007 "util/configparser.y" { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3644,11 +3720,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3648 "util/configparser.c" +#line 3724 "util/configparser.c" break; - case 364: /* server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG */ -#line 985 "util/configparser.y" + case 373: /* server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG */ +#line 1016 "util/configparser.y" { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3656,11 +3732,11 @@ yyreduce: else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3660 "util/configparser.c" +#line 3736 "util/configparser.c" break; - case 365: /* server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG */ -#line 994 "util/configparser.y" + case 374: /* server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG */ +#line 1025 "util/configparser.y" { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3668,31 +3744,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3672 "util/configparser.c" +#line 3748 "util/configparser.c" break; - case 366: /* server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG */ -#line 1003 "util/configparser.y" + case 375: /* server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG */ +#line 1034 "util/configparser.y" { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 3682 "util/configparser.c" +#line 3758 "util/configparser.c" break; - case 367: /* server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG */ -#line 1010 "util/configparser.y" + case 376: /* server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG */ +#line 1041 "util/configparser.y" { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 3692 "util/configparser.c" +#line 3768 "util/configparser.c" break; - case 368: /* server_ssl_port: VAR_SSL_PORT STRING_ARG */ -#line 1017 "util/configparser.y" + case 377: /* server_ssl_port: VAR_SSL_PORT STRING_ARG */ +#line 1048 "util/configparser.y" { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3700,21 +3776,21 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3704 "util/configparser.c" +#line 3780 "util/configparser.c" break; - case 369: /* server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG */ -#line 1026 "util/configparser.y" + case 378: /* server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG */ +#line 1057 "util/configparser.y" { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 3714 "util/configparser.c" +#line 3790 "util/configparser.c" break; - case 370: /* server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG */ -#line 1033 "util/configparser.y" + case 379: /* server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG */ +#line 1064 "util/configparser.y" { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3722,53 +3798,53 @@ yyreduce: else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3726 "util/configparser.c" +#line 3802 "util/configparser.c" break; - case 371: /* server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG */ -#line 1042 "util/configparser.y" + case 380: /* server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG */ +#line 1073 "util/configparser.y" { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3737 "util/configparser.c" +#line 3813 "util/configparser.c" break; - case 372: /* server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG */ -#line 1050 "util/configparser.y" + case 381: /* server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG */ +#line 1081 "util/configparser.y" { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 3747 "util/configparser.c" +#line 3823 "util/configparser.c" break; - case 373: /* server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG */ -#line 1057 "util/configparser.y" + case 382: /* server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG */ +#line 1088 "util/configparser.y" { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 3757 "util/configparser.c" +#line 3833 "util/configparser.c" break; - case 374: /* server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG */ -#line 1064 "util/configparser.y" + case 383: /* server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG */ +#line 1095 "util/configparser.y" { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3768 "util/configparser.c" +#line 3844 "util/configparser.c" break; - case 375: /* server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG */ -#line 1072 "util/configparser.y" + case 384: /* server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG */ +#line 1103 "util/configparser.y" { OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3776,11 +3852,11 @@ yyreduce: else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3780 "util/configparser.c" +#line 3856 "util/configparser.c" break; - case 376: /* server_https_port: VAR_HTTPS_PORT STRING_ARG */ -#line 1081 "util/configparser.y" + case 385: /* server_https_port: VAR_HTTPS_PORT STRING_ARG */ +#line 1112 "util/configparser.y" { OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3788,11 +3864,11 @@ yyreduce: else cfg_parser->cfg->https_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3792 "util/configparser.c" +#line 3868 "util/configparser.c" break; - case 377: /* server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG */ -#line 1089 "util/configparser.y" + case 386: /* server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG */ +#line 1120 "util/configparser.y" { OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->http_endpoint); @@ -3808,11 +3884,11 @@ yyreduce: cfg_parser->cfg->http_endpoint = (yyvsp[0].str); } } -#line 3812 "util/configparser.c" +#line 3888 "util/configparser.c" break; - case 378: /* server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG */ -#line 1105 "util/configparser.y" + case 387: /* server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG */ +#line 1136 "util/configparser.y" { OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3820,11 +3896,11 @@ yyreduce: else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3824 "util/configparser.c" +#line 3900 "util/configparser.c" break; - case 379: /* server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG */ -#line 1113 "util/configparser.y" + case 388: /* server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG */ +#line 1144 "util/configparser.y" { OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), @@ -3832,11 +3908,11 @@ yyreduce: yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3836 "util/configparser.c" +#line 3912 "util/configparser.c" break; - case 380: /* server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG */ -#line 1121 "util/configparser.y" + case 389: /* server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG */ +#line 1152 "util/configparser.y" { OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), @@ -3844,11 +3920,11 @@ yyreduce: yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3848 "util/configparser.c" +#line 3924 "util/configparser.c" break; - case 381: /* server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG */ -#line 1129 "util/configparser.y" + case 390: /* server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG */ +#line 1160 "util/configparser.y" { OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3856,11 +3932,11 @@ yyreduce: else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3860 "util/configparser.c" +#line 3936 "util/configparser.c" break; - case 382: /* server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG */ -#line 1137 "util/configparser.y" + case 391: /* server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG */ +#line 1168 "util/configparser.y" { OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3868,11 +3944,11 @@ yyreduce: else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3872 "util/configparser.c" +#line 3948 "util/configparser.c" break; - case 383: /* server_use_systemd: VAR_USE_SYSTEMD STRING_ARG */ -#line 1145 "util/configparser.y" + case 392: /* server_use_systemd: VAR_USE_SYSTEMD STRING_ARG */ +#line 1176 "util/configparser.y" { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3880,11 +3956,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3884 "util/configparser.c" +#line 3960 "util/configparser.c" break; - case 384: /* server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG */ -#line 1154 "util/configparser.y" + case 393: /* server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG */ +#line 1185 "util/configparser.y" { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3892,11 +3968,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3896 "util/configparser.c" +#line 3972 "util/configparser.c" break; - case 385: /* server_use_syslog: VAR_USE_SYSLOG STRING_ARG */ -#line 1163 "util/configparser.y" + case 394: /* server_use_syslog: VAR_USE_SYSLOG STRING_ARG */ +#line 1194 "util/configparser.y" { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3909,11 +3985,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3913 "util/configparser.c" +#line 3989 "util/configparser.c" break; - case 386: /* server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG */ -#line 1177 "util/configparser.y" + case 395: /* server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG */ +#line 1208 "util/configparser.y" { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3921,11 +3997,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3925 "util/configparser.c" +#line 4001 "util/configparser.c" break; - case 387: /* server_log_queries: VAR_LOG_QUERIES STRING_ARG */ -#line 1186 "util/configparser.y" + case 396: /* server_log_queries: VAR_LOG_QUERIES STRING_ARG */ +#line 1217 "util/configparser.y" { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3933,11 +4009,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3937 "util/configparser.c" +#line 4013 "util/configparser.c" break; - case 388: /* server_log_replies: VAR_LOG_REPLIES STRING_ARG */ -#line 1195 "util/configparser.y" + case 397: /* server_log_replies: VAR_LOG_REPLIES STRING_ARG */ +#line 1226 "util/configparser.y" { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3945,11 +4021,11 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3949 "util/configparser.c" +#line 4025 "util/configparser.c" break; - case 389: /* server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG */ -#line 1204 "util/configparser.y" + case 398: /* server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG */ +#line 1235 "util/configparser.y" { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3957,11 +4033,11 @@ yyreduce: else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3961 "util/configparser.c" +#line 4037 "util/configparser.c" break; - case 390: /* server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG */ -#line 1213 "util/configparser.y" + case 399: /* server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG */ +#line 1244 "util/configparser.y" { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3969,11 +4045,11 @@ yyreduce: else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3973 "util/configparser.c" +#line 4049 "util/configparser.c" break; - case 391: /* server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG */ -#line 1222 "util/configparser.y" + case 400: /* server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG */ +#line 1253 "util/configparser.y" { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3981,31 +4057,31 @@ yyreduce: else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3985 "util/configparser.c" +#line 4061 "util/configparser.c" break; - case 392: /* server_chroot: VAR_CHROOT STRING_ARG */ -#line 1231 "util/configparser.y" + case 401: /* server_chroot: VAR_CHROOT STRING_ARG */ +#line 1262 "util/configparser.y" { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 3995 "util/configparser.c" +#line 4071 "util/configparser.c" break; - case 393: /* server_username: VAR_USERNAME STRING_ARG */ -#line 1238 "util/configparser.y" + case 402: /* server_username: VAR_USERNAME STRING_ARG */ +#line 1269 "util/configparser.y" { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 4005 "util/configparser.c" +#line 4081 "util/configparser.c" break; - case 394: /* server_directory: VAR_DIRECTORY STRING_ARG */ -#line 1245 "util/configparser.y" + case 403: /* server_directory: VAR_DIRECTORY STRING_ARG */ +#line 1276 "util/configparser.y" { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -4030,105 +4106,105 @@ yyreduce: } } } -#line 4034 "util/configparser.c" +#line 4110 "util/configparser.c" break; - case 395: /* server_logfile: VAR_LOGFILE STRING_ARG */ -#line 1271 "util/configparser.y" + case 404: /* server_logfile: VAR_LOGFILE STRING_ARG */ +#line 1302 "util/configparser.y" { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 4045 "util/configparser.c" +#line 4121 "util/configparser.c" break; - case 396: /* server_pidfile: VAR_PIDFILE STRING_ARG */ -#line 1279 "util/configparser.y" + case 405: /* server_pidfile: VAR_PIDFILE STRING_ARG */ +#line 1310 "util/configparser.y" { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 4055 "util/configparser.c" +#line 4131 "util/configparser.c" break; - case 397: /* server_root_hints: VAR_ROOT_HINTS STRING_ARG */ -#line 1286 "util/configparser.y" + case 406: /* server_root_hints: VAR_ROOT_HINTS STRING_ARG */ +#line 1317 "util/configparser.y" { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4065 "util/configparser.c" +#line 4141 "util/configparser.c" break; - case 398: /* server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG */ -#line 1293 "util/configparser.y" + case 407: /* server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG */ +#line 1324 "util/configparser.y" { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); free((yyvsp[0].str)); } -#line 4075 "util/configparser.c" +#line 4151 "util/configparser.c" break; - case 399: /* server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG */ -#line 1300 "util/configparser.y" + case 408: /* server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG */ +#line 1331 "util/configparser.y" { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); log_warn("option dlv-anchor ignored: DLV is decommissioned"); free((yyvsp[0].str)); } -#line 4085 "util/configparser.c" +#line 4161 "util/configparser.c" break; - case 400: /* server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG */ -#line 1307 "util/configparser.y" + case 409: /* server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG */ +#line 1338 "util/configparser.y" { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4096 "util/configparser.c" +#line 4172 "util/configparser.c" break; - case 401: /* server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG */ -#line 1315 "util/configparser.y" + case 410: /* server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG */ +#line 1346 "util/configparser.y" { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4107 "util/configparser.c" +#line 4183 "util/configparser.c" break; - case 402: /* server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG */ -#line 1323 "util/configparser.y" + case 411: /* server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG */ +#line 1354 "util/configparser.y" { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4118 "util/configparser.c" +#line 4194 "util/configparser.c" break; - case 403: /* server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG */ -#line 1331 "util/configparser.y" + case 412: /* server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG */ +#line 1362 "util/configparser.y" { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4128 "util/configparser.c" +#line 4204 "util/configparser.c" break; - case 404: /* server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG */ -#line 1338 "util/configparser.y" + case 413: /* server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG */ +#line 1369 "util/configparser.y" { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4138,11 +4214,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4142 "util/configparser.c" +#line 4218 "util/configparser.c" break; - case 405: /* server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG */ -#line 1349 "util/configparser.y" + case 414: /* server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG */ +#line 1380 "util/configparser.y" { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4152,21 +4228,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4156 "util/configparser.c" +#line 4232 "util/configparser.c" break; - case 406: /* server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG */ -#line 1360 "util/configparser.y" + case 415: /* server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG */ +#line 1391 "util/configparser.y" { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4166 "util/configparser.c" +#line 4242 "util/configparser.c" break; - case 407: /* server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG */ -#line 1367 "util/configparser.y" + case 416: /* server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG */ +#line 1398 "util/configparser.y" { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4174,11 +4250,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4178 "util/configparser.c" +#line 4254 "util/configparser.c" break; - case 408: /* server_hide_version: VAR_HIDE_VERSION STRING_ARG */ -#line 1376 "util/configparser.y" + case 417: /* server_hide_version: VAR_HIDE_VERSION STRING_ARG */ +#line 1407 "util/configparser.y" { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4186,11 +4262,11 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4190 "util/configparser.c" +#line 4266 "util/configparser.c" break; - case 409: /* server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG */ -#line 1385 "util/configparser.y" + case 418: /* server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG */ +#line 1416 "util/configparser.y" { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4198,11 +4274,11 @@ yyreduce: else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4202 "util/configparser.c" +#line 4278 "util/configparser.c" break; - case 410: /* server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG */ -#line 1394 "util/configparser.y" + case 419: /* server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG */ +#line 1425 "util/configparser.y" { OUTYY(("P(server_hide_user_agent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4210,41 +4286,41 @@ yyreduce: else cfg_parser->cfg->hide_http_user_agent = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4214 "util/configparser.c" +#line 4290 "util/configparser.c" break; - case 411: /* server_identity: VAR_IDENTITY STRING_ARG */ -#line 1403 "util/configparser.y" + case 420: /* server_identity: VAR_IDENTITY STRING_ARG */ +#line 1434 "util/configparser.y" { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 4224 "util/configparser.c" +#line 4300 "util/configparser.c" break; - case 412: /* server_version: VAR_VERSION STRING_ARG */ -#line 1410 "util/configparser.y" + case 421: /* server_version: VAR_VERSION STRING_ARG */ +#line 1441 "util/configparser.y" { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 4234 "util/configparser.c" +#line 4310 "util/configparser.c" break; - case 413: /* server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG */ -#line 1417 "util/configparser.y" + case 422: /* server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG */ +#line 1448 "util/configparser.y" { OUTYY(("P(server_http_user_agent:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->http_user_agent); cfg_parser->cfg->http_user_agent = (yyvsp[0].str); } -#line 4244 "util/configparser.c" +#line 4320 "util/configparser.c" break; - case 414: /* server_nsid: VAR_NSID STRING_ARG */ -#line 1424 "util/configparser.y" + case 423: /* server_nsid: VAR_NSID STRING_ARG */ +#line 1455 "util/configparser.y" { OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->nsid_cfg_str); @@ -4259,33 +4335,33 @@ yyreduce: yyerror("the NSID must be either a hex string or an " "ascii character string prepended with ascii_."); } -#line 4263 "util/configparser.c" +#line 4339 "util/configparser.c" break; - case 415: /* server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG */ -#line 1440 "util/configparser.y" + case 424: /* server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG */ +#line 1471 "util/configparser.y" { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 4274 "util/configparser.c" +#line 4350 "util/configparser.c" break; - case 416: /* server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG */ -#line 1448 "util/configparser.y" + case 425: /* server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG */ +#line 1479 "util/configparser.y" { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 4285 "util/configparser.c" +#line 4361 "util/configparser.c" break; - case 417: /* server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG */ -#line 1456 "util/configparser.y" + case 426: /* server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG */ +#line 1487 "util/configparser.y" { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4294,11 +4370,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4298 "util/configparser.c" +#line 4374 "util/configparser.c" break; - case 418: /* server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG */ -#line 1466 "util/configparser.y" + case 427: /* server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG */ +#line 1497 "util/configparser.y" { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4307,11 +4383,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4311 "util/configparser.c" +#line 4387 "util/configparser.c" break; - case 419: /* server_ip_freebind: VAR_IP_FREEBIND STRING_ARG */ -#line 1476 "util/configparser.y" + case 428: /* server_ip_freebind: VAR_IP_FREEBIND STRING_ARG */ +#line 1507 "util/configparser.y" { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4320,11 +4396,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4324 "util/configparser.c" +#line 4400 "util/configparser.c" break; - case 420: /* server_ip_dscp: VAR_IP_DSCP STRING_ARG */ -#line 1486 "util/configparser.y" + case 429: /* server_ip_dscp: VAR_IP_DSCP STRING_ARG */ +#line 1517 "util/configparser.y" { OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4337,22 +4413,22 @@ yyreduce: cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4341 "util/configparser.c" +#line 4417 "util/configparser.c" break; - case 421: /* server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG */ -#line 1500 "util/configparser.y" + case 430: /* server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG */ +#line 1531 "util/configparser.y" { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4352 "util/configparser.c" +#line 4428 "util/configparser.c" break; - case 422: /* server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG */ -#line 1508 "util/configparser.y" + case 431: /* server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG */ +#line 1539 "util/configparser.y" { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4364,11 +4440,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4368 "util/configparser.c" +#line 4444 "util/configparser.c" break; - case 423: /* server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG */ -#line 1521 "util/configparser.y" + case 432: /* server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG */ +#line 1552 "util/configparser.y" { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4378,22 +4454,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4382 "util/configparser.c" +#line 4458 "util/configparser.c" break; - case 424: /* server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG */ -#line 1532 "util/configparser.y" + case 433: /* server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG */ +#line 1563 "util/configparser.y" { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4393 "util/configparser.c" +#line 4469 "util/configparser.c" break; - case 425: /* server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG */ -#line 1540 "util/configparser.y" + case 434: /* server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG */ +#line 1571 "util/configparser.y" { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -4405,11 +4481,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4409 "util/configparser.c" +#line 4485 "util/configparser.c" break; - case 426: /* server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG */ -#line 1553 "util/configparser.y" + case 435: /* server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG */ +#line 1584 "util/configparser.y" { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4417,11 +4493,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4421 "util/configparser.c" +#line 4497 "util/configparser.c" break; - case 427: /* server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG */ -#line 1562 "util/configparser.y" + case 436: /* server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG */ +#line 1593 "util/configparser.y" { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4429,11 +4505,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4433 "util/configparser.c" +#line 4509 "util/configparser.c" break; - case 428: /* server_delay_close: VAR_DELAY_CLOSE STRING_ARG */ -#line 1571 "util/configparser.y" + case 437: /* server_delay_close: VAR_DELAY_CLOSE STRING_ARG */ +#line 1602 "util/configparser.y" { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4441,11 +4517,11 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4445 "util/configparser.c" +#line 4521 "util/configparser.c" break; - case 429: /* server_udp_connect: VAR_UDP_CONNECT STRING_ARG */ -#line 1580 "util/configparser.y" + case 438: /* server_udp_connect: VAR_UDP_CONNECT STRING_ARG */ +#line 1611 "util/configparser.y" { OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4453,11 +4529,11 @@ yyreduce: else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4457 "util/configparser.c" +#line 4533 "util/configparser.c" break; - case 430: /* server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG */ -#line 1589 "util/configparser.y" + case 439: /* server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG */ +#line 1620 "util/configparser.y" { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4466,11 +4542,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4470 "util/configparser.c" +#line 4546 "util/configparser.c" break; - case 431: /* server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG */ -#line 1599 "util/configparser.y" + case 440: /* server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG */ +#line 1630 "util/configparser.y" { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4479,22 +4555,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4483 "util/configparser.c" +#line 4559 "util/configparser.c" break; - case 432: /* server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG */ -#line 1609 "util/configparser.y" + case 441: /* server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG */ +#line 1640 "util/configparser.y" { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4494 "util/configparser.c" +#line 4570 "util/configparser.c" break; - case 433: /* server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG */ -#line 1617 "util/configparser.y" + case 442: /* server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG */ +#line 1648 "util/configparser.y" { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -4506,11 +4582,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4510 "util/configparser.c" +#line 4586 "util/configparser.c" break; - case 434: /* server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG */ -#line 1630 "util/configparser.y" + case 443: /* server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG */ +#line 1661 "util/configparser.y" { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4518,22 +4594,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4522 "util/configparser.c" +#line 4598 "util/configparser.c" break; - case 435: /* server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG */ -#line 1639 "util/configparser.y" + case 444: /* server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG */ +#line 1670 "util/configparser.y" { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4533 "util/configparser.c" +#line 4609 "util/configparser.c" break; - case 436: /* server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG */ -#line 1647 "util/configparser.y" + case 445: /* server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG */ +#line 1678 "util/configparser.y" { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4541,22 +4617,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4545 "util/configparser.c" +#line 4621 "util/configparser.c" break; - case 437: /* server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG */ -#line 1656 "util/configparser.y" + case 446: /* server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG */ +#line 1687 "util/configparser.y" { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4556 "util/configparser.c" +#line 4632 "util/configparser.c" break; - case 438: /* server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG */ -#line 1664 "util/configparser.y" + case 447: /* server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG */ +#line 1695 "util/configparser.y" { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -4568,11 +4644,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4572 "util/configparser.c" +#line 4648 "util/configparser.c" break; - case 439: /* server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG */ -#line 1677 "util/configparser.y" + case 448: /* server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG */ +#line 1708 "util/configparser.y" { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4580,11 +4656,11 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4584 "util/configparser.c" +#line 4660 "util/configparser.c" break; - case 440: /* server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG */ -#line 1686 "util/configparser.y" + case 449: /* server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG */ +#line 1717 "util/configparser.y" { OUTYY(("P(server_infra_cache_max_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4592,11 +4668,11 @@ yyreduce: else cfg_parser->cfg->infra_cache_max_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4596 "util/configparser.c" +#line 4672 "util/configparser.c" break; - case 441: /* server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG */ -#line 1695 "util/configparser.y" + case 450: /* server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG */ +#line 1726 "util/configparser.y" { OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4605,21 +4681,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4609 "util/configparser.c" +#line 4685 "util/configparser.c" break; - case 442: /* server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG */ -#line 1705 "util/configparser.y" + case 451: /* server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG */ +#line 1736 "util/configparser.y" { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 4619 "util/configparser.c" +#line 4695 "util/configparser.c" break; - case 443: /* server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG */ -#line 1712 "util/configparser.y" + case 452: /* server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG */ +#line 1743 "util/configparser.y" { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4628,11 +4704,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4632 "util/configparser.c" +#line 4708 "util/configparser.c" break; - case 444: /* server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG */ -#line 1722 "util/configparser.y" + case 453: /* server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG */ +#line 1753 "util/configparser.y" { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4641,11 +4717,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4645 "util/configparser.c" +#line 4721 "util/configparser.c" break; - case 445: /* server_harden_glue: VAR_HARDEN_GLUE STRING_ARG */ -#line 1732 "util/configparser.y" + case 454: /* server_harden_glue: VAR_HARDEN_GLUE STRING_ARG */ +#line 1763 "util/configparser.y" { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4654,11 +4730,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4658 "util/configparser.c" +#line 4734 "util/configparser.c" break; - case 446: /* server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG */ -#line 1742 "util/configparser.y" + case 455: /* server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG */ +#line 1773 "util/configparser.y" { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4667,11 +4743,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4671 "util/configparser.c" +#line 4747 "util/configparser.c" break; - case 447: /* server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG */ -#line 1752 "util/configparser.y" + case 456: /* server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG */ +#line 1783 "util/configparser.y" { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4680,11 +4756,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4684 "util/configparser.c" +#line 4760 "util/configparser.c" break; - case 448: /* server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG */ -#line 1762 "util/configparser.y" + case 457: /* server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG */ +#line 1793 "util/configparser.y" { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4693,11 +4769,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4697 "util/configparser.c" +#line 4773 "util/configparser.c" break; - case 449: /* server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG */ -#line 1772 "util/configparser.y" + case 458: /* server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG */ +#line 1803 "util/configparser.y" { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4706,11 +4782,24 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4710 "util/configparser.c" +#line 4786 "util/configparser.c" + break; + + case 459: /* server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG */ +#line 1813 "util/configparser.y" + { + OUTYY(("P(server_harden_unknown_additional:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_unknown_additional = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4799 "util/configparser.c" break; - case 450: /* server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG */ -#line 1782 "util/configparser.y" + case 460: /* server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG */ +#line 1823 "util/configparser.y" { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4719,41 +4808,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4723 "util/configparser.c" +#line 4812 "util/configparser.c" break; - case 451: /* server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG */ -#line 1792 "util/configparser.y" + case 461: /* server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG */ +#line 1833 "util/configparser.y" { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4733 "util/configparser.c" +#line 4822 "util/configparser.c" break; - case 452: /* server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG */ -#line 1799 "util/configparser.y" + case 462: /* server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG */ +#line 1840 "util/configparser.y" { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4743 "util/configparser.c" +#line 4832 "util/configparser.c" break; - case 453: /* server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG */ -#line 1806 "util/configparser.y" + case 463: /* server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG */ +#line 1847 "util/configparser.y" { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4753 "util/configparser.c" +#line 4842 "util/configparser.c" break; - case 454: /* server_prefetch: VAR_PREFETCH STRING_ARG */ -#line 1813 "util/configparser.y" + case 464: /* server_prefetch: VAR_PREFETCH STRING_ARG */ +#line 1854 "util/configparser.y" { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4761,11 +4850,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4765 "util/configparser.c" +#line 4854 "util/configparser.c" break; - case 455: /* server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG */ -#line 1822 "util/configparser.y" + case 465: /* server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG */ +#line 1863 "util/configparser.y" { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4773,11 +4862,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4777 "util/configparser.c" +#line 4866 "util/configparser.c" break; - case 456: /* server_deny_any: VAR_DENY_ANY STRING_ARG */ -#line 1831 "util/configparser.y" + case 466: /* server_deny_any: VAR_DENY_ANY STRING_ARG */ +#line 1872 "util/configparser.y" { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4785,11 +4874,11 @@ yyreduce: else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4789 "util/configparser.c" +#line 4878 "util/configparser.c" break; - case 457: /* server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG */ -#line 1840 "util/configparser.y" + case 467: /* server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG */ +#line 1881 "util/configparser.y" { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4797,21 +4886,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4801 "util/configparser.c" +#line 4890 "util/configparser.c" break; - case 458: /* server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG */ -#line 1849 "util/configparser.y" + case 468: /* server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG */ +#line 1890 "util/configparser.y" { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4811 "util/configparser.c" +#line 4900 "util/configparser.c" break; - case 459: /* server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG */ -#line 1856 "util/configparser.y" + case 469: /* server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG */ +#line 1897 "util/configparser.y" { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4820,22 +4909,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4824 "util/configparser.c" +#line 4913 "util/configparser.c" break; - case 460: /* server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG */ -#line 1866 "util/configparser.y" + case 470: /* server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG */ +#line 1907 "util/configparser.y" { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_acl_action((yyvsp[0].str)); if(!cfg_str2list_insert(&cfg_parser->cfg->acls, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding acl"); } -#line 4835 "util/configparser.c" +#line 4924 "util/configparser.c" break; - case 461: /* server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG */ -#line 1874 "util/configparser.y" + case 471: /* server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG */ +#line 1915 "util/configparser.y" { OUTYY(("P(server_interface_action:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_acl_action((yyvsp[0].str)); @@ -4843,21 +4932,21 @@ yyreduce: &cfg_parser->cfg->interface_actions, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding acl"); } -#line 4847 "util/configparser.c" +#line 4936 "util/configparser.c" break; - case 462: /* server_module_conf: VAR_MODULE_CONF STRING_ARG */ -#line 1883 "util/configparser.y" + case 472: /* server_module_conf: VAR_MODULE_CONF STRING_ARG */ +#line 1924 "util/configparser.y" { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 4857 "util/configparser.c" +#line 4946 "util/configparser.c" break; - case 463: /* server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG */ -#line 1890 "util/configparser.y" + case 473: /* server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG */ +#line 1931 "util/configparser.y" { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4874,11 +4963,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4878 "util/configparser.c" +#line 4967 "util/configparser.c" break; - case 464: /* server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG */ -#line 1908 "util/configparser.y" + case 474: /* server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG */ +#line 1949 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4890,11 +4979,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4894 "util/configparser.c" +#line 4983 "util/configparser.c" break; - case 465: /* server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG */ -#line 1921 "util/configparser.y" + case 475: /* server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG */ +#line 1962 "util/configparser.y" { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4906,11 +4995,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4910 "util/configparser.c" +#line 4999 "util/configparser.c" break; - case 466: /* server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG */ -#line 1934 "util/configparser.y" + case 476: /* server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG */ +#line 1975 "util/configparser.y" { OUTYY(("P(server_val_max_restart:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4922,11 +5011,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4926 "util/configparser.c" +#line 5015 "util/configparser.c" break; - case 467: /* server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG */ -#line 1947 "util/configparser.y" + case 477: /* server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG */ +#line 1988 "util/configparser.y" { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4934,11 +5023,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4938 "util/configparser.c" +#line 5027 "util/configparser.c" break; - case 468: /* server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG */ -#line 1956 "util/configparser.y" + case 478: /* server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG */ +#line 1997 "util/configparser.y" { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4946,11 +5035,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4950 "util/configparser.c" +#line 5039 "util/configparser.c" break; - case 469: /* server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG */ -#line 1965 "util/configparser.y" + case 479: /* server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG */ +#line 2006 "util/configparser.y" { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4958,11 +5047,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4962 "util/configparser.c" +#line 5051 "util/configparser.c" break; - case 470: /* server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG */ -#line 1974 "util/configparser.y" + case 480: /* server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG */ +#line 2015 "util/configparser.y" { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4970,11 +5059,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4974 "util/configparser.c" +#line 5063 "util/configparser.c" break; - case 471: /* server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG */ -#line 1983 "util/configparser.y" + case 481: /* server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG */ +#line 2024 "util/configparser.y" { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4983,11 +5072,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4987 "util/configparser.c" +#line 5076 "util/configparser.c" break; - case 472: /* server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG */ -#line 1993 "util/configparser.y" + case 482: /* server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG */ +#line 2034 "util/configparser.y" { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4996,11 +5085,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5000 "util/configparser.c" +#line 5089 "util/configparser.c" break; - case 473: /* server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG */ -#line 2003 "util/configparser.y" + case 483: /* server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG */ +#line 2044 "util/configparser.y" { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5010,11 +5099,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5014 "util/configparser.c" +#line 5103 "util/configparser.c" break; - case 474: /* server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG */ -#line 2014 "util/configparser.y" + case 484: /* server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG */ +#line 2055 "util/configparser.y" { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5022,11 +5111,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5026 "util/configparser.c" +#line 5115 "util/configparser.c" break; - case 475: /* server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG */ -#line 2023 "util/configparser.y" + case 485: /* server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG */ +#line 2064 "util/configparser.y" { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5034,11 +5123,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5038 "util/configparser.c" +#line 5127 "util/configparser.c" break; - case 476: /* server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG */ -#line 2032 "util/configparser.y" + case 486: /* server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG */ +#line 2073 "util/configparser.y" { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5046,11 +5135,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5050 "util/configparser.c" +#line 5139 "util/configparser.c" break; - case 477: /* server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG */ -#line 2041 "util/configparser.y" + case 487: /* server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG */ +#line 2082 "util/configparser.y" { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5058,11 +5147,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5062 "util/configparser.c" +#line 5151 "util/configparser.c" break; - case 478: /* server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG */ -#line 2050 "util/configparser.y" + case 488: /* server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG */ +#line 2091 "util/configparser.y" { OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5070,11 +5159,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5074 "util/configparser.c" +#line 5163 "util/configparser.c" break; - case 479: /* server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG */ -#line 2059 "util/configparser.y" + case 489: /* server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG */ +#line 2100 "util/configparser.y" { OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5082,11 +5171,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5086 "util/configparser.c" +#line 5175 "util/configparser.c" break; - case 480: /* server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG */ -#line 2068 "util/configparser.y" + case 490: /* server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG */ +#line 2109 "util/configparser.y" { OUTYY(("P(server_ede_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5094,11 +5183,11 @@ yyreduce: else cfg_parser->cfg->ede_serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5098 "util/configparser.c" +#line 5187 "util/configparser.c" break; - case 481: /* server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG */ -#line 2077 "util/configparser.y" + case 491: /* server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG */ +#line 2118 "util/configparser.y" { OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5106,11 +5195,11 @@ yyreduce: else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5110 "util/configparser.c" +#line 5199 "util/configparser.c" break; - case 482: /* server_fake_dsa: VAR_FAKE_DSA STRING_ARG */ -#line 2086 "util/configparser.y" + case 492: /* server_fake_dsa: VAR_FAKE_DSA STRING_ARG */ +#line 2127 "util/configparser.y" { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5122,11 +5211,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5126 "util/configparser.c" +#line 5215 "util/configparser.c" break; - case 483: /* server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG */ -#line 2099 "util/configparser.y" + case 493: /* server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG */ +#line 2140 "util/configparser.y" { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5138,11 +5227,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5142 "util/configparser.c" +#line 5231 "util/configparser.c" break; - case 484: /* server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG */ -#line 2112 "util/configparser.y" + case 494: /* server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG */ +#line 2153 "util/configparser.y" { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5150,21 +5239,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5154 "util/configparser.c" +#line 5243 "util/configparser.c" break; - case 485: /* server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG */ -#line 2121 "util/configparser.y" + case 495: /* server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG */ +#line 2162 "util/configparser.y" { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 5164 "util/configparser.c" +#line 5253 "util/configparser.c" break; - case 486: /* server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG */ -#line 2128 "util/configparser.y" + case 496: /* server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG */ +#line 2169 "util/configparser.y" { OUTYY(("P(server_zonemd_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5172,11 +5261,11 @@ yyreduce: else cfg_parser->cfg->zonemd_permissive_mode = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5176 "util/configparser.c" +#line 5265 "util/configparser.c" break; - case 487: /* server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG */ -#line 2137 "util/configparser.y" + case 497: /* server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG */ +#line 2178 "util/configparser.y" { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5184,11 +5273,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5188 "util/configparser.c" +#line 5277 "util/configparser.c" break; - case 488: /* server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG */ -#line 2146 "util/configparser.y" + case 498: /* server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG */ +#line 2187 "util/configparser.y" { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5196,11 +5285,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5200 "util/configparser.c" +#line 5289 "util/configparser.c" break; - case 489: /* server_keep_missing: VAR_KEEP_MISSING STRING_ARG */ -#line 2155 "util/configparser.y" + case 499: /* server_keep_missing: VAR_KEEP_MISSING STRING_ARG */ +#line 2196 "util/configparser.y" { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5208,11 +5297,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5212 "util/configparser.c" +#line 5301 "util/configparser.c" break; - case 490: /* server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG */ -#line 2164 "util/configparser.y" + case 500: /* server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG */ +#line 2205 "util/configparser.y" { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5221,22 +5310,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5225 "util/configparser.c" +#line 5314 "util/configparser.c" break; - case 491: /* server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG */ -#line 2173 "util/configparser.y" + case 501: /* server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG */ +#line 2215 "util/configparser.y" { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5236 "util/configparser.c" +#line 5325 "util/configparser.c" break; - case 492: /* server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG */ -#line 2181 "util/configparser.y" + case 502: /* server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG */ +#line 2223 "util/configparser.y" { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -5248,22 +5337,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5252 "util/configparser.c" +#line 5341 "util/configparser.c" break; - case 493: /* server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG */ -#line 2194 "util/configparser.y" + case 503: /* server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG */ +#line 2236 "util/configparser.y" { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5263 "util/configparser.c" +#line 5352 "util/configparser.c" break; - case 494: /* server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ -#line 2202 "util/configparser.y" + case 504: /* server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ +#line 2244 "util/configparser.y" { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5271,6 +5360,7 @@ yyreduce: strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 && strcmp((yyvsp[0].str), "typetransparent")!=0 && strcmp((yyvsp[0].str), "always_transparent")!=0 + && strcmp((yyvsp[0].str), "block_a")!=0 && strcmp((yyvsp[0].str), "always_refuse")!=0 && strcmp((yyvsp[0].str), "always_nxdomain")!=0 && strcmp((yyvsp[0].str), "always_nodata")!=0 @@ -5283,7 +5373,7 @@ yyreduce: yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "inform_redirect, always_transparent, " + "inform_redirect, always_transparent, block_a," "always_refuse, always_nxdomain, " "always_nodata, always_deny, always_null, " "noview, nodefault or ipset"); @@ -5317,21 +5407,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5321 "util/configparser.c" +#line 5411 "util/configparser.c" break; - case 495: /* server_local_data: VAR_LOCAL_DATA STRING_ARG */ -#line 2257 "util/configparser.y" + case 505: /* server_local_data: VAR_LOCAL_DATA STRING_ARG */ +#line 2300 "util/configparser.y" { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 5331 "util/configparser.c" +#line 5421 "util/configparser.c" break; - case 496: /* server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ -#line 2264 "util/configparser.y" + case 506: /* server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ +#line 2307 "util/configparser.y" { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5345,11 +5435,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5349 "util/configparser.c" +#line 5439 "util/configparser.c" break; - case 497: /* server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG */ -#line 2279 "util/configparser.y" + case 507: /* server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG */ +#line 2322 "util/configparser.y" { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5358,11 +5448,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5362 "util/configparser.c" +#line 5452 "util/configparser.c" break; - case 498: /* server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG */ -#line 2289 "util/configparser.y" + case 508: /* server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG */ +#line 2332 "util/configparser.y" { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5371,41 +5461,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5375 "util/configparser.c" +#line 5465 "util/configparser.c" break; - case 499: /* server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG */ -#line 2299 "util/configparser.y" + case 509: /* server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG */ +#line 2342 "util/configparser.y" { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5385 "util/configparser.c" +#line 5475 "util/configparser.c" break; - case 500: /* server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG */ -#line 2306 "util/configparser.y" + case 510: /* server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG */ +#line 2349 "util/configparser.y" { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5395 "util/configparser.c" +#line 5485 "util/configparser.c" break; - case 501: /* server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG */ -#line 2313 "util/configparser.y" + case 511: /* server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG */ +#line 2356 "util/configparser.y" { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 5405 "util/configparser.c" +#line 5495 "util/configparser.c" break; - case 502: /* server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG */ -#line 2320 "util/configparser.y" + case 512: /* server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG */ +#line 2363 "util/configparser.y" { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5413,22 +5503,32 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5417 "util/configparser.c" +#line 5507 "util/configparser.c" break; - case 503: /* server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG */ -#line 2329 "util/configparser.y" + case 513: /* server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG */ +#line 2372 "util/configparser.y" { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 5428 "util/configparser.c" +#line 5518 "util/configparser.c" break; - case 504: /* server_define_tag: VAR_DEFINE_TAG STRING_ARG */ -#line 2337 "util/configparser.y" + case 514: /* server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG */ +#line 2380 "util/configparser.y" + { + OUTYY(("P(nat64_prefix:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->nat64_prefix); + cfg_parser->cfg->nat64_prefix = (yyvsp[0].str); + } +#line 5528 "util/configparser.c" + break; + + case 515: /* server_define_tag: VAR_DEFINE_TAG STRING_ARG */ +#line 2387 "util/configparser.y" { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -5441,11 +5541,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5445 "util/configparser.c" +#line 5545 "util/configparser.c" break; - case 505: /* server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG */ -#line 2351 "util/configparser.y" + case 516: /* server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG */ +#line 2401 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5465,11 +5565,11 @@ yyreduce: } } } -#line 5469 "util/configparser.c" +#line 5569 "util/configparser.c" break; - case 506: /* server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG */ -#line 2372 "util/configparser.y" + case 517: /* server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG */ +#line 2422 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5489,11 +5589,11 @@ yyreduce: } } } -#line 5493 "util/configparser.c" +#line 5593 "util/configparser.c" break; - case 507: /* server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG */ -#line 2393 "util/configparser.y" + case 518: /* server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG */ +#line 2443 "util/configparser.y" { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -5504,11 +5604,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5508 "util/configparser.c" +#line 5608 "util/configparser.c" break; - case 508: /* server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG */ -#line 2405 "util/configparser.y" + case 519: /* server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG */ +#line 2455 "util/configparser.y" { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -5519,11 +5619,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5523 "util/configparser.c" +#line 5623 "util/configparser.c" break; - case 509: /* server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG */ -#line 2417 "util/configparser.y" + case 520: /* server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG */ +#line 2467 "util/configparser.y" { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -5534,11 +5634,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5538 "util/configparser.c" +#line 5638 "util/configparser.c" break; - case 510: /* server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG */ -#line 2429 "util/configparser.y" + case 521: /* server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG */ +#line 2479 "util/configparser.y" { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -5546,11 +5646,11 @@ yyreduce: yyerror("out of memory"); } } -#line 5550 "util/configparser.c" +#line 5650 "util/configparser.c" break; - case 511: /* server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG */ -#line 2438 "util/configparser.y" + case 522: /* server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG */ +#line 2488 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5570,11 +5670,11 @@ yyreduce: } } } -#line 5574 "util/configparser.c" +#line 5674 "util/configparser.c" break; - case 512: /* server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG */ -#line 2459 "util/configparser.y" + case 523: /* server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG */ +#line 2509 "util/configparser.y" { OUTYY(("P(server_interface_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions, @@ -5585,11 +5685,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5589 "util/configparser.c" +#line 5689 "util/configparser.c" break; - case 513: /* server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG */ -#line 2471 "util/configparser.y" + case 524: /* server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG */ +#line 2521 "util/configparser.y" { OUTYY(("P(server_interface_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas, @@ -5600,11 +5700,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5604 "util/configparser.c" +#line 5704 "util/configparser.c" break; - case 514: /* server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG */ -#line 2483 "util/configparser.y" + case 525: /* server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG */ +#line 2533 "util/configparser.y" { OUTYY(("P(server_interface_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view, @@ -5612,11 +5712,11 @@ yyreduce: yyerror("out of memory"); } } -#line 5616 "util/configparser.c" +#line 5716 "util/configparser.c" break; - case 515: /* server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG */ -#line 2492 "util/configparser.y" + case 526: /* server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG */ +#line 2542 "util/configparser.y" { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5636,11 +5736,11 @@ yyreduce: } } } -#line 5640 "util/configparser.c" +#line 5740 "util/configparser.c" break; - case 516: /* server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG */ -#line 2513 "util/configparser.y" + case 527: /* server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG */ +#line 2563 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5648,11 +5748,23 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5652 "util/configparser.c" +#line 5752 "util/configparser.c" break; - case 517: /* server_ratelimit: VAR_RATELIMIT STRING_ARG */ -#line 2522 "util/configparser.y" + case 528: /* server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG */ +#line 2572 "util/configparser.y" + { + OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ip_ratelimit_cookie = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5764 "util/configparser.c" + break; + + case 529: /* server_ratelimit: VAR_RATELIMIT STRING_ARG */ +#line 2581 "util/configparser.y" { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5660,33 +5772,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5664 "util/configparser.c" +#line 5776 "util/configparser.c" break; - case 518: /* server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG */ -#line 2531 "util/configparser.y" + case 530: /* server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG */ +#line 2590 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5675 "util/configparser.c" +#line 5787 "util/configparser.c" break; - case 519: /* server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG */ -#line 2539 "util/configparser.y" + case 531: /* server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG */ +#line 2598 "util/configparser.y" { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5686 "util/configparser.c" +#line 5798 "util/configparser.c" break; - case 520: /* server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG */ -#line 2547 "util/configparser.y" + case 532: /* server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG */ +#line 2606 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -5698,11 +5810,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5702 "util/configparser.c" +#line 5814 "util/configparser.c" break; - case 521: /* server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG */ -#line 2560 "util/configparser.y" + case 533: /* server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG */ +#line 2619 "util/configparser.y" { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -5714,11 +5826,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5718 "util/configparser.c" +#line 5830 "util/configparser.c" break; - case 522: /* server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG */ -#line 2573 "util/configparser.y" + case 534: /* server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG */ +#line 2632 "util/configparser.y" { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5732,11 +5844,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 5736 "util/configparser.c" +#line 5848 "util/configparser.c" break; - case 523: /* server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG */ -#line 2588 "util/configparser.y" + case 535: /* server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG */ +#line 2647 "util/configparser.y" { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5750,11 +5862,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 5754 "util/configparser.c" +#line 5866 "util/configparser.c" break; - case 524: /* server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG */ -#line 2603 "util/configparser.y" + case 536: /* server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG */ +#line 2662 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5762,11 +5874,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5766 "util/configparser.c" +#line 5878 "util/configparser.c" break; - case 525: /* server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG */ -#line 2612 "util/configparser.y" + case 537: /* server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG */ +#line 2671 "util/configparser.y" { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5774,11 +5886,11 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5778 "util/configparser.c" +#line 5890 "util/configparser.c" break; - case 526: /* server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG */ -#line 2621 "util/configparser.y" + case 538: /* server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG */ +#line 2680 "util/configparser.y" { OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5787,11 +5899,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5791 "util/configparser.c" +#line 5903 "util/configparser.c" break; - case 527: /* server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG */ -#line 2631 "util/configparser.y" + case 539: /* server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG */ +#line 2690 "util/configparser.y" { OUTYY(("P(server_ratelimit_backoff:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5800,11 +5912,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5804 "util/configparser.c" +#line 5916 "util/configparser.c" break; - case 528: /* server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG */ -#line 2641 "util/configparser.y" + case 540: /* server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG */ +#line 2700 "util/configparser.y" { OUTYY(("P(server_outbound_msg_retry:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5812,11 +5924,11 @@ yyreduce: else cfg_parser->cfg->outbound_msg_retry = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5816 "util/configparser.c" +#line 5928 "util/configparser.c" break; - case 529: /* server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG */ -#line 2650 "util/configparser.y" + case 541: /* server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG */ +#line 2709 "util/configparser.y" { OUTYY(("P(server_max_sent_count:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5824,11 +5936,11 @@ yyreduce: else cfg_parser->cfg->max_sent_count = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5828 "util/configparser.c" +#line 5940 "util/configparser.c" break; - case 530: /* server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG */ -#line 2659 "util/configparser.y" + case 542: /* server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG */ +#line 2718 "util/configparser.y" { OUTYY(("P(server_max_query_restarts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5836,20 +5948,20 @@ yyreduce: else cfg_parser->cfg->max_query_restarts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5840 "util/configparser.c" +#line 5952 "util/configparser.c" break; - case 531: /* server_low_rtt: VAR_LOW_RTT STRING_ARG */ -#line 2668 "util/configparser.y" + case 543: /* server_low_rtt: VAR_LOW_RTT STRING_ARG */ +#line 2727 "util/configparser.y" { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 5849 "util/configparser.c" +#line 5961 "util/configparser.c" break; - case 532: /* server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG */ -#line 2674 "util/configparser.y" + case 544: /* server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG */ +#line 2733 "util/configparser.y" { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -5857,11 +5969,11 @@ yyreduce: else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5861 "util/configparser.c" +#line 5973 "util/configparser.c" break; - case 533: /* server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG */ -#line 2683 "util/configparser.y" + case 545: /* server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG */ +#line 2742 "util/configparser.y" { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5869,11 +5981,11 @@ yyreduce: else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5873 "util/configparser.c" +#line 5985 "util/configparser.c" break; - case 534: /* server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG */ -#line 2692 "util/configparser.y" + case 546: /* server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG */ +#line 2751 "util/configparser.y" { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5882,11 +5994,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5886 "util/configparser.c" +#line 5998 "util/configparser.c" break; - case 535: /* server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG */ -#line 2702 "util/configparser.y" + case 547: /* server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG */ +#line 2761 "util/configparser.y" { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5895,24 +6007,24 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5899 "util/configparser.c" +#line 6011 "util/configparser.c" break; - case 536: /* server_pad_responses: VAR_PAD_RESPONSES STRING_ARG */ -#line 2712 "util/configparser.y" + case 548: /* server_pad_responses: VAR_PAD_RESPONSES STRING_ARG */ +#line 2771 "util/configparser.y" { OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_responses = + else cfg_parser->cfg->pad_responses = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5912 "util/configparser.c" +#line 6024 "util/configparser.c" break; - case 537: /* server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG */ -#line 2722 "util/configparser.y" + case 549: /* server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG */ +#line 2781 "util/configparser.y" { OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5920,24 +6032,24 @@ yyreduce: else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5924 "util/configparser.c" +#line 6036 "util/configparser.c" break; - case 538: /* server_pad_queries: VAR_PAD_QUERIES STRING_ARG */ -#line 2731 "util/configparser.y" + case 550: /* server_pad_queries: VAR_PAD_QUERIES STRING_ARG */ +#line 2790 "util/configparser.y" { OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_queries = + else cfg_parser->cfg->pad_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5937 "util/configparser.c" +#line 6049 "util/configparser.c" break; - case 539: /* server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG */ -#line 2741 "util/configparser.y" + case 551: /* server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG */ +#line 2800 "util/configparser.y" { OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5945,11 +6057,11 @@ yyreduce: else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5949 "util/configparser.c" +#line 6061 "util/configparser.c" break; - case 540: /* server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG */ -#line 2750 "util/configparser.y" + case 552: /* server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG */ +#line 2809 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -5961,11 +6073,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5965 "util/configparser.c" +#line 6077 "util/configparser.c" break; - case 541: /* server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG */ -#line 2763 "util/configparser.y" + case 553: /* server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG */ +#line 2822 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -5977,11 +6089,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5981 "util/configparser.c" +#line 6093 "util/configparser.c" break; - case 542: /* server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG */ -#line 2776 "util/configparser.y" + case 554: /* server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG */ +#line 2835 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -5992,11 +6104,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5996 "util/configparser.c" +#line 6108 "util/configparser.c" break; - case 543: /* server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG */ -#line 2788 "util/configparser.y" + case 555: /* server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG */ +#line 2847 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -6009,11 +6121,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6013 "util/configparser.c" +#line 6125 "util/configparser.c" break; - case 544: /* server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG */ -#line 2802 "util/configparser.y" + case 556: /* server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG */ +#line 2861 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -6024,11 +6136,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6028 "util/configparser.c" +#line 6140 "util/configparser.c" break; - case 545: /* server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG */ -#line 2814 "util/configparser.y" + case 557: /* server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG */ +#line 2873 "util/configparser.y" { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -6041,11 +6153,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6045 "util/configparser.c" +#line 6157 "util/configparser.c" break; - case 546: /* server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG */ -#line 2828 "util/configparser.y" + case 558: /* server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG */ +#line 2887 "util/configparser.y" { OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert( @@ -6053,11 +6165,11 @@ yyreduce: fatal_exit("out of memory adding " "edns-client-string"); } -#line 6057 "util/configparser.c" +#line 6169 "util/configparser.c" break; - case 547: /* server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG */ -#line 2837 "util/configparser.y" + case 559: /* server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG */ +#line 2896 "util/configparser.y" { OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -6067,11 +6179,11 @@ yyreduce: else cfg_parser->cfg->edns_client_string_opcode = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6071 "util/configparser.c" +#line 6183 "util/configparser.c" break; - case 548: /* server_ede: VAR_EDE STRING_ARG */ -#line 2848 "util/configparser.y" + case 560: /* server_ede: VAR_EDE STRING_ARG */ +#line 2907 "util/configparser.y" { OUTYY(("P(server_ede:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6079,21 +6191,21 @@ yyreduce: else cfg_parser->cfg->ede = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6083 "util/configparser.c" +#line 6195 "util/configparser.c" break; - case 549: /* server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG */ -#line 2857 "util/configparser.y" + case 561: /* server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG */ +#line 2916 "util/configparser.y" { OUTYY(("P(server_proxy_protocol_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6093 "util/configparser.c" +#line 6205 "util/configparser.c" break; - case 550: /* stub_name: VAR_NAME STRING_ARG */ -#line 2864 "util/configparser.y" + case 562: /* stub_name: VAR_NAME STRING_ARG */ +#line 2923 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -6102,31 +6214,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 6106 "util/configparser.c" +#line 6218 "util/configparser.c" break; - case 551: /* stub_host: VAR_STUB_HOST STRING_ARG */ -#line 2874 "util/configparser.y" + case 563: /* stub_host: VAR_STUB_HOST STRING_ARG */ +#line 2933 "util/configparser.y" { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6116 "util/configparser.c" +#line 6228 "util/configparser.c" break; - case 552: /* stub_addr: VAR_STUB_ADDR STRING_ARG */ -#line 2881 "util/configparser.y" + case 564: /* stub_addr: VAR_STUB_ADDR STRING_ARG */ +#line 2940 "util/configparser.y" { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6126 "util/configparser.c" +#line 6238 "util/configparser.c" break; - case 553: /* stub_first: VAR_STUB_FIRST STRING_ARG */ -#line 2888 "util/configparser.y" + case 565: /* stub_first: VAR_STUB_FIRST STRING_ARG */ +#line 2947 "util/configparser.y" { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6134,11 +6246,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6138 "util/configparser.c" +#line 6250 "util/configparser.c" break; - case 554: /* stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG */ -#line 2897 "util/configparser.y" + case 566: /* stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG */ +#line 2956 "util/configparser.y" { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6146,11 +6258,11 @@ yyreduce: else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6150 "util/configparser.c" +#line 6262 "util/configparser.c" break; - case 555: /* stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG */ -#line 2906 "util/configparser.y" + case 567: /* stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG */ +#line 2965 "util/configparser.y" { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6159,11 +6271,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6163 "util/configparser.c" +#line 6275 "util/configparser.c" break; - case 556: /* stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG */ -#line 2916 "util/configparser.y" + case 568: /* stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG */ +#line 2975 "util/configparser.y" { OUTYY(("P(stub-tcp-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6172,11 +6284,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6176 "util/configparser.c" +#line 6288 "util/configparser.c" break; - case 557: /* stub_prime: VAR_STUB_PRIME STRING_ARG */ -#line 2926 "util/configparser.y" + case 569: /* stub_prime: VAR_STUB_PRIME STRING_ARG */ +#line 2985 "util/configparser.y" { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6185,11 +6297,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6189 "util/configparser.c" +#line 6301 "util/configparser.c" break; - case 558: /* forward_name: VAR_NAME STRING_ARG */ -#line 2936 "util/configparser.y" + case 570: /* forward_name: VAR_NAME STRING_ARG */ +#line 2995 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -6198,31 +6310,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 6202 "util/configparser.c" +#line 6314 "util/configparser.c" break; - case 559: /* forward_host: VAR_FORWARD_HOST STRING_ARG */ -#line 2946 "util/configparser.y" + case 571: /* forward_host: VAR_FORWARD_HOST STRING_ARG */ +#line 3005 "util/configparser.y" { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6212 "util/configparser.c" +#line 6324 "util/configparser.c" break; - case 560: /* forward_addr: VAR_FORWARD_ADDR STRING_ARG */ -#line 2953 "util/configparser.y" + case 572: /* forward_addr: VAR_FORWARD_ADDR STRING_ARG */ +#line 3012 "util/configparser.y" { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6222 "util/configparser.c" +#line 6334 "util/configparser.c" break; - case 561: /* forward_first: VAR_FORWARD_FIRST STRING_ARG */ -#line 2960 "util/configparser.y" + case 573: /* forward_first: VAR_FORWARD_FIRST STRING_ARG */ +#line 3019 "util/configparser.y" { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6230,11 +6342,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6234 "util/configparser.c" +#line 6346 "util/configparser.c" break; - case 562: /* forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG */ -#line 2969 "util/configparser.y" + case 574: /* forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG */ +#line 3028 "util/configparser.y" { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6242,11 +6354,11 @@ yyreduce: else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6246 "util/configparser.c" +#line 6358 "util/configparser.c" break; - case 563: /* forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG */ -#line 2978 "util/configparser.y" + case 575: /* forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG */ +#line 3037 "util/configparser.y" { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6255,11 +6367,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6259 "util/configparser.c" +#line 6371 "util/configparser.c" break; - case 564: /* forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG */ -#line 2988 "util/configparser.y" + case 576: /* forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG */ +#line 3047 "util/configparser.y" { OUTYY(("P(forward-tcp-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6268,11 +6380,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6272 "util/configparser.c" +#line 6384 "util/configparser.c" break; - case 565: /* auth_name: VAR_NAME STRING_ARG */ -#line 2998 "util/configparser.y" + case 577: /* auth_name: VAR_NAME STRING_ARG */ +#line 3057 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -6281,52 +6393,52 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 6285 "util/configparser.c" +#line 6397 "util/configparser.c" break; - case 566: /* auth_zonefile: VAR_ZONEFILE STRING_ARG */ -#line 3008 "util/configparser.y" + case 578: /* auth_zonefile: VAR_ZONEFILE STRING_ARG */ +#line 3067 "util/configparser.y" { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 6295 "util/configparser.c" +#line 6407 "util/configparser.c" break; - case 567: /* auth_master: VAR_MASTER STRING_ARG */ -#line 3015 "util/configparser.y" + case 579: /* auth_master: VAR_MASTER STRING_ARG */ +#line 3074 "util/configparser.y" { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6305 "util/configparser.c" +#line 6417 "util/configparser.c" break; - case 568: /* auth_url: VAR_URL STRING_ARG */ -#line 3022 "util/configparser.y" + case 580: /* auth_url: VAR_URL STRING_ARG */ +#line 3081 "util/configparser.y" { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6315 "util/configparser.c" +#line 6427 "util/configparser.c" break; - case 569: /* auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG */ -#line 3029 "util/configparser.y" + case 581: /* auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG */ +#line 3088 "util/configparser.y" { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6326 "util/configparser.c" +#line 6438 "util/configparser.c" break; - case 570: /* auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG */ -#line 3037 "util/configparser.y" + case 582: /* auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG */ +#line 3096 "util/configparser.y" { OUTYY(("P(zonemd-check:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6335,11 +6447,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6339 "util/configparser.c" +#line 6451 "util/configparser.c" break; - case 571: /* auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG */ -#line 3047 "util/configparser.y" + case 583: /* auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG */ +#line 3106 "util/configparser.y" { OUTYY(("P(zonemd-reject-absence:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6348,11 +6460,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6352 "util/configparser.c" +#line 6464 "util/configparser.c" break; - case 572: /* auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG */ -#line 3057 "util/configparser.y" + case 584: /* auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG */ +#line 3116 "util/configparser.y" { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6361,11 +6473,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6365 "util/configparser.c" +#line 6477 "util/configparser.c" break; - case 573: /* auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG */ -#line 3067 "util/configparser.y" + case 585: /* auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG */ +#line 3126 "util/configparser.y" { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6374,11 +6486,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6378 "util/configparser.c" +#line 6490 "util/configparser.c" break; - case 574: /* auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG */ -#line 3077 "util/configparser.y" + case 586: /* auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG */ +#line 3136 "util/configparser.y" { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6387,11 +6499,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6391 "util/configparser.c" +#line 6503 "util/configparser.c" break; - case 575: /* view_name: VAR_NAME STRING_ARG */ -#line 3087 "util/configparser.y" + case 587: /* view_name: VAR_NAME STRING_ARG */ +#line 3146 "util/configparser.y" { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -6400,11 +6512,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 6404 "util/configparser.c" +#line 6516 "util/configparser.c" break; - case 576: /* view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ -#line 3097 "util/configparser.y" + case 588: /* view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ +#line 3156 "util/configparser.y" { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -6459,11 +6571,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 6463 "util/configparser.c" +#line 6575 "util/configparser.c" break; - case 577: /* view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ -#line 3153 "util/configparser.y" + case 589: /* view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ +#line 3212 "util/configparser.y" { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -6472,33 +6584,33 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 6476 "util/configparser.c" +#line 6588 "util/configparser.c" break; - case 578: /* view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ -#line 3163 "util/configparser.y" + case 590: /* view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ +#line 3222 "util/configparser.y" { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 6487 "util/configparser.c" +#line 6599 "util/configparser.c" break; - case 579: /* view_local_data: VAR_LOCAL_DATA STRING_ARG */ -#line 3171 "util/configparser.y" + case 591: /* view_local_data: VAR_LOCAL_DATA STRING_ARG */ +#line 3230 "util/configparser.y" { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 6498 "util/configparser.c" +#line 6610 "util/configparser.c" break; - case 580: /* view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ -#line 3179 "util/configparser.y" + case 592: /* view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ +#line 3238 "util/configparser.y" { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -6512,11 +6624,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 6516 "util/configparser.c" +#line 6628 "util/configparser.c" break; - case 581: /* view_first: VAR_VIEW_FIRST STRING_ARG */ -#line 3194 "util/configparser.y" + case 593: /* view_first: VAR_VIEW_FIRST STRING_ARG */ +#line 3253 "util/configparser.y" { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6524,20 +6636,20 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6528 "util/configparser.c" +#line 6640 "util/configparser.c" break; - case 582: /* rcstart: VAR_REMOTE_CONTROL */ -#line 3203 "util/configparser.y" + case 594: /* rcstart: VAR_REMOTE_CONTROL */ +#line 3262 "util/configparser.y" { OUTYY(("\nP(remote-control:)\n")); cfg_parser->started_toplevel = 1; } -#line 6537 "util/configparser.c" +#line 6649 "util/configparser.c" break; - case 593: /* rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG */ -#line 3215 "util/configparser.y" + case 605: /* rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG */ +#line 3274 "util/configparser.y" { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6546,11 +6658,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6550 "util/configparser.c" +#line 6662 "util/configparser.c" break; - case 594: /* rc_control_port: VAR_CONTROL_PORT STRING_ARG */ -#line 3225 "util/configparser.y" + case 606: /* rc_control_port: VAR_CONTROL_PORT STRING_ARG */ +#line 3284 "util/configparser.y" { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6558,80 +6670,80 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6562 "util/configparser.c" +#line 6674 "util/configparser.c" break; - case 595: /* rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG */ -#line 3234 "util/configparser.y" + case 607: /* rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG */ +#line 3293 "util/configparser.y" { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6572 "util/configparser.c" +#line 6684 "util/configparser.c" break; - case 596: /* rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG */ -#line 3241 "util/configparser.y" + case 608: /* rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG */ +#line 3300 "util/configparser.y" { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6582 "util/configparser.c" +#line 6694 "util/configparser.c" break; - case 597: /* rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG */ -#line 3248 "util/configparser.y" + case 609: /* rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG */ +#line 3307 "util/configparser.y" { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 6592 "util/configparser.c" +#line 6704 "util/configparser.c" break; - case 598: /* rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG */ -#line 3255 "util/configparser.y" + case 610: /* rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG */ +#line 3314 "util/configparser.y" { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 6602 "util/configparser.c" +#line 6714 "util/configparser.c" break; - case 599: /* rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG */ -#line 3262 "util/configparser.y" + case 611: /* rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG */ +#line 3321 "util/configparser.y" { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 6612 "util/configparser.c" +#line 6724 "util/configparser.c" break; - case 600: /* rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG */ -#line 3269 "util/configparser.y" + case 612: /* rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG */ +#line 3328 "util/configparser.y" { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 6622 "util/configparser.c" +#line 6734 "util/configparser.c" break; - case 601: /* dtstart: VAR_DNSTAP */ -#line 3276 "util/configparser.y" + case 613: /* dtstart: VAR_DNSTAP */ +#line 3335 "util/configparser.y" { OUTYY(("\nP(dnstap:)\n")); cfg_parser->started_toplevel = 1; } -#line 6631 "util/configparser.c" +#line 6743 "util/configparser.c" break; - case 623: /* dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG */ -#line 3297 "util/configparser.y" + case 635: /* dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG */ +#line 3356 "util/configparser.y" { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6639,11 +6751,11 @@ yyreduce: else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6643 "util/configparser.c" +#line 6755 "util/configparser.c" break; - case 624: /* dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG */ -#line 3306 "util/configparser.y" + case 636: /* dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG */ +#line 3365 "util/configparser.y" { OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6652,31 +6764,31 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6656 "util/configparser.c" +#line 6768 "util/configparser.c" break; - case 625: /* dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG */ -#line 3316 "util/configparser.y" + case 637: /* dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG */ +#line 3375 "util/configparser.y" { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 6666 "util/configparser.c" +#line 6778 "util/configparser.c" break; - case 626: /* dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG */ -#line 3323 "util/configparser.y" + case 638: /* dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG */ +#line 3382 "util/configparser.y" { OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_ip); cfg_parser->cfg->dnstap_ip = (yyvsp[0].str); } -#line 6676 "util/configparser.c" +#line 6788 "util/configparser.c" break; - case 627: /* dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG */ -#line 3330 "util/configparser.y" + case 639: /* dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG */ +#line 3389 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6684,51 +6796,51 @@ yyreduce: else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6688 "util/configparser.c" +#line 6800 "util/configparser.c" break; - case 628: /* dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG */ -#line 3339 "util/configparser.y" + case 640: /* dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG */ +#line 3398 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_server_name); cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str); } -#line 6698 "util/configparser.c" +#line 6810 "util/configparser.c" break; - case 629: /* dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG */ -#line 3346 "util/configparser.y" + case 641: /* dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG */ +#line 3405 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_cert_bundle); cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str); } -#line 6708 "util/configparser.c" +#line 6820 "util/configparser.c" break; - case 630: /* dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG */ -#line 3353 "util/configparser.y" + case 642: /* dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG */ +#line 3412 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_key_file); cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str); } -#line 6718 "util/configparser.c" +#line 6830 "util/configparser.c" break; - case 631: /* dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG */ -#line 3360 "util/configparser.y" + case 643: /* dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG */ +#line 3419 "util/configparser.y" { OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_cert_file); cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str); } -#line 6728 "util/configparser.c" +#line 6840 "util/configparser.c" break; - case 632: /* dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG */ -#line 3367 "util/configparser.y" + case 644: /* dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG */ +#line 3426 "util/configparser.y" { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6736,11 +6848,11 @@ yyreduce: else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6740 "util/configparser.c" +#line 6852 "util/configparser.c" break; - case 633: /* dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG */ -#line 3376 "util/configparser.y" + case 645: /* dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG */ +#line 3435 "util/configparser.y" { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6748,31 +6860,31 @@ yyreduce: else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6752 "util/configparser.c" +#line 6864 "util/configparser.c" break; - case 634: /* dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG */ -#line 3385 "util/configparser.y" + case 646: /* dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG */ +#line 3444 "util/configparser.y" { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 6762 "util/configparser.c" +#line 6874 "util/configparser.c" break; - case 635: /* dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG */ -#line 3392 "util/configparser.y" + case 647: /* dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG */ +#line 3451 "util/configparser.y" { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 6772 "util/configparser.c" +#line 6884 "util/configparser.c" break; - case 636: /* dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG */ -#line 3399 "util/configparser.y" + case 648: /* dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG */ +#line 3458 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6781,11 +6893,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6785 "util/configparser.c" +#line 6897 "util/configparser.c" break; - case 637: /* dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG */ -#line 3409 "util/configparser.y" + case 649: /* dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG */ +#line 3468 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6794,11 +6906,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6798 "util/configparser.c" +#line 6910 "util/configparser.c" break; - case 638: /* dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG */ -#line 3419 "util/configparser.y" + case 650: /* dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG */ +#line 3478 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6807,11 +6919,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6811 "util/configparser.c" +#line 6923 "util/configparser.c" break; - case 639: /* dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG */ -#line 3429 "util/configparser.y" + case 651: /* dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG */ +#line 3488 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6820,11 +6932,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6824 "util/configparser.c" +#line 6936 "util/configparser.c" break; - case 640: /* dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG */ -#line 3439 "util/configparser.y" + case 652: /* dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG */ +#line 3498 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6833,11 +6945,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6837 "util/configparser.c" +#line 6949 "util/configparser.c" break; - case 641: /* dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG */ -#line 3449 "util/configparser.y" + case 653: /* dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG */ +#line 3508 "util/configparser.y" { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6846,49 +6958,49 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6850 "util/configparser.c" +#line 6962 "util/configparser.c" break; - case 642: /* pythonstart: VAR_PYTHON */ -#line 3459 "util/configparser.y" + case 654: /* pythonstart: VAR_PYTHON */ +#line 3518 "util/configparser.y" { OUTYY(("\nP(python:)\n")); cfg_parser->started_toplevel = 1; } -#line 6859 "util/configparser.c" +#line 6971 "util/configparser.c" break; - case 646: /* py_script: VAR_PYTHON_SCRIPT STRING_ARG */ -#line 3469 "util/configparser.y" + case 658: /* py_script: VAR_PYTHON_SCRIPT STRING_ARG */ +#line 3528 "util/configparser.y" { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6869 "util/configparser.c" +#line 6981 "util/configparser.c" break; - case 647: /* dynlibstart: VAR_DYNLIB */ -#line 3475 "util/configparser.y" - { - OUTYY(("\nP(dynlib:)\n")); + case 659: /* dynlibstart: VAR_DYNLIB */ +#line 3535 "util/configparser.y" + { + OUTYY(("\nP(dynlib:)\n")); cfg_parser->started_toplevel = 1; } -#line 6878 "util/configparser.c" +#line 6990 "util/configparser.c" break; - case 651: /* dl_file: VAR_DYNLIB_FILE STRING_ARG */ -#line 3485 "util/configparser.y" + case 663: /* dl_file: VAR_DYNLIB_FILE STRING_ARG */ +#line 3545 "util/configparser.y" { OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6888 "util/configparser.c" +#line 7000 "util/configparser.c" break; - case 652: /* server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG */ -#line 3491 "util/configparser.y" + case 664: /* server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG */ +#line 3552 "util/configparser.y" { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6897,21 +7009,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6901 "util/configparser.c" +#line 7013 "util/configparser.c" break; - case 653: /* server_log_identity: VAR_LOG_IDENTITY STRING_ARG */ -#line 3501 "util/configparser.y" + case 665: /* server_log_identity: VAR_LOG_IDENTITY STRING_ARG */ +#line 3562 "util/configparser.y" { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 6911 "util/configparser.c" +#line 7023 "util/configparser.c" break; - case 654: /* server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ -#line 3508 "util/configparser.y" + case 666: /* server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ +#line 3569 "util/configparser.y" { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -6919,31 +7031,31 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 6923 "util/configparser.c" +#line 7035 "util/configparser.c" break; - case 655: /* server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ -#line 3517 "util/configparser.y" + case 667: /* server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ +#line 3578 "util/configparser.y" { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 6934 "util/configparser.c" +#line 7046 "util/configparser.c" break; - case 656: /* dnscstart: VAR_DNSCRYPT */ -#line 3525 "util/configparser.y" + case 668: /* dnscstart: VAR_DNSCRYPT */ +#line 3586 "util/configparser.y" { OUTYY(("\nP(dnscrypt:)\n")); cfg_parser->started_toplevel = 1; } -#line 6943 "util/configparser.c" +#line 7055 "util/configparser.c" break; - case 669: /* dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG */ -#line 3542 "util/configparser.y" + case 681: /* dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG */ +#line 3603 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6951,11 +7063,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6955 "util/configparser.c" +#line 7067 "util/configparser.c" break; - case 670: /* dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG */ -#line 3552 "util/configparser.y" + case 682: /* dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG */ +#line 3612 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6963,21 +7075,21 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6967 "util/configparser.c" +#line 7079 "util/configparser.c" break; - case 671: /* dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG */ -#line 3561 "util/configparser.y" + case 683: /* dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG */ +#line 3621 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 6977 "util/configparser.c" +#line 7089 "util/configparser.c" break; - case 672: /* dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG */ -#line 3568 "util/configparser.y" + case 684: /* dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG */ +#line 3628 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -6985,21 +7097,21 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 6989 "util/configparser.c" +#line 7101 "util/configparser.c" break; - case 673: /* dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG */ -#line 3577 "util/configparser.y" + case 685: /* dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG */ +#line 3637 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 6999 "util/configparser.c" +#line 7111 "util/configparser.c" break; - case 674: /* dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG */ -#line 3584 "util/configparser.y" + case 686: /* dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG */ +#line 3644 "util/configparser.y" { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -7007,22 +7119,22 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 7011 "util/configparser.c" +#line 7123 "util/configparser.c" break; - case 675: /* dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG */ -#line 3593 "util/configparser.y" + case 687: /* dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG */ +#line 3653 "util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 7022 "util/configparser.c" +#line 7134 "util/configparser.c" break; - case 676: /* dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG */ -#line 3601 "util/configparser.y" + case 688: /* dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG */ +#line 3661 "util/configparser.y" { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -7034,22 +7146,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 7038 "util/configparser.c" +#line 7150 "util/configparser.c" break; - case 677: /* dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG */ -#line 3614 "util/configparser.y" + case 689: /* dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG */ +#line 3674 "util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 7049 "util/configparser.c" +#line 7161 "util/configparser.c" break; - case 678: /* dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG */ -#line 3622 "util/configparser.y" + case 690: /* dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG */ +#line 3682 "util/configparser.y" { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) { @@ -7061,20 +7173,20 @@ yyreduce: } free((yyvsp[0].str)); } -#line 7065 "util/configparser.c" +#line 7177 "util/configparser.c" break; - case 679: /* cachedbstart: VAR_CACHEDB */ -#line 3635 "util/configparser.y" + case 691: /* cachedbstart: VAR_CACHEDB */ +#line 3695 "util/configparser.y" { OUTYY(("\nP(cachedb:)\n")); cfg_parser->started_toplevel = 1; } -#line 7074 "util/configparser.c" +#line 7186 "util/configparser.c" break; - case 688: /* cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG */ -#line 3647 "util/configparser.y" + case 702: /* cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG */ +#line 3707 "util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -7085,11 +7197,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 7089 "util/configparser.c" +#line 7201 "util/configparser.c" break; - case 689: /* cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG */ -#line 3659 "util/configparser.y" + case 703: /* cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG */ +#line 3719 "util/configparser.y" { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -7100,11 +7212,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 7104 "util/configparser.c" +#line 7216 "util/configparser.c" break; - case 690: /* redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG */ -#line 3671 "util/configparser.y" + case 704: /* redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG */ +#line 3731 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -7115,11 +7227,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 7119 "util/configparser.c" +#line 7231 "util/configparser.c" break; - case 691: /* redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG */ -#line 3683 "util/configparser.y" + case 705: /* redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG */ +#line 3743 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -7133,11 +7245,41 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 7137 "util/configparser.c" +#line 7249 "util/configparser.c" + break; + + case 706: /* redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG */ +#line 3758 "util/configparser.y" + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_path:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->redis_server_path); + cfg_parser->cfg->redis_server_path = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 7264 "util/configparser.c" + break; + + case 707: /* redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG */ +#line 3770 "util/configparser.y" + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_password:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->redis_server_password); + cfg_parser->cfg->redis_server_password = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 7279 "util/configparser.c" break; - case 692: /* redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG */ -#line 3698 "util/configparser.y" + case 708: /* redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG */ +#line 3782 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -7149,11 +7291,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 7153 "util/configparser.c" +#line 7295 "util/configparser.c" break; - case 693: /* redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG */ -#line 3711 "util/configparser.y" + case 709: /* redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG */ +#line 3795 "util/configparser.y" { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str))); @@ -7165,11 +7307,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 7169 "util/configparser.c" +#line 7311 "util/configparser.c" break; - case 694: /* server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG */ -#line 3724 "util/configparser.y" + case 710: /* server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG */ +#line 3808 "util/configparser.y" { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -7179,20 +7321,51 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 7183 "util/configparser.c" +#line 7325 "util/configparser.c" + break; + + case 711: /* server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG */ +#line 3819 "util/configparser.y" + { + OUTYY(("P(server_answer_cookie:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_answer_cookie = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 7337 "util/configparser.c" + break; + + case 712: /* server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG */ +#line 3828 "util/configparser.y" + { + uint8_t secret[32]; + size_t secret_len = sizeof(secret); + + OUTYY(("P(server_cookie_secret:%s)\n", (yyvsp[0].str))); + if(sldns_str2wire_hex_buf((yyvsp[0].str), secret, &secret_len) + || (secret_len != 16)) + yyerror("expected 128 bit hex string"); + else { + cfg_parser->cfg->cookie_secret_len = secret_len; + memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret)); + } + free((yyvsp[0].str)); + } +#line 7356 "util/configparser.c" break; - case 695: /* ipsetstart: VAR_IPSET */ -#line 3735 "util/configparser.y" + case 713: /* ipsetstart: VAR_IPSET */ +#line 3844 "util/configparser.y" { OUTYY(("\nP(ipset:)\n")); cfg_parser->started_toplevel = 1; } -#line 7192 "util/configparser.c" +#line 7365 "util/configparser.c" break; - case 700: /* ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG */ -#line 3745 "util/configparser.y" + case 718: /* ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG */ +#line 3854 "util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); @@ -7206,11 +7379,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 7210 "util/configparser.c" +#line 7383 "util/configparser.c" break; - case 701: /* ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG */ -#line 3760 "util/configparser.y" + case 719: /* ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG */ +#line 3869 "util/configparser.y" { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); @@ -7224,11 +7397,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 7228 "util/configparser.c" +#line 7401 "util/configparser.c" break; -#line 7232 "util/configparser.c" +#line 7405 "util/configparser.c" default: break; } @@ -7422,7 +7595,7 @@ yyreturn: return yyresult; } -#line 3774 "util/configparser.y" +#line 3883 "util/configparser.y" /* parse helper routines could be here */ @@ -7452,10 +7625,11 @@ validate_acl_action(const char* action) strcmp(action, "refuse_non_local")!=0 && strcmp(action, "allow_setrd")!=0 && strcmp(action, "allow")!=0 && - strcmp(action, "allow_snoop")!=0) + strcmp(action, "allow_snoop")!=0 && + strcmp(action, "allow_cookie")!=0) { yyerror("expected deny, refuse, deny_non_local, " - "refuse_non_local, allow, allow_setrd or " - "allow_snoop as access control action"); + "refuse_non_local, allow, allow_setrd, " + "allow_snoop or allow_cookie as access control action"); } } diff --git a/util/configparser.h b/util/configparser.h index 1117403a1ca7..338dfbb72214 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -72,322 +72,331 @@ extern int yydebug; VAR_PREFER_IP4 = 273, /* VAR_PREFER_IP4 */ VAR_DO_IP4 = 274, /* VAR_DO_IP4 */ VAR_DO_IP6 = 275, /* VAR_DO_IP6 */ - VAR_PREFER_IP6 = 276, /* VAR_PREFER_IP6 */ - VAR_DO_UDP = 277, /* VAR_DO_UDP */ - VAR_DO_TCP = 278, /* VAR_DO_TCP */ - VAR_TCP_MSS = 279, /* VAR_TCP_MSS */ - VAR_OUTGOING_TCP_MSS = 280, /* VAR_OUTGOING_TCP_MSS */ - VAR_TCP_IDLE_TIMEOUT = 281, /* VAR_TCP_IDLE_TIMEOUT */ - VAR_EDNS_TCP_KEEPALIVE = 282, /* VAR_EDNS_TCP_KEEPALIVE */ - VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ - VAR_CHROOT = 284, /* VAR_CHROOT */ - VAR_USERNAME = 285, /* VAR_USERNAME */ - VAR_DIRECTORY = 286, /* VAR_DIRECTORY */ - VAR_LOGFILE = 287, /* VAR_LOGFILE */ - VAR_PIDFILE = 288, /* VAR_PIDFILE */ - VAR_MSG_CACHE_SIZE = 289, /* VAR_MSG_CACHE_SIZE */ - VAR_MSG_CACHE_SLABS = 290, /* VAR_MSG_CACHE_SLABS */ - VAR_NUM_QUERIES_PER_THREAD = 291, /* VAR_NUM_QUERIES_PER_THREAD */ - VAR_RRSET_CACHE_SIZE = 292, /* VAR_RRSET_CACHE_SIZE */ - VAR_RRSET_CACHE_SLABS = 293, /* VAR_RRSET_CACHE_SLABS */ - VAR_OUTGOING_NUM_TCP = 294, /* VAR_OUTGOING_NUM_TCP */ - VAR_INFRA_HOST_TTL = 295, /* VAR_INFRA_HOST_TTL */ - VAR_INFRA_LAME_TTL = 296, /* VAR_INFRA_LAME_TTL */ - VAR_INFRA_CACHE_SLABS = 297, /* VAR_INFRA_CACHE_SLABS */ - VAR_INFRA_CACHE_NUMHOSTS = 298, /* VAR_INFRA_CACHE_NUMHOSTS */ - VAR_INFRA_CACHE_LAME_SIZE = 299, /* VAR_INFRA_CACHE_LAME_SIZE */ - VAR_NAME = 300, /* VAR_NAME */ - VAR_STUB_ZONE = 301, /* VAR_STUB_ZONE */ - VAR_STUB_HOST = 302, /* VAR_STUB_HOST */ - VAR_STUB_ADDR = 303, /* VAR_STUB_ADDR */ - VAR_TARGET_FETCH_POLICY = 304, /* VAR_TARGET_FETCH_POLICY */ - VAR_HARDEN_SHORT_BUFSIZE = 305, /* VAR_HARDEN_SHORT_BUFSIZE */ - VAR_HARDEN_LARGE_QUERIES = 306, /* VAR_HARDEN_LARGE_QUERIES */ - VAR_FORWARD_ZONE = 307, /* VAR_FORWARD_ZONE */ - VAR_FORWARD_HOST = 308, /* VAR_FORWARD_HOST */ - VAR_FORWARD_ADDR = 309, /* VAR_FORWARD_ADDR */ - VAR_DO_NOT_QUERY_ADDRESS = 310, /* VAR_DO_NOT_QUERY_ADDRESS */ - VAR_HIDE_IDENTITY = 311, /* VAR_HIDE_IDENTITY */ - VAR_HIDE_VERSION = 312, /* VAR_HIDE_VERSION */ - VAR_IDENTITY = 313, /* VAR_IDENTITY */ - VAR_VERSION = 314, /* VAR_VERSION */ - VAR_HARDEN_GLUE = 315, /* VAR_HARDEN_GLUE */ - VAR_MODULE_CONF = 316, /* VAR_MODULE_CONF */ - VAR_TRUST_ANCHOR_FILE = 317, /* VAR_TRUST_ANCHOR_FILE */ - VAR_TRUST_ANCHOR = 318, /* VAR_TRUST_ANCHOR */ - VAR_VAL_OVERRIDE_DATE = 319, /* VAR_VAL_OVERRIDE_DATE */ - VAR_BOGUS_TTL = 320, /* VAR_BOGUS_TTL */ - VAR_VAL_CLEAN_ADDITIONAL = 321, /* VAR_VAL_CLEAN_ADDITIONAL */ - VAR_VAL_PERMISSIVE_MODE = 322, /* VAR_VAL_PERMISSIVE_MODE */ - VAR_INCOMING_NUM_TCP = 323, /* VAR_INCOMING_NUM_TCP */ - VAR_MSG_BUFFER_SIZE = 324, /* VAR_MSG_BUFFER_SIZE */ - VAR_KEY_CACHE_SIZE = 325, /* VAR_KEY_CACHE_SIZE */ - VAR_KEY_CACHE_SLABS = 326, /* VAR_KEY_CACHE_SLABS */ - VAR_TRUSTED_KEYS_FILE = 327, /* VAR_TRUSTED_KEYS_FILE */ - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ - VAR_USE_SYSLOG = 329, /* VAR_USE_SYSLOG */ - VAR_OUTGOING_INTERFACE = 330, /* VAR_OUTGOING_INTERFACE */ - VAR_ROOT_HINTS = 331, /* VAR_ROOT_HINTS */ - VAR_DO_NOT_QUERY_LOCALHOST = 332, /* VAR_DO_NOT_QUERY_LOCALHOST */ - VAR_CACHE_MAX_TTL = 333, /* VAR_CACHE_MAX_TTL */ - VAR_HARDEN_DNSSEC_STRIPPED = 334, /* VAR_HARDEN_DNSSEC_STRIPPED */ - VAR_ACCESS_CONTROL = 335, /* VAR_ACCESS_CONTROL */ - VAR_LOCAL_ZONE = 336, /* VAR_LOCAL_ZONE */ - VAR_LOCAL_DATA = 337, /* VAR_LOCAL_DATA */ - VAR_INTERFACE_AUTOMATIC = 338, /* VAR_INTERFACE_AUTOMATIC */ - VAR_STATISTICS_INTERVAL = 339, /* VAR_STATISTICS_INTERVAL */ - VAR_DO_DAEMONIZE = 340, /* VAR_DO_DAEMONIZE */ - VAR_USE_CAPS_FOR_ID = 341, /* VAR_USE_CAPS_FOR_ID */ - VAR_STATISTICS_CUMULATIVE = 342, /* VAR_STATISTICS_CUMULATIVE */ - VAR_OUTGOING_PORT_PERMIT = 343, /* VAR_OUTGOING_PORT_PERMIT */ - VAR_OUTGOING_PORT_AVOID = 344, /* VAR_OUTGOING_PORT_AVOID */ - VAR_DLV_ANCHOR_FILE = 345, /* VAR_DLV_ANCHOR_FILE */ - VAR_DLV_ANCHOR = 346, /* VAR_DLV_ANCHOR */ - VAR_NEG_CACHE_SIZE = 347, /* VAR_NEG_CACHE_SIZE */ - VAR_HARDEN_REFERRAL_PATH = 348, /* VAR_HARDEN_REFERRAL_PATH */ - VAR_PRIVATE_ADDRESS = 349, /* VAR_PRIVATE_ADDRESS */ - VAR_PRIVATE_DOMAIN = 350, /* VAR_PRIVATE_DOMAIN */ - VAR_REMOTE_CONTROL = 351, /* VAR_REMOTE_CONTROL */ - VAR_CONTROL_ENABLE = 352, /* VAR_CONTROL_ENABLE */ - VAR_CONTROL_INTERFACE = 353, /* VAR_CONTROL_INTERFACE */ - VAR_CONTROL_PORT = 354, /* VAR_CONTROL_PORT */ - VAR_SERVER_KEY_FILE = 355, /* VAR_SERVER_KEY_FILE */ - VAR_SERVER_CERT_FILE = 356, /* VAR_SERVER_CERT_FILE */ - VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */ - VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */ - VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */ - VAR_TCP_REUSE_TIMEOUT = 360, /* VAR_TCP_REUSE_TIMEOUT */ - VAR_MAX_REUSE_TCP_QUERIES = 361, /* VAR_MAX_REUSE_TCP_QUERIES */ - VAR_EXTENDED_STATISTICS = 362, /* VAR_EXTENDED_STATISTICS */ - VAR_LOCAL_DATA_PTR = 363, /* VAR_LOCAL_DATA_PTR */ - VAR_JOSTLE_TIMEOUT = 364, /* VAR_JOSTLE_TIMEOUT */ - VAR_STUB_PRIME = 365, /* VAR_STUB_PRIME */ - VAR_UNWANTED_REPLY_THRESHOLD = 366, /* VAR_UNWANTED_REPLY_THRESHOLD */ - VAR_LOG_TIME_ASCII = 367, /* VAR_LOG_TIME_ASCII */ - VAR_DOMAIN_INSECURE = 368, /* VAR_DOMAIN_INSECURE */ - VAR_PYTHON = 369, /* VAR_PYTHON */ - VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */ - VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */ - VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */ - VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */ - VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */ - VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */ - VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */ - VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */ - VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */ - VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */ - VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */ - VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */ - VAR_PREFETCH = 382, /* VAR_PREFETCH */ - VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */ - VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */ - VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */ - VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */ - VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */ - VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */ - VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */ - VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */ - VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */ - VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */ - VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ - VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */ - VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */ - VAR_SSL_PORT = 396, /* VAR_SSL_PORT */ - VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */ - VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */ - VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */ - VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */ - VAR_STUB_TCP_UPSTREAM = 401, /* VAR_STUB_TCP_UPSTREAM */ - VAR_FORWARD_TCP_UPSTREAM = 402, /* VAR_FORWARD_TCP_UPSTREAM */ - VAR_HTTPS_PORT = 403, /* VAR_HTTPS_PORT */ - VAR_HTTP_ENDPOINT = 404, /* VAR_HTTP_ENDPOINT */ - VAR_HTTP_MAX_STREAMS = 405, /* VAR_HTTP_MAX_STREAMS */ - VAR_HTTP_QUERY_BUFFER_SIZE = 406, /* VAR_HTTP_QUERY_BUFFER_SIZE */ - VAR_HTTP_RESPONSE_BUFFER_SIZE = 407, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ - VAR_HTTP_NODELAY = 408, /* VAR_HTTP_NODELAY */ - VAR_HTTP_NOTLS_DOWNSTREAM = 409, /* VAR_HTTP_NOTLS_DOWNSTREAM */ - VAR_STUB_FIRST = 410, /* VAR_STUB_FIRST */ - VAR_MINIMAL_RESPONSES = 411, /* VAR_MINIMAL_RESPONSES */ - VAR_RRSET_ROUNDROBIN = 412, /* VAR_RRSET_ROUNDROBIN */ - VAR_MAX_UDP_SIZE = 413, /* VAR_MAX_UDP_SIZE */ - VAR_DELAY_CLOSE = 414, /* VAR_DELAY_CLOSE */ - VAR_UDP_CONNECT = 415, /* VAR_UDP_CONNECT */ - VAR_UNBLOCK_LAN_ZONES = 416, /* VAR_UNBLOCK_LAN_ZONES */ - VAR_INSECURE_LAN_ZONES = 417, /* VAR_INSECURE_LAN_ZONES */ - VAR_INFRA_CACHE_MIN_RTT = 418, /* VAR_INFRA_CACHE_MIN_RTT */ - VAR_INFRA_CACHE_MAX_RTT = 419, /* VAR_INFRA_CACHE_MAX_RTT */ - VAR_INFRA_KEEP_PROBING = 420, /* VAR_INFRA_KEEP_PROBING */ - VAR_DNS64_PREFIX = 421, /* VAR_DNS64_PREFIX */ - VAR_DNS64_SYNTHALL = 422, /* VAR_DNS64_SYNTHALL */ - VAR_DNS64_IGNORE_AAAA = 423, /* VAR_DNS64_IGNORE_AAAA */ - VAR_DNSTAP = 424, /* VAR_DNSTAP */ - VAR_DNSTAP_ENABLE = 425, /* VAR_DNSTAP_ENABLE */ - VAR_DNSTAP_SOCKET_PATH = 426, /* VAR_DNSTAP_SOCKET_PATH */ - VAR_DNSTAP_IP = 427, /* VAR_DNSTAP_IP */ - VAR_DNSTAP_TLS = 428, /* VAR_DNSTAP_TLS */ - VAR_DNSTAP_TLS_SERVER_NAME = 429, /* VAR_DNSTAP_TLS_SERVER_NAME */ - VAR_DNSTAP_TLS_CERT_BUNDLE = 430, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 432, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ - VAR_DNSTAP_SEND_IDENTITY = 433, /* VAR_DNSTAP_SEND_IDENTITY */ - VAR_DNSTAP_SEND_VERSION = 434, /* VAR_DNSTAP_SEND_VERSION */ - VAR_DNSTAP_BIDIRECTIONAL = 435, /* VAR_DNSTAP_BIDIRECTIONAL */ - VAR_DNSTAP_IDENTITY = 436, /* VAR_DNSTAP_IDENTITY */ - VAR_DNSTAP_VERSION = 437, /* VAR_DNSTAP_VERSION */ - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 439, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 441, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 443, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ - VAR_RESPONSE_IP_TAG = 444, /* VAR_RESPONSE_IP_TAG */ - VAR_RESPONSE_IP = 445, /* VAR_RESPONSE_IP */ - VAR_RESPONSE_IP_DATA = 446, /* VAR_RESPONSE_IP_DATA */ - VAR_HARDEN_ALGO_DOWNGRADE = 447, /* VAR_HARDEN_ALGO_DOWNGRADE */ - VAR_IP_TRANSPARENT = 448, /* VAR_IP_TRANSPARENT */ - VAR_IP_DSCP = 449, /* VAR_IP_DSCP */ - VAR_DISABLE_DNSSEC_LAME_CHECK = 450, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ - VAR_IP_RATELIMIT = 451, /* VAR_IP_RATELIMIT */ - VAR_IP_RATELIMIT_SLABS = 452, /* VAR_IP_RATELIMIT_SLABS */ - VAR_IP_RATELIMIT_SIZE = 453, /* VAR_IP_RATELIMIT_SIZE */ - VAR_RATELIMIT = 454, /* VAR_RATELIMIT */ - VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */ - VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */ - VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */ - VAR_MAX_SENT_COUNT = 458, /* VAR_MAX_SENT_COUNT */ - VAR_MAX_QUERY_RESTARTS = 459, /* VAR_MAX_QUERY_RESTARTS */ - VAR_RATELIMIT_FOR_DOMAIN = 460, /* VAR_RATELIMIT_FOR_DOMAIN */ - VAR_RATELIMIT_BELOW_DOMAIN = 461, /* VAR_RATELIMIT_BELOW_DOMAIN */ - VAR_IP_RATELIMIT_FACTOR = 462, /* VAR_IP_RATELIMIT_FACTOR */ - VAR_RATELIMIT_FACTOR = 463, /* VAR_RATELIMIT_FACTOR */ - VAR_IP_RATELIMIT_BACKOFF = 464, /* VAR_IP_RATELIMIT_BACKOFF */ - VAR_RATELIMIT_BACKOFF = 465, /* VAR_RATELIMIT_BACKOFF */ - VAR_SEND_CLIENT_SUBNET = 466, /* VAR_SEND_CLIENT_SUBNET */ - VAR_CLIENT_SUBNET_ZONE = 467, /* VAR_CLIENT_SUBNET_ZONE */ - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 468, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - VAR_CLIENT_SUBNET_OPCODE = 469, /* VAR_CLIENT_SUBNET_OPCODE */ - VAR_MAX_CLIENT_SUBNET_IPV4 = 470, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - VAR_MAX_CLIENT_SUBNET_IPV6 = 471, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - VAR_MIN_CLIENT_SUBNET_IPV4 = 472, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - VAR_MIN_CLIENT_SUBNET_IPV6 = 473, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - VAR_MAX_ECS_TREE_SIZE_IPV4 = 474, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - VAR_MAX_ECS_TREE_SIZE_IPV6 = 475, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - VAR_CAPS_WHITELIST = 476, /* VAR_CAPS_WHITELIST */ - VAR_CACHE_MAX_NEGATIVE_TTL = 477, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - VAR_PERMIT_SMALL_HOLDDOWN = 478, /* VAR_PERMIT_SMALL_HOLDDOWN */ - VAR_QNAME_MINIMISATION = 479, /* VAR_QNAME_MINIMISATION */ - VAR_QNAME_MINIMISATION_STRICT = 480, /* VAR_QNAME_MINIMISATION_STRICT */ - VAR_IP_FREEBIND = 481, /* VAR_IP_FREEBIND */ - VAR_DEFINE_TAG = 482, /* VAR_DEFINE_TAG */ - VAR_LOCAL_ZONE_TAG = 483, /* VAR_LOCAL_ZONE_TAG */ - VAR_ACCESS_CONTROL_TAG = 484, /* VAR_ACCESS_CONTROL_TAG */ - VAR_LOCAL_ZONE_OVERRIDE = 485, /* VAR_LOCAL_ZONE_OVERRIDE */ - VAR_ACCESS_CONTROL_TAG_ACTION = 486, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - VAR_ACCESS_CONTROL_TAG_DATA = 487, /* VAR_ACCESS_CONTROL_TAG_DATA */ - VAR_VIEW = 488, /* VAR_VIEW */ - VAR_ACCESS_CONTROL_VIEW = 489, /* VAR_ACCESS_CONTROL_VIEW */ - VAR_VIEW_FIRST = 490, /* VAR_VIEW_FIRST */ - VAR_SERVE_EXPIRED = 491, /* VAR_SERVE_EXPIRED */ - VAR_SERVE_EXPIRED_TTL = 492, /* VAR_SERVE_EXPIRED_TTL */ - VAR_SERVE_EXPIRED_TTL_RESET = 493, /* VAR_SERVE_EXPIRED_TTL_RESET */ - VAR_SERVE_EXPIRED_REPLY_TTL = 494, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 495, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - VAR_EDE_SERVE_EXPIRED = 496, /* VAR_EDE_SERVE_EXPIRED */ - VAR_SERVE_ORIGINAL_TTL = 497, /* VAR_SERVE_ORIGINAL_TTL */ - VAR_FAKE_DSA = 498, /* VAR_FAKE_DSA */ - VAR_FAKE_SHA1 = 499, /* VAR_FAKE_SHA1 */ - VAR_LOG_IDENTITY = 500, /* VAR_LOG_IDENTITY */ - VAR_HIDE_TRUSTANCHOR = 501, /* VAR_HIDE_TRUSTANCHOR */ - VAR_HIDE_HTTP_USER_AGENT = 502, /* VAR_HIDE_HTTP_USER_AGENT */ - VAR_HTTP_USER_AGENT = 503, /* VAR_HTTP_USER_AGENT */ - VAR_TRUST_ANCHOR_SIGNALING = 504, /* VAR_TRUST_ANCHOR_SIGNALING */ - VAR_AGGRESSIVE_NSEC = 505, /* VAR_AGGRESSIVE_NSEC */ - VAR_USE_SYSTEMD = 506, /* VAR_USE_SYSTEMD */ - VAR_SHM_ENABLE = 507, /* VAR_SHM_ENABLE */ - VAR_SHM_KEY = 508, /* VAR_SHM_KEY */ - VAR_ROOT_KEY_SENTINEL = 509, /* VAR_ROOT_KEY_SENTINEL */ - VAR_DNSCRYPT = 510, /* VAR_DNSCRYPT */ - VAR_DNSCRYPT_ENABLE = 511, /* VAR_DNSCRYPT_ENABLE */ - VAR_DNSCRYPT_PORT = 512, /* VAR_DNSCRYPT_PORT */ - VAR_DNSCRYPT_PROVIDER = 513, /* VAR_DNSCRYPT_PROVIDER */ - VAR_DNSCRYPT_SECRET_KEY = 514, /* VAR_DNSCRYPT_SECRET_KEY */ - VAR_DNSCRYPT_PROVIDER_CERT = 515, /* VAR_DNSCRYPT_PROVIDER_CERT */ - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 516, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 517, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 518, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 519, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 520, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - VAR_PAD_RESPONSES = 521, /* VAR_PAD_RESPONSES */ - VAR_PAD_RESPONSES_BLOCK_SIZE = 522, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - VAR_PAD_QUERIES = 523, /* VAR_PAD_QUERIES */ - VAR_PAD_QUERIES_BLOCK_SIZE = 524, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - VAR_IPSECMOD_ENABLED = 525, /* VAR_IPSECMOD_ENABLED */ - VAR_IPSECMOD_HOOK = 526, /* VAR_IPSECMOD_HOOK */ - VAR_IPSECMOD_IGNORE_BOGUS = 527, /* VAR_IPSECMOD_IGNORE_BOGUS */ - VAR_IPSECMOD_MAX_TTL = 528, /* VAR_IPSECMOD_MAX_TTL */ - VAR_IPSECMOD_WHITELIST = 529, /* VAR_IPSECMOD_WHITELIST */ - VAR_IPSECMOD_STRICT = 530, /* VAR_IPSECMOD_STRICT */ - VAR_CACHEDB = 531, /* VAR_CACHEDB */ - VAR_CACHEDB_BACKEND = 532, /* VAR_CACHEDB_BACKEND */ - VAR_CACHEDB_SECRETSEED = 533, /* VAR_CACHEDB_SECRETSEED */ - VAR_CACHEDB_REDISHOST = 534, /* VAR_CACHEDB_REDISHOST */ - VAR_CACHEDB_REDISPORT = 535, /* VAR_CACHEDB_REDISPORT */ - VAR_CACHEDB_REDISTIMEOUT = 536, /* VAR_CACHEDB_REDISTIMEOUT */ - VAR_CACHEDB_REDISEXPIRERECORDS = 537, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 538, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - VAR_FOR_UPSTREAM = 539, /* VAR_FOR_UPSTREAM */ - VAR_AUTH_ZONE = 540, /* VAR_AUTH_ZONE */ - VAR_ZONEFILE = 541, /* VAR_ZONEFILE */ - VAR_MASTER = 542, /* VAR_MASTER */ - VAR_URL = 543, /* VAR_URL */ - VAR_FOR_DOWNSTREAM = 544, /* VAR_FOR_DOWNSTREAM */ - VAR_FALLBACK_ENABLED = 545, /* VAR_FALLBACK_ENABLED */ - VAR_TLS_ADDITIONAL_PORT = 546, /* VAR_TLS_ADDITIONAL_PORT */ - VAR_LOW_RTT = 547, /* VAR_LOW_RTT */ - VAR_LOW_RTT_PERMIL = 548, /* VAR_LOW_RTT_PERMIL */ - VAR_FAST_SERVER_PERMIL = 549, /* VAR_FAST_SERVER_PERMIL */ - VAR_FAST_SERVER_NUM = 550, /* VAR_FAST_SERVER_NUM */ - VAR_ALLOW_NOTIFY = 551, /* VAR_ALLOW_NOTIFY */ - VAR_TLS_WIN_CERT = 552, /* VAR_TLS_WIN_CERT */ - VAR_TCP_CONNECTION_LIMIT = 553, /* VAR_TCP_CONNECTION_LIMIT */ - VAR_FORWARD_NO_CACHE = 554, /* VAR_FORWARD_NO_CACHE */ - VAR_STUB_NO_CACHE = 555, /* VAR_STUB_NO_CACHE */ - VAR_LOG_SERVFAIL = 556, /* VAR_LOG_SERVFAIL */ - VAR_DENY_ANY = 557, /* VAR_DENY_ANY */ - VAR_UNKNOWN_SERVER_TIME_LIMIT = 558, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - VAR_LOG_TAG_QUERYREPLY = 559, /* VAR_LOG_TAG_QUERYREPLY */ - VAR_STREAM_WAIT_SIZE = 560, /* VAR_STREAM_WAIT_SIZE */ - VAR_TLS_CIPHERS = 561, /* VAR_TLS_CIPHERS */ - VAR_TLS_CIPHERSUITES = 562, /* VAR_TLS_CIPHERSUITES */ - VAR_TLS_USE_SNI = 563, /* VAR_TLS_USE_SNI */ - VAR_IPSET = 564, /* VAR_IPSET */ - VAR_IPSET_NAME_V4 = 565, /* VAR_IPSET_NAME_V4 */ - VAR_IPSET_NAME_V6 = 566, /* VAR_IPSET_NAME_V6 */ - VAR_TLS_SESSION_TICKET_KEYS = 567, /* VAR_TLS_SESSION_TICKET_KEYS */ - VAR_RPZ = 568, /* VAR_RPZ */ - VAR_TAGS = 569, /* VAR_TAGS */ - VAR_RPZ_ACTION_OVERRIDE = 570, /* VAR_RPZ_ACTION_OVERRIDE */ - VAR_RPZ_CNAME_OVERRIDE = 571, /* VAR_RPZ_CNAME_OVERRIDE */ - VAR_RPZ_LOG = 572, /* VAR_RPZ_LOG */ - VAR_RPZ_LOG_NAME = 573, /* VAR_RPZ_LOG_NAME */ - VAR_DYNLIB = 574, /* VAR_DYNLIB */ - VAR_DYNLIB_FILE = 575, /* VAR_DYNLIB_FILE */ - VAR_EDNS_CLIENT_STRING = 576, /* VAR_EDNS_CLIENT_STRING */ - VAR_EDNS_CLIENT_STRING_OPCODE = 577, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - VAR_NSID = 578, /* VAR_NSID */ - VAR_ZONEMD_PERMISSIVE_MODE = 579, /* VAR_ZONEMD_PERMISSIVE_MODE */ - VAR_ZONEMD_CHECK = 580, /* VAR_ZONEMD_CHECK */ - VAR_ZONEMD_REJECT_ABSENCE = 581, /* VAR_ZONEMD_REJECT_ABSENCE */ - VAR_RPZ_SIGNAL_NXDOMAIN_RA = 582, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ - VAR_INTERFACE_AUTOMATIC_PORTS = 583, /* VAR_INTERFACE_AUTOMATIC_PORTS */ - VAR_EDE = 584, /* VAR_EDE */ - VAR_INTERFACE_ACTION = 585, /* VAR_INTERFACE_ACTION */ - VAR_INTERFACE_VIEW = 586, /* VAR_INTERFACE_VIEW */ - VAR_INTERFACE_TAG = 587, /* VAR_INTERFACE_TAG */ - VAR_INTERFACE_TAG_ACTION = 588, /* VAR_INTERFACE_TAG_ACTION */ - VAR_INTERFACE_TAG_DATA = 589, /* VAR_INTERFACE_TAG_DATA */ - VAR_PROXY_PROTOCOL_PORT = 590, /* VAR_PROXY_PROTOCOL_PORT */ - VAR_STATISTICS_INHIBIT_ZERO = 591 /* VAR_STATISTICS_INHIBIT_ZERO */ + VAR_DO_NAT64 = 276, /* VAR_DO_NAT64 */ + VAR_PREFER_IP6 = 277, /* VAR_PREFER_IP6 */ + VAR_DO_UDP = 278, /* VAR_DO_UDP */ + VAR_DO_TCP = 279, /* VAR_DO_TCP */ + VAR_TCP_MSS = 280, /* VAR_TCP_MSS */ + VAR_OUTGOING_TCP_MSS = 281, /* VAR_OUTGOING_TCP_MSS */ + VAR_TCP_IDLE_TIMEOUT = 282, /* VAR_TCP_IDLE_TIMEOUT */ + VAR_EDNS_TCP_KEEPALIVE = 283, /* VAR_EDNS_TCP_KEEPALIVE */ + VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 284, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ + VAR_SOCK_QUEUE_TIMEOUT = 285, /* VAR_SOCK_QUEUE_TIMEOUT */ + VAR_CHROOT = 286, /* VAR_CHROOT */ + VAR_USERNAME = 287, /* VAR_USERNAME */ + VAR_DIRECTORY = 288, /* VAR_DIRECTORY */ + VAR_LOGFILE = 289, /* VAR_LOGFILE */ + VAR_PIDFILE = 290, /* VAR_PIDFILE */ + VAR_MSG_CACHE_SIZE = 291, /* VAR_MSG_CACHE_SIZE */ + VAR_MSG_CACHE_SLABS = 292, /* VAR_MSG_CACHE_SLABS */ + VAR_NUM_QUERIES_PER_THREAD = 293, /* VAR_NUM_QUERIES_PER_THREAD */ + VAR_RRSET_CACHE_SIZE = 294, /* VAR_RRSET_CACHE_SIZE */ + VAR_RRSET_CACHE_SLABS = 295, /* VAR_RRSET_CACHE_SLABS */ + VAR_OUTGOING_NUM_TCP = 296, /* VAR_OUTGOING_NUM_TCP */ + VAR_INFRA_HOST_TTL = 297, /* VAR_INFRA_HOST_TTL */ + VAR_INFRA_LAME_TTL = 298, /* VAR_INFRA_LAME_TTL */ + VAR_INFRA_CACHE_SLABS = 299, /* VAR_INFRA_CACHE_SLABS */ + VAR_INFRA_CACHE_NUMHOSTS = 300, /* VAR_INFRA_CACHE_NUMHOSTS */ + VAR_INFRA_CACHE_LAME_SIZE = 301, /* VAR_INFRA_CACHE_LAME_SIZE */ + VAR_NAME = 302, /* VAR_NAME */ + VAR_STUB_ZONE = 303, /* VAR_STUB_ZONE */ + VAR_STUB_HOST = 304, /* VAR_STUB_HOST */ + VAR_STUB_ADDR = 305, /* VAR_STUB_ADDR */ + VAR_TARGET_FETCH_POLICY = 306, /* VAR_TARGET_FETCH_POLICY */ + VAR_HARDEN_SHORT_BUFSIZE = 307, /* VAR_HARDEN_SHORT_BUFSIZE */ + VAR_HARDEN_LARGE_QUERIES = 308, /* VAR_HARDEN_LARGE_QUERIES */ + VAR_FORWARD_ZONE = 309, /* VAR_FORWARD_ZONE */ + VAR_FORWARD_HOST = 310, /* VAR_FORWARD_HOST */ + VAR_FORWARD_ADDR = 311, /* VAR_FORWARD_ADDR */ + VAR_DO_NOT_QUERY_ADDRESS = 312, /* VAR_DO_NOT_QUERY_ADDRESS */ + VAR_HIDE_IDENTITY = 313, /* VAR_HIDE_IDENTITY */ + VAR_HIDE_VERSION = 314, /* VAR_HIDE_VERSION */ + VAR_IDENTITY = 315, /* VAR_IDENTITY */ + VAR_VERSION = 316, /* VAR_VERSION */ + VAR_HARDEN_GLUE = 317, /* VAR_HARDEN_GLUE */ + VAR_MODULE_CONF = 318, /* VAR_MODULE_CONF */ + VAR_TRUST_ANCHOR_FILE = 319, /* VAR_TRUST_ANCHOR_FILE */ + VAR_TRUST_ANCHOR = 320, /* VAR_TRUST_ANCHOR */ + VAR_VAL_OVERRIDE_DATE = 321, /* VAR_VAL_OVERRIDE_DATE */ + VAR_BOGUS_TTL = 322, /* VAR_BOGUS_TTL */ + VAR_VAL_CLEAN_ADDITIONAL = 323, /* VAR_VAL_CLEAN_ADDITIONAL */ + VAR_VAL_PERMISSIVE_MODE = 324, /* VAR_VAL_PERMISSIVE_MODE */ + VAR_INCOMING_NUM_TCP = 325, /* VAR_INCOMING_NUM_TCP */ + VAR_MSG_BUFFER_SIZE = 326, /* VAR_MSG_BUFFER_SIZE */ + VAR_KEY_CACHE_SIZE = 327, /* VAR_KEY_CACHE_SIZE */ + VAR_KEY_CACHE_SLABS = 328, /* VAR_KEY_CACHE_SLABS */ + VAR_TRUSTED_KEYS_FILE = 329, /* VAR_TRUSTED_KEYS_FILE */ + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 330, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ + VAR_USE_SYSLOG = 331, /* VAR_USE_SYSLOG */ + VAR_OUTGOING_INTERFACE = 332, /* VAR_OUTGOING_INTERFACE */ + VAR_ROOT_HINTS = 333, /* VAR_ROOT_HINTS */ + VAR_DO_NOT_QUERY_LOCALHOST = 334, /* VAR_DO_NOT_QUERY_LOCALHOST */ + VAR_CACHE_MAX_TTL = 335, /* VAR_CACHE_MAX_TTL */ + VAR_HARDEN_DNSSEC_STRIPPED = 336, /* VAR_HARDEN_DNSSEC_STRIPPED */ + VAR_ACCESS_CONTROL = 337, /* VAR_ACCESS_CONTROL */ + VAR_LOCAL_ZONE = 338, /* VAR_LOCAL_ZONE */ + VAR_LOCAL_DATA = 339, /* VAR_LOCAL_DATA */ + VAR_INTERFACE_AUTOMATIC = 340, /* VAR_INTERFACE_AUTOMATIC */ + VAR_STATISTICS_INTERVAL = 341, /* VAR_STATISTICS_INTERVAL */ + VAR_DO_DAEMONIZE = 342, /* VAR_DO_DAEMONIZE */ + VAR_USE_CAPS_FOR_ID = 343, /* VAR_USE_CAPS_FOR_ID */ + VAR_STATISTICS_CUMULATIVE = 344, /* VAR_STATISTICS_CUMULATIVE */ + VAR_OUTGOING_PORT_PERMIT = 345, /* VAR_OUTGOING_PORT_PERMIT */ + VAR_OUTGOING_PORT_AVOID = 346, /* VAR_OUTGOING_PORT_AVOID */ + VAR_DLV_ANCHOR_FILE = 347, /* VAR_DLV_ANCHOR_FILE */ + VAR_DLV_ANCHOR = 348, /* VAR_DLV_ANCHOR */ + VAR_NEG_CACHE_SIZE = 349, /* VAR_NEG_CACHE_SIZE */ + VAR_HARDEN_REFERRAL_PATH = 350, /* VAR_HARDEN_REFERRAL_PATH */ + VAR_PRIVATE_ADDRESS = 351, /* VAR_PRIVATE_ADDRESS */ + VAR_PRIVATE_DOMAIN = 352, /* VAR_PRIVATE_DOMAIN */ + VAR_REMOTE_CONTROL = 353, /* VAR_REMOTE_CONTROL */ + VAR_CONTROL_ENABLE = 354, /* VAR_CONTROL_ENABLE */ + VAR_CONTROL_INTERFACE = 355, /* VAR_CONTROL_INTERFACE */ + VAR_CONTROL_PORT = 356, /* VAR_CONTROL_PORT */ + VAR_SERVER_KEY_FILE = 357, /* VAR_SERVER_KEY_FILE */ + VAR_SERVER_CERT_FILE = 358, /* VAR_SERVER_CERT_FILE */ + VAR_CONTROL_KEY_FILE = 359, /* VAR_CONTROL_KEY_FILE */ + VAR_CONTROL_CERT_FILE = 360, /* VAR_CONTROL_CERT_FILE */ + VAR_CONTROL_USE_CERT = 361, /* VAR_CONTROL_USE_CERT */ + VAR_TCP_REUSE_TIMEOUT = 362, /* VAR_TCP_REUSE_TIMEOUT */ + VAR_MAX_REUSE_TCP_QUERIES = 363, /* VAR_MAX_REUSE_TCP_QUERIES */ + VAR_EXTENDED_STATISTICS = 364, /* VAR_EXTENDED_STATISTICS */ + VAR_LOCAL_DATA_PTR = 365, /* VAR_LOCAL_DATA_PTR */ + VAR_JOSTLE_TIMEOUT = 366, /* VAR_JOSTLE_TIMEOUT */ + VAR_STUB_PRIME = 367, /* VAR_STUB_PRIME */ + VAR_UNWANTED_REPLY_THRESHOLD = 368, /* VAR_UNWANTED_REPLY_THRESHOLD */ + VAR_LOG_TIME_ASCII = 369, /* VAR_LOG_TIME_ASCII */ + VAR_DOMAIN_INSECURE = 370, /* VAR_DOMAIN_INSECURE */ + VAR_PYTHON = 371, /* VAR_PYTHON */ + VAR_PYTHON_SCRIPT = 372, /* VAR_PYTHON_SCRIPT */ + VAR_VAL_SIG_SKEW_MIN = 373, /* VAR_VAL_SIG_SKEW_MIN */ + VAR_VAL_SIG_SKEW_MAX = 374, /* VAR_VAL_SIG_SKEW_MAX */ + VAR_VAL_MAX_RESTART = 375, /* VAR_VAL_MAX_RESTART */ + VAR_CACHE_MIN_TTL = 376, /* VAR_CACHE_MIN_TTL */ + VAR_VAL_LOG_LEVEL = 377, /* VAR_VAL_LOG_LEVEL */ + VAR_AUTO_TRUST_ANCHOR_FILE = 378, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + VAR_KEEP_MISSING = 379, /* VAR_KEEP_MISSING */ + VAR_ADD_HOLDDOWN = 380, /* VAR_ADD_HOLDDOWN */ + VAR_DEL_HOLDDOWN = 381, /* VAR_DEL_HOLDDOWN */ + VAR_SO_RCVBUF = 382, /* VAR_SO_RCVBUF */ + VAR_EDNS_BUFFER_SIZE = 383, /* VAR_EDNS_BUFFER_SIZE */ + VAR_PREFETCH = 384, /* VAR_PREFETCH */ + VAR_PREFETCH_KEY = 385, /* VAR_PREFETCH_KEY */ + VAR_SO_SNDBUF = 386, /* VAR_SO_SNDBUF */ + VAR_SO_REUSEPORT = 387, /* VAR_SO_REUSEPORT */ + VAR_HARDEN_BELOW_NXDOMAIN = 388, /* VAR_HARDEN_BELOW_NXDOMAIN */ + VAR_IGNORE_CD_FLAG = 389, /* VAR_IGNORE_CD_FLAG */ + VAR_LOG_QUERIES = 390, /* VAR_LOG_QUERIES */ + VAR_LOG_REPLIES = 391, /* VAR_LOG_REPLIES */ + VAR_LOG_LOCAL_ACTIONS = 392, /* VAR_LOG_LOCAL_ACTIONS */ + VAR_TCP_UPSTREAM = 393, /* VAR_TCP_UPSTREAM */ + VAR_SSL_UPSTREAM = 394, /* VAR_SSL_UPSTREAM */ + VAR_TCP_AUTH_QUERY_TIMEOUT = 395, /* VAR_TCP_AUTH_QUERY_TIMEOUT */ + VAR_SSL_SERVICE_KEY = 396, /* VAR_SSL_SERVICE_KEY */ + VAR_SSL_SERVICE_PEM = 397, /* VAR_SSL_SERVICE_PEM */ + VAR_SSL_PORT = 398, /* VAR_SSL_PORT */ + VAR_FORWARD_FIRST = 399, /* VAR_FORWARD_FIRST */ + VAR_STUB_SSL_UPSTREAM = 400, /* VAR_STUB_SSL_UPSTREAM */ + VAR_FORWARD_SSL_UPSTREAM = 401, /* VAR_FORWARD_SSL_UPSTREAM */ + VAR_TLS_CERT_BUNDLE = 402, /* VAR_TLS_CERT_BUNDLE */ + VAR_STUB_TCP_UPSTREAM = 403, /* VAR_STUB_TCP_UPSTREAM */ + VAR_FORWARD_TCP_UPSTREAM = 404, /* VAR_FORWARD_TCP_UPSTREAM */ + VAR_HTTPS_PORT = 405, /* VAR_HTTPS_PORT */ + VAR_HTTP_ENDPOINT = 406, /* VAR_HTTP_ENDPOINT */ + VAR_HTTP_MAX_STREAMS = 407, /* VAR_HTTP_MAX_STREAMS */ + VAR_HTTP_QUERY_BUFFER_SIZE = 408, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + VAR_HTTP_RESPONSE_BUFFER_SIZE = 409, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + VAR_HTTP_NODELAY = 410, /* VAR_HTTP_NODELAY */ + VAR_HTTP_NOTLS_DOWNSTREAM = 411, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + VAR_STUB_FIRST = 412, /* VAR_STUB_FIRST */ + VAR_MINIMAL_RESPONSES = 413, /* VAR_MINIMAL_RESPONSES */ + VAR_RRSET_ROUNDROBIN = 414, /* VAR_RRSET_ROUNDROBIN */ + VAR_MAX_UDP_SIZE = 415, /* VAR_MAX_UDP_SIZE */ + VAR_DELAY_CLOSE = 416, /* VAR_DELAY_CLOSE */ + VAR_UDP_CONNECT = 417, /* VAR_UDP_CONNECT */ + VAR_UNBLOCK_LAN_ZONES = 418, /* VAR_UNBLOCK_LAN_ZONES */ + VAR_INSECURE_LAN_ZONES = 419, /* VAR_INSECURE_LAN_ZONES */ + VAR_INFRA_CACHE_MIN_RTT = 420, /* VAR_INFRA_CACHE_MIN_RTT */ + VAR_INFRA_CACHE_MAX_RTT = 421, /* VAR_INFRA_CACHE_MAX_RTT */ + VAR_INFRA_KEEP_PROBING = 422, /* VAR_INFRA_KEEP_PROBING */ + VAR_DNS64_PREFIX = 423, /* VAR_DNS64_PREFIX */ + VAR_DNS64_SYNTHALL = 424, /* VAR_DNS64_SYNTHALL */ + VAR_DNS64_IGNORE_AAAA = 425, /* VAR_DNS64_IGNORE_AAAA */ + VAR_NAT64_PREFIX = 426, /* VAR_NAT64_PREFIX */ + VAR_DNSTAP = 427, /* VAR_DNSTAP */ + VAR_DNSTAP_ENABLE = 428, /* VAR_DNSTAP_ENABLE */ + VAR_DNSTAP_SOCKET_PATH = 429, /* VAR_DNSTAP_SOCKET_PATH */ + VAR_DNSTAP_IP = 430, /* VAR_DNSTAP_IP */ + VAR_DNSTAP_TLS = 431, /* VAR_DNSTAP_TLS */ + VAR_DNSTAP_TLS_SERVER_NAME = 432, /* VAR_DNSTAP_TLS_SERVER_NAME */ + VAR_DNSTAP_TLS_CERT_BUNDLE = 433, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 434, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 435, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + VAR_DNSTAP_SEND_IDENTITY = 436, /* VAR_DNSTAP_SEND_IDENTITY */ + VAR_DNSTAP_SEND_VERSION = 437, /* VAR_DNSTAP_SEND_VERSION */ + VAR_DNSTAP_BIDIRECTIONAL = 438, /* VAR_DNSTAP_BIDIRECTIONAL */ + VAR_DNSTAP_IDENTITY = 439, /* VAR_DNSTAP_IDENTITY */ + VAR_DNSTAP_VERSION = 440, /* VAR_DNSTAP_VERSION */ + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 441, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 442, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 443, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 444, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 445, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 446, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + VAR_RESPONSE_IP_TAG = 447, /* VAR_RESPONSE_IP_TAG */ + VAR_RESPONSE_IP = 448, /* VAR_RESPONSE_IP */ + VAR_RESPONSE_IP_DATA = 449, /* VAR_RESPONSE_IP_DATA */ + VAR_HARDEN_ALGO_DOWNGRADE = 450, /* VAR_HARDEN_ALGO_DOWNGRADE */ + VAR_IP_TRANSPARENT = 451, /* VAR_IP_TRANSPARENT */ + VAR_IP_DSCP = 452, /* VAR_IP_DSCP */ + VAR_DISABLE_DNSSEC_LAME_CHECK = 453, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + VAR_IP_RATELIMIT = 454, /* VAR_IP_RATELIMIT */ + VAR_IP_RATELIMIT_SLABS = 455, /* VAR_IP_RATELIMIT_SLABS */ + VAR_IP_RATELIMIT_SIZE = 456, /* VAR_IP_RATELIMIT_SIZE */ + VAR_RATELIMIT = 457, /* VAR_RATELIMIT */ + VAR_RATELIMIT_SLABS = 458, /* VAR_RATELIMIT_SLABS */ + VAR_RATELIMIT_SIZE = 459, /* VAR_RATELIMIT_SIZE */ + VAR_OUTBOUND_MSG_RETRY = 460, /* VAR_OUTBOUND_MSG_RETRY */ + VAR_MAX_SENT_COUNT = 461, /* VAR_MAX_SENT_COUNT */ + VAR_MAX_QUERY_RESTARTS = 462, /* VAR_MAX_QUERY_RESTARTS */ + VAR_RATELIMIT_FOR_DOMAIN = 463, /* VAR_RATELIMIT_FOR_DOMAIN */ + VAR_RATELIMIT_BELOW_DOMAIN = 464, /* VAR_RATELIMIT_BELOW_DOMAIN */ + VAR_IP_RATELIMIT_FACTOR = 465, /* VAR_IP_RATELIMIT_FACTOR */ + VAR_RATELIMIT_FACTOR = 466, /* VAR_RATELIMIT_FACTOR */ + VAR_IP_RATELIMIT_BACKOFF = 467, /* VAR_IP_RATELIMIT_BACKOFF */ + VAR_RATELIMIT_BACKOFF = 468, /* VAR_RATELIMIT_BACKOFF */ + VAR_SEND_CLIENT_SUBNET = 469, /* VAR_SEND_CLIENT_SUBNET */ + VAR_CLIENT_SUBNET_ZONE = 470, /* VAR_CLIENT_SUBNET_ZONE */ + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 471, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + VAR_CLIENT_SUBNET_OPCODE = 472, /* VAR_CLIENT_SUBNET_OPCODE */ + VAR_MAX_CLIENT_SUBNET_IPV4 = 473, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + VAR_MAX_CLIENT_SUBNET_IPV6 = 474, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + VAR_MIN_CLIENT_SUBNET_IPV4 = 475, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + VAR_MIN_CLIENT_SUBNET_IPV6 = 476, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + VAR_MAX_ECS_TREE_SIZE_IPV4 = 477, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + VAR_MAX_ECS_TREE_SIZE_IPV6 = 478, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + VAR_CAPS_WHITELIST = 479, /* VAR_CAPS_WHITELIST */ + VAR_CACHE_MAX_NEGATIVE_TTL = 480, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + VAR_PERMIT_SMALL_HOLDDOWN = 481, /* VAR_PERMIT_SMALL_HOLDDOWN */ + VAR_QNAME_MINIMISATION = 482, /* VAR_QNAME_MINIMISATION */ + VAR_QNAME_MINIMISATION_STRICT = 483, /* VAR_QNAME_MINIMISATION_STRICT */ + VAR_IP_FREEBIND = 484, /* VAR_IP_FREEBIND */ + VAR_DEFINE_TAG = 485, /* VAR_DEFINE_TAG */ + VAR_LOCAL_ZONE_TAG = 486, /* VAR_LOCAL_ZONE_TAG */ + VAR_ACCESS_CONTROL_TAG = 487, /* VAR_ACCESS_CONTROL_TAG */ + VAR_LOCAL_ZONE_OVERRIDE = 488, /* VAR_LOCAL_ZONE_OVERRIDE */ + VAR_ACCESS_CONTROL_TAG_ACTION = 489, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + VAR_ACCESS_CONTROL_TAG_DATA = 490, /* VAR_ACCESS_CONTROL_TAG_DATA */ + VAR_VIEW = 491, /* VAR_VIEW */ + VAR_ACCESS_CONTROL_VIEW = 492, /* VAR_ACCESS_CONTROL_VIEW */ + VAR_VIEW_FIRST = 493, /* VAR_VIEW_FIRST */ + VAR_SERVE_EXPIRED = 494, /* VAR_SERVE_EXPIRED */ + VAR_SERVE_EXPIRED_TTL = 495, /* VAR_SERVE_EXPIRED_TTL */ + VAR_SERVE_EXPIRED_TTL_RESET = 496, /* VAR_SERVE_EXPIRED_TTL_RESET */ + VAR_SERVE_EXPIRED_REPLY_TTL = 497, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 498, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + VAR_EDE_SERVE_EXPIRED = 499, /* VAR_EDE_SERVE_EXPIRED */ + VAR_SERVE_ORIGINAL_TTL = 500, /* VAR_SERVE_ORIGINAL_TTL */ + VAR_FAKE_DSA = 501, /* VAR_FAKE_DSA */ + VAR_FAKE_SHA1 = 502, /* VAR_FAKE_SHA1 */ + VAR_LOG_IDENTITY = 503, /* VAR_LOG_IDENTITY */ + VAR_HIDE_TRUSTANCHOR = 504, /* VAR_HIDE_TRUSTANCHOR */ + VAR_HIDE_HTTP_USER_AGENT = 505, /* VAR_HIDE_HTTP_USER_AGENT */ + VAR_HTTP_USER_AGENT = 506, /* VAR_HTTP_USER_AGENT */ + VAR_TRUST_ANCHOR_SIGNALING = 507, /* VAR_TRUST_ANCHOR_SIGNALING */ + VAR_AGGRESSIVE_NSEC = 508, /* VAR_AGGRESSIVE_NSEC */ + VAR_USE_SYSTEMD = 509, /* VAR_USE_SYSTEMD */ + VAR_SHM_ENABLE = 510, /* VAR_SHM_ENABLE */ + VAR_SHM_KEY = 511, /* VAR_SHM_KEY */ + VAR_ROOT_KEY_SENTINEL = 512, /* VAR_ROOT_KEY_SENTINEL */ + VAR_DNSCRYPT = 513, /* VAR_DNSCRYPT */ + VAR_DNSCRYPT_ENABLE = 514, /* VAR_DNSCRYPT_ENABLE */ + VAR_DNSCRYPT_PORT = 515, /* VAR_DNSCRYPT_PORT */ + VAR_DNSCRYPT_PROVIDER = 516, /* VAR_DNSCRYPT_PROVIDER */ + VAR_DNSCRYPT_SECRET_KEY = 517, /* VAR_DNSCRYPT_SECRET_KEY */ + VAR_DNSCRYPT_PROVIDER_CERT = 518, /* VAR_DNSCRYPT_PROVIDER_CERT */ + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 519, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 520, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 521, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 522, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 523, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + VAR_PAD_RESPONSES = 524, /* VAR_PAD_RESPONSES */ + VAR_PAD_RESPONSES_BLOCK_SIZE = 525, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + VAR_PAD_QUERIES = 526, /* VAR_PAD_QUERIES */ + VAR_PAD_QUERIES_BLOCK_SIZE = 527, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + VAR_IPSECMOD_ENABLED = 528, /* VAR_IPSECMOD_ENABLED */ + VAR_IPSECMOD_HOOK = 529, /* VAR_IPSECMOD_HOOK */ + VAR_IPSECMOD_IGNORE_BOGUS = 530, /* VAR_IPSECMOD_IGNORE_BOGUS */ + VAR_IPSECMOD_MAX_TTL = 531, /* VAR_IPSECMOD_MAX_TTL */ + VAR_IPSECMOD_WHITELIST = 532, /* VAR_IPSECMOD_WHITELIST */ + VAR_IPSECMOD_STRICT = 533, /* VAR_IPSECMOD_STRICT */ + VAR_CACHEDB = 534, /* VAR_CACHEDB */ + VAR_CACHEDB_BACKEND = 535, /* VAR_CACHEDB_BACKEND */ + VAR_CACHEDB_SECRETSEED = 536, /* VAR_CACHEDB_SECRETSEED */ + VAR_CACHEDB_REDISHOST = 537, /* VAR_CACHEDB_REDISHOST */ + VAR_CACHEDB_REDISPORT = 538, /* VAR_CACHEDB_REDISPORT */ + VAR_CACHEDB_REDISTIMEOUT = 539, /* VAR_CACHEDB_REDISTIMEOUT */ + VAR_CACHEDB_REDISEXPIRERECORDS = 540, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + VAR_CACHEDB_REDISPATH = 541, /* VAR_CACHEDB_REDISPATH */ + VAR_CACHEDB_REDISPASSWORD = 542, /* VAR_CACHEDB_REDISPASSWORD */ + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 543, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + VAR_FOR_UPSTREAM = 544, /* VAR_FOR_UPSTREAM */ + VAR_AUTH_ZONE = 545, /* VAR_AUTH_ZONE */ + VAR_ZONEFILE = 546, /* VAR_ZONEFILE */ + VAR_MASTER = 547, /* VAR_MASTER */ + VAR_URL = 548, /* VAR_URL */ + VAR_FOR_DOWNSTREAM = 549, /* VAR_FOR_DOWNSTREAM */ + VAR_FALLBACK_ENABLED = 550, /* VAR_FALLBACK_ENABLED */ + VAR_TLS_ADDITIONAL_PORT = 551, /* VAR_TLS_ADDITIONAL_PORT */ + VAR_LOW_RTT = 552, /* VAR_LOW_RTT */ + VAR_LOW_RTT_PERMIL = 553, /* VAR_LOW_RTT_PERMIL */ + VAR_FAST_SERVER_PERMIL = 554, /* VAR_FAST_SERVER_PERMIL */ + VAR_FAST_SERVER_NUM = 555, /* VAR_FAST_SERVER_NUM */ + VAR_ALLOW_NOTIFY = 556, /* VAR_ALLOW_NOTIFY */ + VAR_TLS_WIN_CERT = 557, /* VAR_TLS_WIN_CERT */ + VAR_TCP_CONNECTION_LIMIT = 558, /* VAR_TCP_CONNECTION_LIMIT */ + VAR_ANSWER_COOKIE = 559, /* VAR_ANSWER_COOKIE */ + VAR_COOKIE_SECRET = 560, /* VAR_COOKIE_SECRET */ + VAR_IP_RATELIMIT_COOKIE = 561, /* VAR_IP_RATELIMIT_COOKIE */ + VAR_FORWARD_NO_CACHE = 562, /* VAR_FORWARD_NO_CACHE */ + VAR_STUB_NO_CACHE = 563, /* VAR_STUB_NO_CACHE */ + VAR_LOG_SERVFAIL = 564, /* VAR_LOG_SERVFAIL */ + VAR_DENY_ANY = 565, /* VAR_DENY_ANY */ + VAR_UNKNOWN_SERVER_TIME_LIMIT = 566, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + VAR_LOG_TAG_QUERYREPLY = 567, /* VAR_LOG_TAG_QUERYREPLY */ + VAR_STREAM_WAIT_SIZE = 568, /* VAR_STREAM_WAIT_SIZE */ + VAR_TLS_CIPHERS = 569, /* VAR_TLS_CIPHERS */ + VAR_TLS_CIPHERSUITES = 570, /* VAR_TLS_CIPHERSUITES */ + VAR_TLS_USE_SNI = 571, /* VAR_TLS_USE_SNI */ + VAR_IPSET = 572, /* VAR_IPSET */ + VAR_IPSET_NAME_V4 = 573, /* VAR_IPSET_NAME_V4 */ + VAR_IPSET_NAME_V6 = 574, /* VAR_IPSET_NAME_V6 */ + VAR_TLS_SESSION_TICKET_KEYS = 575, /* VAR_TLS_SESSION_TICKET_KEYS */ + VAR_RPZ = 576, /* VAR_RPZ */ + VAR_TAGS = 577, /* VAR_TAGS */ + VAR_RPZ_ACTION_OVERRIDE = 578, /* VAR_RPZ_ACTION_OVERRIDE */ + VAR_RPZ_CNAME_OVERRIDE = 579, /* VAR_RPZ_CNAME_OVERRIDE */ + VAR_RPZ_LOG = 580, /* VAR_RPZ_LOG */ + VAR_RPZ_LOG_NAME = 581, /* VAR_RPZ_LOG_NAME */ + VAR_DYNLIB = 582, /* VAR_DYNLIB */ + VAR_DYNLIB_FILE = 583, /* VAR_DYNLIB_FILE */ + VAR_EDNS_CLIENT_STRING = 584, /* VAR_EDNS_CLIENT_STRING */ + VAR_EDNS_CLIENT_STRING_OPCODE = 585, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + VAR_NSID = 586, /* VAR_NSID */ + VAR_ZONEMD_PERMISSIVE_MODE = 587, /* VAR_ZONEMD_PERMISSIVE_MODE */ + VAR_ZONEMD_CHECK = 588, /* VAR_ZONEMD_CHECK */ + VAR_ZONEMD_REJECT_ABSENCE = 589, /* VAR_ZONEMD_REJECT_ABSENCE */ + VAR_RPZ_SIGNAL_NXDOMAIN_RA = 590, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ + VAR_INTERFACE_AUTOMATIC_PORTS = 591, /* VAR_INTERFACE_AUTOMATIC_PORTS */ + VAR_EDE = 592, /* VAR_EDE */ + VAR_INTERFACE_ACTION = 593, /* VAR_INTERFACE_ACTION */ + VAR_INTERFACE_VIEW = 594, /* VAR_INTERFACE_VIEW */ + VAR_INTERFACE_TAG = 595, /* VAR_INTERFACE_TAG */ + VAR_INTERFACE_TAG_ACTION = 596, /* VAR_INTERFACE_TAG_ACTION */ + VAR_INTERFACE_TAG_DATA = 597, /* VAR_INTERFACE_TAG_DATA */ + VAR_PROXY_PROTOCOL_PORT = 598, /* VAR_PROXY_PROTOCOL_PORT */ + VAR_STATISTICS_INHIBIT_ZERO = 599, /* VAR_STATISTICS_INHIBIT_ZERO */ + VAR_HARDEN_UNKNOWN_ADDITIONAL = 600 /* VAR_HARDEN_UNKNOWN_ADDITIONAL */ }; typedef enum yytokentype yytoken_kind_t; #endif @@ -414,332 +423,341 @@ extern int yydebug; #define VAR_PREFER_IP4 273 #define VAR_DO_IP4 274 #define VAR_DO_IP6 275 -#define VAR_PREFER_IP6 276 -#define VAR_DO_UDP 277 -#define VAR_DO_TCP 278 -#define VAR_TCP_MSS 279 -#define VAR_OUTGOING_TCP_MSS 280 -#define VAR_TCP_IDLE_TIMEOUT 281 -#define VAR_EDNS_TCP_KEEPALIVE 282 -#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 283 -#define VAR_CHROOT 284 -#define VAR_USERNAME 285 -#define VAR_DIRECTORY 286 -#define VAR_LOGFILE 287 -#define VAR_PIDFILE 288 -#define VAR_MSG_CACHE_SIZE 289 -#define VAR_MSG_CACHE_SLABS 290 -#define VAR_NUM_QUERIES_PER_THREAD 291 -#define VAR_RRSET_CACHE_SIZE 292 -#define VAR_RRSET_CACHE_SLABS 293 -#define VAR_OUTGOING_NUM_TCP 294 -#define VAR_INFRA_HOST_TTL 295 -#define VAR_INFRA_LAME_TTL 296 -#define VAR_INFRA_CACHE_SLABS 297 -#define VAR_INFRA_CACHE_NUMHOSTS 298 -#define VAR_INFRA_CACHE_LAME_SIZE 299 -#define VAR_NAME 300 -#define VAR_STUB_ZONE 301 -#define VAR_STUB_HOST 302 -#define VAR_STUB_ADDR 303 -#define VAR_TARGET_FETCH_POLICY 304 -#define VAR_HARDEN_SHORT_BUFSIZE 305 -#define VAR_HARDEN_LARGE_QUERIES 306 -#define VAR_FORWARD_ZONE 307 -#define VAR_FORWARD_HOST 308 -#define VAR_FORWARD_ADDR 309 -#define VAR_DO_NOT_QUERY_ADDRESS 310 -#define VAR_HIDE_IDENTITY 311 -#define VAR_HIDE_VERSION 312 -#define VAR_IDENTITY 313 -#define VAR_VERSION 314 -#define VAR_HARDEN_GLUE 315 -#define VAR_MODULE_CONF 316 -#define VAR_TRUST_ANCHOR_FILE 317 -#define VAR_TRUST_ANCHOR 318 -#define VAR_VAL_OVERRIDE_DATE 319 -#define VAR_BOGUS_TTL 320 -#define VAR_VAL_CLEAN_ADDITIONAL 321 -#define VAR_VAL_PERMISSIVE_MODE 322 -#define VAR_INCOMING_NUM_TCP 323 -#define VAR_MSG_BUFFER_SIZE 324 -#define VAR_KEY_CACHE_SIZE 325 -#define VAR_KEY_CACHE_SLABS 326 -#define VAR_TRUSTED_KEYS_FILE 327 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 328 -#define VAR_USE_SYSLOG 329 -#define VAR_OUTGOING_INTERFACE 330 -#define VAR_ROOT_HINTS 331 -#define VAR_DO_NOT_QUERY_LOCALHOST 332 -#define VAR_CACHE_MAX_TTL 333 -#define VAR_HARDEN_DNSSEC_STRIPPED 334 -#define VAR_ACCESS_CONTROL 335 -#define VAR_LOCAL_ZONE 336 -#define VAR_LOCAL_DATA 337 -#define VAR_INTERFACE_AUTOMATIC 338 -#define VAR_STATISTICS_INTERVAL 339 -#define VAR_DO_DAEMONIZE 340 -#define VAR_USE_CAPS_FOR_ID 341 -#define VAR_STATISTICS_CUMULATIVE 342 -#define VAR_OUTGOING_PORT_PERMIT 343 -#define VAR_OUTGOING_PORT_AVOID 344 -#define VAR_DLV_ANCHOR_FILE 345 -#define VAR_DLV_ANCHOR 346 -#define VAR_NEG_CACHE_SIZE 347 -#define VAR_HARDEN_REFERRAL_PATH 348 -#define VAR_PRIVATE_ADDRESS 349 -#define VAR_PRIVATE_DOMAIN 350 -#define VAR_REMOTE_CONTROL 351 -#define VAR_CONTROL_ENABLE 352 -#define VAR_CONTROL_INTERFACE 353 -#define VAR_CONTROL_PORT 354 -#define VAR_SERVER_KEY_FILE 355 -#define VAR_SERVER_CERT_FILE 356 -#define VAR_CONTROL_KEY_FILE 357 -#define VAR_CONTROL_CERT_FILE 358 -#define VAR_CONTROL_USE_CERT 359 -#define VAR_TCP_REUSE_TIMEOUT 360 -#define VAR_MAX_REUSE_TCP_QUERIES 361 -#define VAR_EXTENDED_STATISTICS 362 -#define VAR_LOCAL_DATA_PTR 363 -#define VAR_JOSTLE_TIMEOUT 364 -#define VAR_STUB_PRIME 365 -#define VAR_UNWANTED_REPLY_THRESHOLD 366 -#define VAR_LOG_TIME_ASCII 367 -#define VAR_DOMAIN_INSECURE 368 -#define VAR_PYTHON 369 -#define VAR_PYTHON_SCRIPT 370 -#define VAR_VAL_SIG_SKEW_MIN 371 -#define VAR_VAL_SIG_SKEW_MAX 372 -#define VAR_VAL_MAX_RESTART 373 -#define VAR_CACHE_MIN_TTL 374 -#define VAR_VAL_LOG_LEVEL 375 -#define VAR_AUTO_TRUST_ANCHOR_FILE 376 -#define VAR_KEEP_MISSING 377 -#define VAR_ADD_HOLDDOWN 378 -#define VAR_DEL_HOLDDOWN 379 -#define VAR_SO_RCVBUF 380 -#define VAR_EDNS_BUFFER_SIZE 381 -#define VAR_PREFETCH 382 -#define VAR_PREFETCH_KEY 383 -#define VAR_SO_SNDBUF 384 -#define VAR_SO_REUSEPORT 385 -#define VAR_HARDEN_BELOW_NXDOMAIN 386 -#define VAR_IGNORE_CD_FLAG 387 -#define VAR_LOG_QUERIES 388 -#define VAR_LOG_REPLIES 389 -#define VAR_LOG_LOCAL_ACTIONS 390 -#define VAR_TCP_UPSTREAM 391 -#define VAR_SSL_UPSTREAM 392 -#define VAR_TCP_AUTH_QUERY_TIMEOUT 393 -#define VAR_SSL_SERVICE_KEY 394 -#define VAR_SSL_SERVICE_PEM 395 -#define VAR_SSL_PORT 396 -#define VAR_FORWARD_FIRST 397 -#define VAR_STUB_SSL_UPSTREAM 398 -#define VAR_FORWARD_SSL_UPSTREAM 399 -#define VAR_TLS_CERT_BUNDLE 400 -#define VAR_STUB_TCP_UPSTREAM 401 -#define VAR_FORWARD_TCP_UPSTREAM 402 -#define VAR_HTTPS_PORT 403 -#define VAR_HTTP_ENDPOINT 404 -#define VAR_HTTP_MAX_STREAMS 405 -#define VAR_HTTP_QUERY_BUFFER_SIZE 406 -#define VAR_HTTP_RESPONSE_BUFFER_SIZE 407 -#define VAR_HTTP_NODELAY 408 -#define VAR_HTTP_NOTLS_DOWNSTREAM 409 -#define VAR_STUB_FIRST 410 -#define VAR_MINIMAL_RESPONSES 411 -#define VAR_RRSET_ROUNDROBIN 412 -#define VAR_MAX_UDP_SIZE 413 -#define VAR_DELAY_CLOSE 414 -#define VAR_UDP_CONNECT 415 -#define VAR_UNBLOCK_LAN_ZONES 416 -#define VAR_INSECURE_LAN_ZONES 417 -#define VAR_INFRA_CACHE_MIN_RTT 418 -#define VAR_INFRA_CACHE_MAX_RTT 419 -#define VAR_INFRA_KEEP_PROBING 420 -#define VAR_DNS64_PREFIX 421 -#define VAR_DNS64_SYNTHALL 422 -#define VAR_DNS64_IGNORE_AAAA 423 -#define VAR_DNSTAP 424 -#define VAR_DNSTAP_ENABLE 425 -#define VAR_DNSTAP_SOCKET_PATH 426 -#define VAR_DNSTAP_IP 427 -#define VAR_DNSTAP_TLS 428 -#define VAR_DNSTAP_TLS_SERVER_NAME 429 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 430 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 431 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 432 -#define VAR_DNSTAP_SEND_IDENTITY 433 -#define VAR_DNSTAP_SEND_VERSION 434 -#define VAR_DNSTAP_BIDIRECTIONAL 435 -#define VAR_DNSTAP_IDENTITY 436 -#define VAR_DNSTAP_VERSION 437 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 438 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 439 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 440 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 441 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 442 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 443 -#define VAR_RESPONSE_IP_TAG 444 -#define VAR_RESPONSE_IP 445 -#define VAR_RESPONSE_IP_DATA 446 -#define VAR_HARDEN_ALGO_DOWNGRADE 447 -#define VAR_IP_TRANSPARENT 448 -#define VAR_IP_DSCP 449 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 450 -#define VAR_IP_RATELIMIT 451 -#define VAR_IP_RATELIMIT_SLABS 452 -#define VAR_IP_RATELIMIT_SIZE 453 -#define VAR_RATELIMIT 454 -#define VAR_RATELIMIT_SLABS 455 -#define VAR_RATELIMIT_SIZE 456 -#define VAR_OUTBOUND_MSG_RETRY 457 -#define VAR_MAX_SENT_COUNT 458 -#define VAR_MAX_QUERY_RESTARTS 459 -#define VAR_RATELIMIT_FOR_DOMAIN 460 -#define VAR_RATELIMIT_BELOW_DOMAIN 461 -#define VAR_IP_RATELIMIT_FACTOR 462 -#define VAR_RATELIMIT_FACTOR 463 -#define VAR_IP_RATELIMIT_BACKOFF 464 -#define VAR_RATELIMIT_BACKOFF 465 -#define VAR_SEND_CLIENT_SUBNET 466 -#define VAR_CLIENT_SUBNET_ZONE 467 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 468 -#define VAR_CLIENT_SUBNET_OPCODE 469 -#define VAR_MAX_CLIENT_SUBNET_IPV4 470 -#define VAR_MAX_CLIENT_SUBNET_IPV6 471 -#define VAR_MIN_CLIENT_SUBNET_IPV4 472 -#define VAR_MIN_CLIENT_SUBNET_IPV6 473 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 474 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 475 -#define VAR_CAPS_WHITELIST 476 -#define VAR_CACHE_MAX_NEGATIVE_TTL 477 -#define VAR_PERMIT_SMALL_HOLDDOWN 478 -#define VAR_QNAME_MINIMISATION 479 -#define VAR_QNAME_MINIMISATION_STRICT 480 -#define VAR_IP_FREEBIND 481 -#define VAR_DEFINE_TAG 482 -#define VAR_LOCAL_ZONE_TAG 483 -#define VAR_ACCESS_CONTROL_TAG 484 -#define VAR_LOCAL_ZONE_OVERRIDE 485 -#define VAR_ACCESS_CONTROL_TAG_ACTION 486 -#define VAR_ACCESS_CONTROL_TAG_DATA 487 -#define VAR_VIEW 488 -#define VAR_ACCESS_CONTROL_VIEW 489 -#define VAR_VIEW_FIRST 490 -#define VAR_SERVE_EXPIRED 491 -#define VAR_SERVE_EXPIRED_TTL 492 -#define VAR_SERVE_EXPIRED_TTL_RESET 493 -#define VAR_SERVE_EXPIRED_REPLY_TTL 494 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 495 -#define VAR_EDE_SERVE_EXPIRED 496 -#define VAR_SERVE_ORIGINAL_TTL 497 -#define VAR_FAKE_DSA 498 -#define VAR_FAKE_SHA1 499 -#define VAR_LOG_IDENTITY 500 -#define VAR_HIDE_TRUSTANCHOR 501 -#define VAR_HIDE_HTTP_USER_AGENT 502 -#define VAR_HTTP_USER_AGENT 503 -#define VAR_TRUST_ANCHOR_SIGNALING 504 -#define VAR_AGGRESSIVE_NSEC 505 -#define VAR_USE_SYSTEMD 506 -#define VAR_SHM_ENABLE 507 -#define VAR_SHM_KEY 508 -#define VAR_ROOT_KEY_SENTINEL 509 -#define VAR_DNSCRYPT 510 -#define VAR_DNSCRYPT_ENABLE 511 -#define VAR_DNSCRYPT_PORT 512 -#define VAR_DNSCRYPT_PROVIDER 513 -#define VAR_DNSCRYPT_SECRET_KEY 514 -#define VAR_DNSCRYPT_PROVIDER_CERT 515 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 516 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 517 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 518 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 519 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 520 -#define VAR_PAD_RESPONSES 521 -#define VAR_PAD_RESPONSES_BLOCK_SIZE 522 -#define VAR_PAD_QUERIES 523 -#define VAR_PAD_QUERIES_BLOCK_SIZE 524 -#define VAR_IPSECMOD_ENABLED 525 -#define VAR_IPSECMOD_HOOK 526 -#define VAR_IPSECMOD_IGNORE_BOGUS 527 -#define VAR_IPSECMOD_MAX_TTL 528 -#define VAR_IPSECMOD_WHITELIST 529 -#define VAR_IPSECMOD_STRICT 530 -#define VAR_CACHEDB 531 -#define VAR_CACHEDB_BACKEND 532 -#define VAR_CACHEDB_SECRETSEED 533 -#define VAR_CACHEDB_REDISHOST 534 -#define VAR_CACHEDB_REDISPORT 535 -#define VAR_CACHEDB_REDISTIMEOUT 536 -#define VAR_CACHEDB_REDISEXPIRERECORDS 537 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 538 -#define VAR_FOR_UPSTREAM 539 -#define VAR_AUTH_ZONE 540 -#define VAR_ZONEFILE 541 -#define VAR_MASTER 542 -#define VAR_URL 543 -#define VAR_FOR_DOWNSTREAM 544 -#define VAR_FALLBACK_ENABLED 545 -#define VAR_TLS_ADDITIONAL_PORT 546 -#define VAR_LOW_RTT 547 -#define VAR_LOW_RTT_PERMIL 548 -#define VAR_FAST_SERVER_PERMIL 549 -#define VAR_FAST_SERVER_NUM 550 -#define VAR_ALLOW_NOTIFY 551 -#define VAR_TLS_WIN_CERT 552 -#define VAR_TCP_CONNECTION_LIMIT 553 -#define VAR_FORWARD_NO_CACHE 554 -#define VAR_STUB_NO_CACHE 555 -#define VAR_LOG_SERVFAIL 556 -#define VAR_DENY_ANY 557 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 558 -#define VAR_LOG_TAG_QUERYREPLY 559 -#define VAR_STREAM_WAIT_SIZE 560 -#define VAR_TLS_CIPHERS 561 -#define VAR_TLS_CIPHERSUITES 562 -#define VAR_TLS_USE_SNI 563 -#define VAR_IPSET 564 -#define VAR_IPSET_NAME_V4 565 -#define VAR_IPSET_NAME_V6 566 -#define VAR_TLS_SESSION_TICKET_KEYS 567 -#define VAR_RPZ 568 -#define VAR_TAGS 569 -#define VAR_RPZ_ACTION_OVERRIDE 570 -#define VAR_RPZ_CNAME_OVERRIDE 571 -#define VAR_RPZ_LOG 572 -#define VAR_RPZ_LOG_NAME 573 -#define VAR_DYNLIB 574 -#define VAR_DYNLIB_FILE 575 -#define VAR_EDNS_CLIENT_STRING 576 -#define VAR_EDNS_CLIENT_STRING_OPCODE 577 -#define VAR_NSID 578 -#define VAR_ZONEMD_PERMISSIVE_MODE 579 -#define VAR_ZONEMD_CHECK 580 -#define VAR_ZONEMD_REJECT_ABSENCE 581 -#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 582 -#define VAR_INTERFACE_AUTOMATIC_PORTS 583 -#define VAR_EDE 584 -#define VAR_INTERFACE_ACTION 585 -#define VAR_INTERFACE_VIEW 586 -#define VAR_INTERFACE_TAG 587 -#define VAR_INTERFACE_TAG_ACTION 588 -#define VAR_INTERFACE_TAG_DATA 589 -#define VAR_PROXY_PROTOCOL_PORT 590 -#define VAR_STATISTICS_INHIBIT_ZERO 591 +#define VAR_DO_NAT64 276 +#define VAR_PREFER_IP6 277 +#define VAR_DO_UDP 278 +#define VAR_DO_TCP 279 +#define VAR_TCP_MSS 280 +#define VAR_OUTGOING_TCP_MSS 281 +#define VAR_TCP_IDLE_TIMEOUT 282 +#define VAR_EDNS_TCP_KEEPALIVE 283 +#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 284 +#define VAR_SOCK_QUEUE_TIMEOUT 285 +#define VAR_CHROOT 286 +#define VAR_USERNAME 287 +#define VAR_DIRECTORY 288 +#define VAR_LOGFILE 289 +#define VAR_PIDFILE 290 +#define VAR_MSG_CACHE_SIZE 291 +#define VAR_MSG_CACHE_SLABS 292 +#define VAR_NUM_QUERIES_PER_THREAD 293 +#define VAR_RRSET_CACHE_SIZE 294 +#define VAR_RRSET_CACHE_SLABS 295 +#define VAR_OUTGOING_NUM_TCP 296 +#define VAR_INFRA_HOST_TTL 297 +#define VAR_INFRA_LAME_TTL 298 +#define VAR_INFRA_CACHE_SLABS 299 +#define VAR_INFRA_CACHE_NUMHOSTS 300 +#define VAR_INFRA_CACHE_LAME_SIZE 301 +#define VAR_NAME 302 +#define VAR_STUB_ZONE 303 +#define VAR_STUB_HOST 304 +#define VAR_STUB_ADDR 305 +#define VAR_TARGET_FETCH_POLICY 306 +#define VAR_HARDEN_SHORT_BUFSIZE 307 +#define VAR_HARDEN_LARGE_QUERIES 308 +#define VAR_FORWARD_ZONE 309 +#define VAR_FORWARD_HOST 310 +#define VAR_FORWARD_ADDR 311 +#define VAR_DO_NOT_QUERY_ADDRESS 312 +#define VAR_HIDE_IDENTITY 313 +#define VAR_HIDE_VERSION 314 +#define VAR_IDENTITY 315 +#define VAR_VERSION 316 +#define VAR_HARDEN_GLUE 317 +#define VAR_MODULE_CONF 318 +#define VAR_TRUST_ANCHOR_FILE 319 +#define VAR_TRUST_ANCHOR 320 +#define VAR_VAL_OVERRIDE_DATE 321 +#define VAR_BOGUS_TTL 322 +#define VAR_VAL_CLEAN_ADDITIONAL 323 +#define VAR_VAL_PERMISSIVE_MODE 324 +#define VAR_INCOMING_NUM_TCP 325 +#define VAR_MSG_BUFFER_SIZE 326 +#define VAR_KEY_CACHE_SIZE 327 +#define VAR_KEY_CACHE_SLABS 328 +#define VAR_TRUSTED_KEYS_FILE 329 +#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 330 +#define VAR_USE_SYSLOG 331 +#define VAR_OUTGOING_INTERFACE 332 +#define VAR_ROOT_HINTS 333 +#define VAR_DO_NOT_QUERY_LOCALHOST 334 +#define VAR_CACHE_MAX_TTL 335 +#define VAR_HARDEN_DNSSEC_STRIPPED 336 +#define VAR_ACCESS_CONTROL 337 +#define VAR_LOCAL_ZONE 338 +#define VAR_LOCAL_DATA 339 +#define VAR_INTERFACE_AUTOMATIC 340 +#define VAR_STATISTICS_INTERVAL 341 +#define VAR_DO_DAEMONIZE 342 +#define VAR_USE_CAPS_FOR_ID 343 +#define VAR_STATISTICS_CUMULATIVE 344 +#define VAR_OUTGOING_PORT_PERMIT 345 +#define VAR_OUTGOING_PORT_AVOID 346 +#define VAR_DLV_ANCHOR_FILE 347 +#define VAR_DLV_ANCHOR 348 +#define VAR_NEG_CACHE_SIZE 349 +#define VAR_HARDEN_REFERRAL_PATH 350 +#define VAR_PRIVATE_ADDRESS 351 +#define VAR_PRIVATE_DOMAIN 352 +#define VAR_REMOTE_CONTROL 353 +#define VAR_CONTROL_ENABLE 354 +#define VAR_CONTROL_INTERFACE 355 +#define VAR_CONTROL_PORT 356 +#define VAR_SERVER_KEY_FILE 357 +#define VAR_SERVER_CERT_FILE 358 +#define VAR_CONTROL_KEY_FILE 359 +#define VAR_CONTROL_CERT_FILE 360 +#define VAR_CONTROL_USE_CERT 361 +#define VAR_TCP_REUSE_TIMEOUT 362 +#define VAR_MAX_REUSE_TCP_QUERIES 363 +#define VAR_EXTENDED_STATISTICS 364 +#define VAR_LOCAL_DATA_PTR 365 +#define VAR_JOSTLE_TIMEOUT 366 +#define VAR_STUB_PRIME 367 +#define VAR_UNWANTED_REPLY_THRESHOLD 368 +#define VAR_LOG_TIME_ASCII 369 +#define VAR_DOMAIN_INSECURE 370 +#define VAR_PYTHON 371 +#define VAR_PYTHON_SCRIPT 372 +#define VAR_VAL_SIG_SKEW_MIN 373 +#define VAR_VAL_SIG_SKEW_MAX 374 +#define VAR_VAL_MAX_RESTART 375 +#define VAR_CACHE_MIN_TTL 376 +#define VAR_VAL_LOG_LEVEL 377 +#define VAR_AUTO_TRUST_ANCHOR_FILE 378 +#define VAR_KEEP_MISSING 379 +#define VAR_ADD_HOLDDOWN 380 +#define VAR_DEL_HOLDDOWN 381 +#define VAR_SO_RCVBUF 382 +#define VAR_EDNS_BUFFER_SIZE 383 +#define VAR_PREFETCH 384 +#define VAR_PREFETCH_KEY 385 +#define VAR_SO_SNDBUF 386 +#define VAR_SO_REUSEPORT 387 +#define VAR_HARDEN_BELOW_NXDOMAIN 388 +#define VAR_IGNORE_CD_FLAG 389 +#define VAR_LOG_QUERIES 390 +#define VAR_LOG_REPLIES 391 +#define VAR_LOG_LOCAL_ACTIONS 392 +#define VAR_TCP_UPSTREAM 393 +#define VAR_SSL_UPSTREAM 394 +#define VAR_TCP_AUTH_QUERY_TIMEOUT 395 +#define VAR_SSL_SERVICE_KEY 396 +#define VAR_SSL_SERVICE_PEM 397 +#define VAR_SSL_PORT 398 +#define VAR_FORWARD_FIRST 399 +#define VAR_STUB_SSL_UPSTREAM 400 +#define VAR_FORWARD_SSL_UPSTREAM 401 +#define VAR_TLS_CERT_BUNDLE 402 +#define VAR_STUB_TCP_UPSTREAM 403 +#define VAR_FORWARD_TCP_UPSTREAM 404 +#define VAR_HTTPS_PORT 405 +#define VAR_HTTP_ENDPOINT 406 +#define VAR_HTTP_MAX_STREAMS 407 +#define VAR_HTTP_QUERY_BUFFER_SIZE 408 +#define VAR_HTTP_RESPONSE_BUFFER_SIZE 409 +#define VAR_HTTP_NODELAY 410 +#define VAR_HTTP_NOTLS_DOWNSTREAM 411 +#define VAR_STUB_FIRST 412 +#define VAR_MINIMAL_RESPONSES 413 +#define VAR_RRSET_ROUNDROBIN 414 +#define VAR_MAX_UDP_SIZE 415 +#define VAR_DELAY_CLOSE 416 +#define VAR_UDP_CONNECT 417 +#define VAR_UNBLOCK_LAN_ZONES 418 +#define VAR_INSECURE_LAN_ZONES 419 +#define VAR_INFRA_CACHE_MIN_RTT 420 +#define VAR_INFRA_CACHE_MAX_RTT 421 +#define VAR_INFRA_KEEP_PROBING 422 +#define VAR_DNS64_PREFIX 423 +#define VAR_DNS64_SYNTHALL 424 +#define VAR_DNS64_IGNORE_AAAA 425 +#define VAR_NAT64_PREFIX 426 +#define VAR_DNSTAP 427 +#define VAR_DNSTAP_ENABLE 428 +#define VAR_DNSTAP_SOCKET_PATH 429 +#define VAR_DNSTAP_IP 430 +#define VAR_DNSTAP_TLS 431 +#define VAR_DNSTAP_TLS_SERVER_NAME 432 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 433 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 434 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 435 +#define VAR_DNSTAP_SEND_IDENTITY 436 +#define VAR_DNSTAP_SEND_VERSION 437 +#define VAR_DNSTAP_BIDIRECTIONAL 438 +#define VAR_DNSTAP_IDENTITY 439 +#define VAR_DNSTAP_VERSION 440 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 441 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 442 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 443 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 444 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 445 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 446 +#define VAR_RESPONSE_IP_TAG 447 +#define VAR_RESPONSE_IP 448 +#define VAR_RESPONSE_IP_DATA 449 +#define VAR_HARDEN_ALGO_DOWNGRADE 450 +#define VAR_IP_TRANSPARENT 451 +#define VAR_IP_DSCP 452 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 453 +#define VAR_IP_RATELIMIT 454 +#define VAR_IP_RATELIMIT_SLABS 455 +#define VAR_IP_RATELIMIT_SIZE 456 +#define VAR_RATELIMIT 457 +#define VAR_RATELIMIT_SLABS 458 +#define VAR_RATELIMIT_SIZE 459 +#define VAR_OUTBOUND_MSG_RETRY 460 +#define VAR_MAX_SENT_COUNT 461 +#define VAR_MAX_QUERY_RESTARTS 462 +#define VAR_RATELIMIT_FOR_DOMAIN 463 +#define VAR_RATELIMIT_BELOW_DOMAIN 464 +#define VAR_IP_RATELIMIT_FACTOR 465 +#define VAR_RATELIMIT_FACTOR 466 +#define VAR_IP_RATELIMIT_BACKOFF 467 +#define VAR_RATELIMIT_BACKOFF 468 +#define VAR_SEND_CLIENT_SUBNET 469 +#define VAR_CLIENT_SUBNET_ZONE 470 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 471 +#define VAR_CLIENT_SUBNET_OPCODE 472 +#define VAR_MAX_CLIENT_SUBNET_IPV4 473 +#define VAR_MAX_CLIENT_SUBNET_IPV6 474 +#define VAR_MIN_CLIENT_SUBNET_IPV4 475 +#define VAR_MIN_CLIENT_SUBNET_IPV6 476 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 477 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 478 +#define VAR_CAPS_WHITELIST 479 +#define VAR_CACHE_MAX_NEGATIVE_TTL 480 +#define VAR_PERMIT_SMALL_HOLDDOWN 481 +#define VAR_QNAME_MINIMISATION 482 +#define VAR_QNAME_MINIMISATION_STRICT 483 +#define VAR_IP_FREEBIND 484 +#define VAR_DEFINE_TAG 485 +#define VAR_LOCAL_ZONE_TAG 486 +#define VAR_ACCESS_CONTROL_TAG 487 +#define VAR_LOCAL_ZONE_OVERRIDE 488 +#define VAR_ACCESS_CONTROL_TAG_ACTION 489 +#define VAR_ACCESS_CONTROL_TAG_DATA 490 +#define VAR_VIEW 491 +#define VAR_ACCESS_CONTROL_VIEW 492 +#define VAR_VIEW_FIRST 493 +#define VAR_SERVE_EXPIRED 494 +#define VAR_SERVE_EXPIRED_TTL 495 +#define VAR_SERVE_EXPIRED_TTL_RESET 496 +#define VAR_SERVE_EXPIRED_REPLY_TTL 497 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 498 +#define VAR_EDE_SERVE_EXPIRED 499 +#define VAR_SERVE_ORIGINAL_TTL 500 +#define VAR_FAKE_DSA 501 +#define VAR_FAKE_SHA1 502 +#define VAR_LOG_IDENTITY 503 +#define VAR_HIDE_TRUSTANCHOR 504 +#define VAR_HIDE_HTTP_USER_AGENT 505 +#define VAR_HTTP_USER_AGENT 506 +#define VAR_TRUST_ANCHOR_SIGNALING 507 +#define VAR_AGGRESSIVE_NSEC 508 +#define VAR_USE_SYSTEMD 509 +#define VAR_SHM_ENABLE 510 +#define VAR_SHM_KEY 511 +#define VAR_ROOT_KEY_SENTINEL 512 +#define VAR_DNSCRYPT 513 +#define VAR_DNSCRYPT_ENABLE 514 +#define VAR_DNSCRYPT_PORT 515 +#define VAR_DNSCRYPT_PROVIDER 516 +#define VAR_DNSCRYPT_SECRET_KEY 517 +#define VAR_DNSCRYPT_PROVIDER_CERT 518 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 519 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 520 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 521 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 522 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 523 +#define VAR_PAD_RESPONSES 524 +#define VAR_PAD_RESPONSES_BLOCK_SIZE 525 +#define VAR_PAD_QUERIES 526 +#define VAR_PAD_QUERIES_BLOCK_SIZE 527 +#define VAR_IPSECMOD_ENABLED 528 +#define VAR_IPSECMOD_HOOK 529 +#define VAR_IPSECMOD_IGNORE_BOGUS 530 +#define VAR_IPSECMOD_MAX_TTL 531 +#define VAR_IPSECMOD_WHITELIST 532 +#define VAR_IPSECMOD_STRICT 533 +#define VAR_CACHEDB 534 +#define VAR_CACHEDB_BACKEND 535 +#define VAR_CACHEDB_SECRETSEED 536 +#define VAR_CACHEDB_REDISHOST 537 +#define VAR_CACHEDB_REDISPORT 538 +#define VAR_CACHEDB_REDISTIMEOUT 539 +#define VAR_CACHEDB_REDISEXPIRERECORDS 540 +#define VAR_CACHEDB_REDISPATH 541 +#define VAR_CACHEDB_REDISPASSWORD 542 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 543 +#define VAR_FOR_UPSTREAM 544 +#define VAR_AUTH_ZONE 545 +#define VAR_ZONEFILE 546 +#define VAR_MASTER 547 +#define VAR_URL 548 +#define VAR_FOR_DOWNSTREAM 549 +#define VAR_FALLBACK_ENABLED 550 +#define VAR_TLS_ADDITIONAL_PORT 551 +#define VAR_LOW_RTT 552 +#define VAR_LOW_RTT_PERMIL 553 +#define VAR_FAST_SERVER_PERMIL 554 +#define VAR_FAST_SERVER_NUM 555 +#define VAR_ALLOW_NOTIFY 556 +#define VAR_TLS_WIN_CERT 557 +#define VAR_TCP_CONNECTION_LIMIT 558 +#define VAR_ANSWER_COOKIE 559 +#define VAR_COOKIE_SECRET 560 +#define VAR_IP_RATELIMIT_COOKIE 561 +#define VAR_FORWARD_NO_CACHE 562 +#define VAR_STUB_NO_CACHE 563 +#define VAR_LOG_SERVFAIL 564 +#define VAR_DENY_ANY 565 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 566 +#define VAR_LOG_TAG_QUERYREPLY 567 +#define VAR_STREAM_WAIT_SIZE 568 +#define VAR_TLS_CIPHERS 569 +#define VAR_TLS_CIPHERSUITES 570 +#define VAR_TLS_USE_SNI 571 +#define VAR_IPSET 572 +#define VAR_IPSET_NAME_V4 573 +#define VAR_IPSET_NAME_V6 574 +#define VAR_TLS_SESSION_TICKET_KEYS 575 +#define VAR_RPZ 576 +#define VAR_TAGS 577 +#define VAR_RPZ_ACTION_OVERRIDE 578 +#define VAR_RPZ_CNAME_OVERRIDE 579 +#define VAR_RPZ_LOG 580 +#define VAR_RPZ_LOG_NAME 581 +#define VAR_DYNLIB 582 +#define VAR_DYNLIB_FILE 583 +#define VAR_EDNS_CLIENT_STRING 584 +#define VAR_EDNS_CLIENT_STRING_OPCODE 585 +#define VAR_NSID 586 +#define VAR_ZONEMD_PERMISSIVE_MODE 587 +#define VAR_ZONEMD_CHECK 588 +#define VAR_ZONEMD_REJECT_ABSENCE 589 +#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 590 +#define VAR_INTERFACE_AUTOMATIC_PORTS 591 +#define VAR_EDE 592 +#define VAR_INTERFACE_ACTION 593 +#define VAR_INTERFACE_VIEW 594 +#define VAR_INTERFACE_TAG 595 +#define VAR_INTERFACE_TAG_ACTION 596 +#define VAR_INTERFACE_TAG_DATA 597 +#define VAR_PROXY_PROTOCOL_PORT 598 +#define VAR_STATISTICS_INHIBIT_ZERO 599 +#define VAR_HARDEN_UNKNOWN_ADDITIONAL 600 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 67 "util/configparser.y" +#line 68 "util/configparser.y" char* str; -#line 743 "util/configparser.h" +#line 761 "util/configparser.h" }; typedef union YYSTYPE YYSTYPE; diff --git a/util/configparser.y b/util/configparser.y index f21c30815b3f..d8f25a67ebbf 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -47,6 +47,7 @@ #include "util/configyyrename.h" #include "util/config_file.h" #include "util/net_help.h" +#include "sldns/str2wire.h" int ub_c_lex(void); void ub_c_error(const char *message); @@ -73,9 +74,10 @@ extern struct config_parser_state* cfg_parser; %token VAR_FORCE_TOPLEVEL %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4 -%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP +%token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_NAT64 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT +%token VAR_SOCK_QUEUE_TIMEOUT %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD %token VAR_RRSET_CACHE_SIZE VAR_RRSET_CACHE_SLABS VAR_OUTGOING_NUM_TCP @@ -123,6 +125,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES %token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA +%token VAR_NAT64_PREFIX %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE @@ -175,12 +178,13 @@ extern struct config_parser_state* cfg_parser; %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT -%token VAR_CACHEDB_REDISEXPIRERECORDS +%token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT +%token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI @@ -194,6 +198,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO +%token VAR_HARDEN_UNKNOWN_ADDITIONAL %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -222,10 +227,11 @@ contents_server: contents_server content_server | ; content_server: server_num_threads | server_verbosity | server_port | server_outgoing_range | server_do_ip4 | - server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 | - server_do_udp | server_do_tcp | + server_do_ip6 | server_do_nat64 | server_prefer_ip4 | + server_prefer_ip6 | server_do_udp | server_do_tcp | server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout | server_tcp_keepalive | server_tcp_keepalive_timeout | + server_sock_queue_timeout | server_interface | server_chroot | server_username | server_directory | server_logfile | server_pidfile | server_msg_cache_size | server_msg_cache_slabs | @@ -273,6 +279,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_so_reuseport | server_delay_close | server_udp_connect | server_unblock_lan_zones | server_insecure_lan_zones | server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa | + server_nat64_prefix | server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade | server_ip_transparent | server_ip_ratelimit | server_ratelimit | server_ip_dscp | server_infra_keep_probing | @@ -302,7 +309,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_serve_expired | server_serve_expired_ttl | server_serve_expired_ttl_reset | server_serve_expired_reply_ttl | server_serve_expired_client_timeout | - server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa | + server_ede_serve_expired | server_serve_original_ttl | server_fake_dsa | server_log_identity | server_use_systemd | server_response_ip_tag | server_response_ip | server_response_ip_data | server_shm_enable | server_shm_key | server_fake_sha1 | @@ -318,12 +325,14 @@ content_server: server_num_threads | server_verbosity | server_port | server_unknown_server_time_limit | server_log_tag_queryreply | server_stream_wait_size | server_tls_ciphers | server_tls_ciphersuites | server_tls_session_ticket_keys | + server_answer_cookie | server_cookie_secret | server_ip_ratelimit_cookie | server_tls_use_sni | server_edns_client_string | server_edns_client_string_opcode | server_nsid | server_zonemd_permissive_mode | server_max_reuse_tcp_queries | server_tcp_reuse_timeout | server_tcp_auth_query_timeout | server_interface_automatic_ports | server_ede | - server_proxy_protocol_port | server_statistics_inhibit_zero + server_proxy_protocol_port | server_statistics_inhibit_zero | + server_harden_unknown_additional ; stubstart: VAR_STUB_ZONE { @@ -486,7 +495,7 @@ rpz_signal_nxdomain_ra: VAR_RPZ_SIGNAL_NXDOMAIN_RA STRING_ARG rpzstart: VAR_RPZ { struct config_auth* s; - OUTYY(("\nP(rpz:)\n")); + OUTYY(("\nP(rpz:)\n")); cfg_parser->started_toplevel = 1; s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); if(s) { @@ -502,7 +511,7 @@ rpzstart: VAR_RPZ } } ; -contents_rpz: contents_rpz content_rpz +contents_rpz: contents_rpz content_rpz | ; content_rpz: auth_name | auth_zonefile | rpz_tag | auth_master | auth_url | auth_allow_notify | rpz_action_override | rpz_cname_override | @@ -850,6 +859,15 @@ server_do_ip6: VAR_DO_IP6 STRING_ARG free($2); } ; +server_do_nat64: VAR_DO_NAT64 STRING_ARG + { + OUTYY(("P(server_do_nat64:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_nat64 = (strcmp($2, "yes")==0); + free($2); + } + ; server_do_udp: VAR_DO_UDP STRING_ARG { OUTYY(("P(server_do_udp:%s)\n", $2)); @@ -972,6 +990,19 @@ server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG free($2); } ; +server_sock_queue_timeout: VAR_SOCK_QUEUE_TIMEOUT STRING_ARG + { + OUTYY(("P(server_sock_queue_timeout:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else if (atoi($2) > 6553500) + cfg_parser->cfg->sock_queue_timeout = 6553500; + else if (atoi($2) < 1) + cfg_parser->cfg->sock_queue_timeout = 0; + else cfg_parser->cfg->sock_queue_timeout = atoi($2); + free($2); + } + ; server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG { OUTYY(("P(server_tcp_upstream:%s)\n", $2)); @@ -1132,7 +1163,7 @@ server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG yyerror("expected yes or no."); else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0); free($2); - } + }; server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG { OUTYY(("P(server_http_notls_downstream:%s)\n", $2)); @@ -1778,6 +1809,16 @@ server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG free($2); } ; +server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG + { + OUTYY(("P(server_harden_unknown_additional:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_unknown_additional = + (strcmp($2, "yes")==0); + free($2); + } + ; server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG { OUTYY(("P(server_use_caps_for_id:%s)\n", $2)); @@ -2169,6 +2210,7 @@ server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG (strcmp($2, "yes")==0); free($2); } + ; server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG { OUTYY(("P(server_key_cache_size:%s)\n", $2)); @@ -2206,6 +2248,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 && strcmp($3, "typetransparent")!=0 && strcmp($3, "always_transparent")!=0 + && strcmp($3, "block_a")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 && strcmp($3, "always_nodata")!=0 @@ -2218,7 +2261,7 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "inform_redirect, always_transparent, " + "inform_redirect, always_transparent, block_a," "always_refuse, always_nxdomain, " "always_nodata, always_deny, always_null, " "noview, nodefault or ipset"); @@ -2333,6 +2376,13 @@ server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG fatal_exit("out of memory adding dns64-ignore-aaaa"); } ; +server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG + { + OUTYY(("P(nat64_prefix:%s)\n", $2)); + free(cfg_parser->cfg->nat64_prefix); + cfg_parser->cfg->nat64_prefix = $2; + } + ; server_define_tag: VAR_DEFINE_TAG STRING_ARG { char* p, *s = $2; @@ -2518,6 +2568,15 @@ server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG free($2); } ; +server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG + { + OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ip_ratelimit_cookie = atoi($2); + free($2); + } + ; server_ratelimit: VAR_RATELIMIT STRING_ARG { OUTYY(("P(server_ratelimit:%s)\n", $2)); @@ -2713,7 +2772,7 @@ server_pad_responses: VAR_PAD_RESPONSES STRING_ARG OUTYY(("P(server_pad_responses:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_responses = + else cfg_parser->cfg->pad_responses = (strcmp($2, "yes")==0); free($2); } @@ -2732,7 +2791,7 @@ server_pad_queries: VAR_PAD_QUERIES STRING_ARG OUTYY(("P(server_pad_queries:%s)\n", $2)); if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) yyerror("expected yes or no."); - else cfg_parser->cfg->pad_queries = + else cfg_parser->cfg->pad_queries = (strcmp($2, "yes")==0); free($2); } @@ -3471,9 +3530,10 @@ py_script: VAR_PYTHON_SCRIPT STRING_ARG if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2)) yyerror("out of memory"); } + ; dynlibstart: VAR_DYNLIB - { - OUTYY(("\nP(dynlib:)\n")); + { + OUTYY(("\nP(dynlib:)\n")); cfg_parser->started_toplevel = 1; } ; @@ -3487,6 +3547,7 @@ dl_file: VAR_DYNLIB_FILE STRING_ARG if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2)) yyerror("out of memory"); } + ; server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG { OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2)); @@ -3547,7 +3608,6 @@ dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG free($2); } ; - dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2)); @@ -3641,7 +3701,7 @@ contents_cachedb: contents_cachedb content_cachedb | ; content_cachedb: cachedb_backend_name | cachedb_secret_seed | redis_server_host | redis_server_port | redis_timeout | - redis_expire_records + redis_expire_records | redis_server_path | redis_server_password ; cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG { @@ -3694,6 +3754,30 @@ redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG free($2); } ; +redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_path:%s)\n", $2)); + free(cfg_parser->cfg->redis_server_path); + cfg_parser->cfg->redis_server_path = $2; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free($2); + #endif + } + ; +redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_password:%s)\n", $2)); + free(cfg_parser->cfg->redis_server_password); + cfg_parser->cfg->redis_server_password = $2; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free($2); + #endif + } + ; redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG { #if defined(USE_CACHEDB) && defined(USE_REDIS) @@ -3731,6 +3815,31 @@ server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG } } ; +server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG + { + OUTYY(("P(server_answer_cookie:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_answer_cookie = (strcmp($2, "yes")==0); + free($2); + } + ; +server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG + { + uint8_t secret[32]; + size_t secret_len = sizeof(secret); + + OUTYY(("P(server_cookie_secret:%s)\n", $2)); + if(sldns_str2wire_hex_buf($2, secret, &secret_len) + || (secret_len != 16)) + yyerror("expected 128 bit hex string"); + else { + cfg_parser->cfg->cookie_secret_len = secret_len; + memcpy(cfg_parser->cfg->cookie_secret, secret, sizeof(secret)); + } + free($2); + } + ; ipsetstart: VAR_IPSET { OUTYY(("\nP(ipset:)\n")); @@ -3800,10 +3909,11 @@ validate_acl_action(const char* action) strcmp(action, "refuse_non_local")!=0 && strcmp(action, "allow_setrd")!=0 && strcmp(action, "allow")!=0 && - strcmp(action, "allow_snoop")!=0) + strcmp(action, "allow_snoop")!=0 && + strcmp(action, "allow_cookie")!=0) { yyerror("expected deny, refuse, deny_non_local, " - "refuse_non_local, allow, allow_setrd or " - "allow_snoop as access control action"); + "refuse_non_local, allow, allow_setrd, " + "allow_snoop or allow_cookie as access control action"); } } diff --git a/util/data/msgencode.c b/util/data/msgencode.c index fe21cfb86bd1..a170eb7b8a67 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -806,6 +806,95 @@ calc_edns_field_size(struct edns_data* edns) return 1 + 2 + 2 + 4 + 2 + rdatalen; } +uint16_t +calc_edns_option_size(struct edns_data* edns, uint16_t code) +{ + size_t rdatalen = 0; + struct edns_option* opt; + if(!edns || !edns->edns_present) + return 0; + for(opt = edns->opt_list_inplace_cb_out; opt; opt = opt->next) { + if(opt->opt_code == code) + rdatalen += 4 + opt->opt_len; + } + for(opt = edns->opt_list_out; opt; opt = opt->next) { + if(opt->opt_code == code) + rdatalen += 4 + opt->opt_len; + } + return rdatalen; +} + +uint16_t +calc_ede_option_size(struct edns_data* edns, uint16_t* txt_size) +{ + size_t rdatalen = 0; + struct edns_option* opt; + *txt_size = 0; + if(!edns || !edns->edns_present) + return 0; + for(opt = edns->opt_list_inplace_cb_out; opt; opt = opt->next) { + if(opt->opt_code == LDNS_EDNS_EDE) { + rdatalen += 4 + opt->opt_len; + if(opt->opt_len > 2) *txt_size += opt->opt_len - 2; + if(opt->opt_len >= 2 && sldns_read_uint16( + opt->opt_data) == LDNS_EDE_OTHER) { + *txt_size += 4 + 2; + } + } + } + for(opt = edns->opt_list_out; opt; opt = opt->next) { + if(opt->opt_code == LDNS_EDNS_EDE) { + rdatalen += 4 + opt->opt_len; + if(opt->opt_len > 2) *txt_size += opt->opt_len - 2; + if(opt->opt_len >= 2 && sldns_read_uint16( + opt->opt_data) == LDNS_EDE_OTHER) { + *txt_size += 4 + 2; + } + } + } + return rdatalen; +} + +/* Trims the EDE OPTION-DATA to not include any EXTRA-TEXT data. + * Also removes any LDNS_EDE_OTHER options from the list since they are useless + * without the extra text. */ +static void +ede_trim_text(struct edns_option** list) +{ + struct edns_option* curr, *prev = NULL; + if(!list || !(*list)) return; + /* Unlink and repoint if LDNS_EDE_OTHER are first in list */ + while(list && *list && (*list)->opt_code == LDNS_EDNS_EDE + && (*list)->opt_len >= 2 + && sldns_read_uint16((*list)->opt_data) == LDNS_EDE_OTHER ) { + *list = (*list)->next; + } + if(!list || !(*list)) return; + curr = *list; + while(curr) { + if(curr->opt_code == LDNS_EDNS_EDE) { + if(curr->opt_len >= 2 && sldns_read_uint16( + curr->opt_data) == LDNS_EDE_OTHER) { + /* LDNS_EDE_OTHER cannot be the first option in + * this while, so prev is always initialized at + * this point from the other branches; + * cut this option off */ + prev->next = curr->next; + curr = curr->next; + } else if(curr->opt_len > 2) { + /* trim this option's EXTRA-TEXT */ + curr->opt_len = 2; + prev = curr; + curr = curr->next; + } + } else { + /* continue */ + prev = curr; + curr = curr->next; + } + } +} + static void attach_edns_record_max_msg_sz(sldns_buffer* pkt, struct edns_data* edns, uint16_t max_msg_sz) @@ -894,6 +983,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, { uint16_t flags; unsigned int attach_edns = 0; + uint16_t edns_field_size, ede_size, ede_txt_size; if(!cached || rep->authoritative) { /* original flags, copy RD and CD bits from query. */ @@ -916,25 +1006,39 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, log_assert(flags & BIT_QR); /* QR bit must be on in our replies */ if(udpsize < LDNS_HEADER_SIZE) return 0; + /* currently edns does not change during calculations; + * calculate sizes once here */ + edns_field_size = calc_edns_field_size(edns); + ede_size = calc_ede_option_size(edns, &ede_txt_size); if(sldns_buffer_capacity(pkt) < udpsize) udpsize = sldns_buffer_capacity(pkt); - if(udpsize < LDNS_HEADER_SIZE + calc_edns_field_size(edns)) { + /* EDEs are optional, try to fit anything else before them */ + if(udpsize < LDNS_HEADER_SIZE + edns_field_size - ede_size) { /* packet too small to contain edns, omit it. */ attach_edns = 0; } else { /* reserve space for edns record */ - attach_edns = (unsigned int)calc_edns_field_size(edns); - udpsize -= attach_edns; + attach_edns = (unsigned int)edns_field_size - ede_size; } if(!reply_info_encode(qinf, rep, id, flags, pkt, timenow, region, - udpsize, dnssec, MINIMAL_RESPONSES)) { + udpsize - attach_edns, dnssec, MINIMAL_RESPONSES)) { log_err("reply encode: out of memory"); return 0; } - if(attach_edns && sldns_buffer_capacity(pkt) >= - sldns_buffer_limit(pkt)+attach_edns) - attach_edns_record_max_msg_sz(pkt, edns, udpsize+attach_edns); + if(attach_edns) { + if(udpsize >= sldns_buffer_limit(pkt) + edns_field_size) + attach_edns_record_max_msg_sz(pkt, edns, udpsize); + else if(udpsize >= sldns_buffer_limit(pkt) + edns_field_size - ede_txt_size) { + ede_trim_text(&edns->opt_list_inplace_cb_out); + ede_trim_text(&edns->opt_list_out); + attach_edns_record_max_msg_sz(pkt, edns, udpsize); + } else if(udpsize >= sldns_buffer_limit(pkt) + edns_field_size - ede_size) { + edns_opt_list_remove(&edns->opt_list_inplace_cb_out, LDNS_EDNS_EDE); + edns_opt_list_remove(&edns->opt_list_out, LDNS_EDNS_EDE); + attach_edns_record_max_msg_sz(pkt, edns, udpsize); + } + } return 1; } @@ -958,15 +1062,17 @@ qinfo_query_encode(sldns_buffer* pkt, struct query_info* qinfo) sldns_buffer_flip(pkt); } -void -error_encode(sldns_buffer* buf, int r, struct query_info* qinfo, - uint16_t qid, uint16_t qflags, struct edns_data* edns) +void +extended_error_encode(sldns_buffer* buf, uint16_t rcode, + struct query_info* qinfo, uint16_t qid, uint16_t qflags, + uint16_t xflags, struct edns_data* edns) { uint16_t flags; sldns_buffer_clear(buf); sldns_buffer_write(buf, &qid, sizeof(uint16_t)); - flags = (uint16_t)(BIT_QR | BIT_RA | r); /* QR and retcode*/ + flags = (uint16_t)(BIT_QR | BIT_RA | (rcode & 0xF)); /* QR and retcode*/ + flags |= xflags; flags |= (qflags & (BIT_RD|BIT_CD)); /* copy RD and CD bit */ sldns_buffer_write_u16(buf, flags); if(qinfo) flags = 1; @@ -993,11 +1099,25 @@ error_encode(sldns_buffer* buf, int r, struct query_info* qinfo, struct edns_data es = *edns; es.edns_version = EDNS_ADVERTISED_VERSION; es.udp_size = EDNS_ADVERTISED_SIZE; - es.ext_rcode = 0; + es.ext_rcode = (uint8_t)(rcode >> 4); es.bits &= EDNS_DO; if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) > - edns->udp_size) - return; + edns->udp_size) { + edns_opt_list_remove(&es.opt_list_inplace_cb_out, LDNS_EDNS_EDE); + edns_opt_list_remove(&es.opt_list_out, LDNS_EDNS_EDE); + if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) > + edns->udp_size) { + return; + } + } attach_edns_record(buf, &es); } } + +void +error_encode(sldns_buffer* buf, int r, struct query_info* qinfo, + uint16_t qid, uint16_t qflags, struct edns_data* edns) +{ + extended_error_encode(buf, (r & 0x000F), qinfo, qid, qflags, + (r & 0xFFF0), edns); +} diff --git a/util/data/msgencode.h b/util/data/msgencode.h index 30dc515cbe59..6aff06099ee9 100644 --- a/util/data/msgencode.h +++ b/util/data/msgencode.h @@ -109,6 +109,27 @@ void qinfo_query_encode(struct sldns_buffer* pkt, struct query_info* qinfo); uint16_t calc_edns_field_size(struct edns_data* edns); /** + * Calculate the size of a specific EDNS option in packet. + * @param edns: edns data or NULL. + * @param code: the opt code to get the size of. + * @return octets the option will take up. + */ +uint16_t calc_edns_option_size(struct edns_data* edns, uint16_t code); + +/** + * Calculate the size of the EDE option(s) in packet. Also calculate seperately + * the size of the EXTRA-TEXT field(s) in case we can trim them to fit. + * In this case include any LDNS_EDE_OTHER options in their entirety since they + * are useless without extra text. + * @param edns: edns data or NULL. + * @param txt_size: the size of the EXTRA-TEXT field(s); this includes + * LDNS_EDE_OTHER in their entirety since they are useless without + * extra text. + * @return octets the option will take up. + */ +uint16_t calc_ede_option_size(struct edns_data* edns, uint16_t* txt_size); + +/** * Attach EDNS record to buffer. Buffer has complete packet. There must * be enough room left for the EDNS record. * @param pkt: packet added to. @@ -116,11 +137,11 @@ uint16_t calc_edns_field_size(struct edns_data* edns); */ void attach_edns_record(struct sldns_buffer* pkt, struct edns_data* edns); -/** +/** * Encode an error. With QR and RA set. * * @param pkt: where to store the packet. - * @param r: RCODE value to encode. + * @param r: RCODE value to encode (may contain extra flags). * @param qinfo: if not NULL, the query is included. * @param qid: query ID to set in packet. network order. * @param qflags: original query flags (to copy RD and CD bits). host order. @@ -130,4 +151,21 @@ void attach_edns_record(struct sldns_buffer* pkt, struct edns_data* edns); void error_encode(struct sldns_buffer* pkt, int r, struct query_info* qinfo, uint16_t qid, uint16_t qflags, struct edns_data* edns); +/** + * Encode an extended error. With QR and RA set. + * + * @param pkt: where to store the packet. + * @param rcode: Extended RCODE value to encode. + * @param qinfo: if not NULL, the query is included. + * @param qid: query ID to set in packet. network order. + * @param qflags: original query flags (to copy RD and CD bits). host order. + * @param xflags: extra flags to set (such as for example BIT_AA and/or BIT_TC) + * @param edns: if not NULL, this is the query edns info, + * and an edns reply is attached. Only attached if EDNS record fits reply. + * Without edns extended errors (i.e. > 15) will not be conveyed. + */ +void extended_error_encode(struct sldns_buffer* pkt, uint16_t rcode, + struct query_info* qinfo, uint16_t qid, uint16_t qflags, + uint16_t xflags, struct edns_data* edns); + #endif /* UTIL_DATA_MSGENCODE_H */ diff --git a/util/data/msgparse.c b/util/data/msgparse.c index 5bb69d6ed06f..b5414c6d0a55 100644 --- a/util/data/msgparse.c +++ b/util/data/msgparse.c @@ -45,6 +45,8 @@ #include "util/netevent.h" #include "util/storage/lookup3.h" #include "util/regional.h" +#include "util/rfc_1982.h" +#include "util/edns.h" #include "sldns/rrdef.h" #include "sldns/sbuffer.h" #include "sldns/parseutil.h" @@ -940,22 +942,11 @@ parse_packet(sldns_buffer* pkt, struct msg_parse* msg, struct regional* region) return 0; } -static int -edns_opt_list_append_keepalive(struct edns_option** list, int msec, - struct regional* region) -{ - uint8_t data[2]; /* For keepalive value */ - data[0] = (uint8_t)((msec >> 8) & 0xff); - data[1] = (uint8_t)(msec & 0xff); - return edns_opt_list_append(list, LDNS_EDNS_KEEPALIVE, sizeof(data), - data, region); -} - /** parse EDNS options from EDNS wireformat rdata */ static int parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, struct edns_data* edns, struct config_file* cfg, struct comm_point* c, - struct regional* region) + struct comm_reply* repinfo, uint32_t now, struct regional* region) { /* To respond with a Keepalive option, the client connection must have * received one message with a TCP Keepalive EDNS option, and that @@ -979,6 +970,10 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, while(rdata_len >= 4) { uint16_t opt_code = sldns_read_uint16(rdata_ptr); uint16_t opt_len = sldns_read_uint16(rdata_ptr+2); + uint8_t server_cookie[40]; + enum edns_cookie_val_status cookie_val_status; + int cookie_is_v4 = 1; + rdata_ptr += 4; rdata_len -= 4; if(opt_len > rdata_len) @@ -1041,6 +1036,76 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, edns->padding_block_size = cfg->pad_responses_block_size; break; + case LDNS_EDNS_COOKIE: + if(!cfg || !cfg->do_answer_cookie || !repinfo) + break; + if(opt_len != 8 && (opt_len < 16 || opt_len > 40)) { + verbose(VERB_ALGO, "worker request: " + "badly formatted cookie"); + return LDNS_RCODE_FORMERR; + } + edns->cookie_present = 1; + + /* Copy client cookie, version and timestamp for + * validation and creation purposes. + */ + if(opt_len >= 16) { + memmove(server_cookie, rdata_ptr, 16); + } else { + memset(server_cookie, 0, 16); + memmove(server_cookie, rdata_ptr, opt_len); + } + + /* Copy client ip for validation and creation + * purposes. It will be overwritten if (re)creation + * is needed. + */ + if(repinfo->remote_addr.ss_family == AF_INET) { + memcpy(server_cookie + 16, + &((struct sockaddr_in*)&repinfo->remote_addr)->sin_addr, 4); + } else { + cookie_is_v4 = 0; + memcpy(server_cookie + 16, + &((struct sockaddr_in6*)&repinfo->remote_addr)->sin6_addr, 16); + } + + cookie_val_status = edns_cookie_server_validate( + rdata_ptr, opt_len, cfg->cookie_secret, + cfg->cookie_secret_len, cookie_is_v4, + server_cookie, now); + switch(cookie_val_status) { + case COOKIE_STATUS_VALID: + case COOKIE_STATUS_VALID_RENEW: + edns->cookie_valid = 1; + /* Reuse cookie */ + if(!edns_opt_list_append( + &edns->opt_list_out, LDNS_EDNS_COOKIE, + opt_len, rdata_ptr, region)) { + log_err("out of memory"); + return LDNS_RCODE_SERVFAIL; + } + /* Cookie to be reused added to outgoing + * options. Done! + */ + break; + case COOKIE_STATUS_CLIENT_ONLY: + edns->cookie_client = 1; + /* fallthrough */ + case COOKIE_STATUS_FUTURE: + case COOKIE_STATUS_EXPIRED: + case COOKIE_STATUS_INVALID: + default: + edns_cookie_server_write(server_cookie, + cfg->cookie_secret, cookie_is_v4, now); + if(!edns_opt_list_append(&edns->opt_list_out, + LDNS_EDNS_COOKIE, 24, server_cookie, + region)) { + log_err("out of memory"); + return LDNS_RCODE_SERVFAIL; + } + break; + } + break; default: break; } @@ -1115,6 +1180,8 @@ parse_extract_edns_from_response_msg(struct msg_parse* msg, edns->opt_list_out = NULL; edns->opt_list_inplace_cb_out = NULL; edns->padding_block_size = 0; + edns->cookie_present = 0; + edns->cookie_valid = 0; /* take the options */ rdata_len = found->rr_first->size-2; @@ -1170,7 +1237,8 @@ skip_pkt_rrs(sldns_buffer* pkt, int num) int parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns, - struct config_file* cfg, struct comm_point* c, struct regional* region) + struct config_file* cfg, struct comm_point* c, + struct comm_reply* repinfo, time_t now, struct regional* region) { size_t rdata_len; uint8_t* rdata_ptr; @@ -1206,6 +1274,8 @@ parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns, edns->opt_list_out = NULL; edns->opt_list_inplace_cb_out = NULL; edns->padding_block_size = 0; + edns->cookie_present = 0; + edns->cookie_valid = 0; /* take the options */ rdata_len = sldns_buffer_read_u16(pkt); @@ -1214,7 +1284,7 @@ parse_edns_from_query_pkt(sldns_buffer* pkt, struct edns_data* edns, rdata_ptr = sldns_buffer_current(pkt); /* ignore rrsigs */ return parse_edns_options_from_query(rdata_ptr, rdata_len, edns, cfg, - c, region); + c, repinfo, now, region); } void diff --git a/util/data/msgparse.h b/util/data/msgparse.h index 0c458e6e8e25..b7dc235d677c 100644 --- a/util/data/msgparse.h +++ b/util/data/msgparse.h @@ -72,6 +72,7 @@ struct regional; struct edns_option; struct config_file; struct comm_point; +struct comm_reply; /** number of buckets in parse rrset hash table. Must be power of 2. */ #define PARSE_TABLE_SIZE 32 @@ -217,8 +218,6 @@ struct rr_parse { * region. */ struct edns_data { - /** if EDNS OPT record was present */ - int edns_present; /** Extended RCODE */ uint8_t ext_rcode; /** The EDNS version number */ @@ -238,7 +237,15 @@ struct edns_data { struct edns_option* opt_list_inplace_cb_out; /** block size to pad */ uint16_t padding_block_size; -}; + /** if EDNS OPT record was present */ + unsigned int edns_present : 1; + /** if a cookie was present */ + unsigned int cookie_present : 1; + /** if the cookie validated */ + unsigned int cookie_valid : 1; + /** if the cookie holds only the client part */ + unsigned int cookie_client : 1; +}; /** * EDNS option @@ -310,12 +317,15 @@ int skip_pkt_rrs(struct sldns_buffer* pkt, int num); * initialised. * @param cfg: the configuration (with nsid value etc.) * @param c: commpoint to determine transport (if needed) + * @param repinfo: commreply to determine the client address + * @param now: current time * @param region: region to alloc results in (edns option contents) * @return: 0 on success, or an RCODE on error. * RCODE formerr if OPT is badly formatted and so on. */ int parse_edns_from_query_pkt(struct sldns_buffer* pkt, struct edns_data* edns, - struct config_file* cfg, struct comm_point* c, struct regional* region); + struct config_file* cfg, struct comm_point* c, + struct comm_reply* repinfo, time_t now, struct regional* region); /** * Calculate hash value for rrset in packet. diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 1e6ee97040cf..920a0a939d06 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -94,7 +94,7 @@ parse_create_qinfo(sldns_buffer* pkt, struct msg_parse* msg, struct reply_info* construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns, - size_t ar, size_t total, enum sec_status sec) + size_t ar, size_t total, enum sec_status sec, sldns_ede_code reason_bogus) { struct reply_info* rep; /* rrset_count-1 because the first ref is part of the struct. */ @@ -117,7 +117,9 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, rep->ar_numrrsets = ar; rep->rrset_count = total; rep->security = sec; - rep->reason_bogus = LDNS_EDE_NONE; + rep->reason_bogus = reason_bogus; + /* this is only allocated and used for caching on copy */ + rep->reason_bogus_str = NULL; rep->authoritative = 0; /* array starts after the refs */ if(region) @@ -137,7 +139,7 @@ parse_create_repinfo(struct msg_parse* msg, struct reply_info** rep, { *rep = construct_reply_info_base(region, msg->flags, msg->qdcount, 0, 0, 0, msg->an_rrsets, msg->ns_rrsets, msg->ar_rrsets, - msg->rrset_count, sec_status_unchecked); + msg->rrset_count, sec_status_unchecked, LDNS_EDE_NONE); if(!*rep) return 0; return 1; @@ -182,7 +184,7 @@ make_new_reply_info(const struct reply_info* rep, struct regional* region, new_rep = construct_reply_info_base(region, rep->flags, rep->qdcount, rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, an_numrrsets, 0, 0, an_numrrsets, - sec_status_insecure); + sec_status_insecure, LDNS_EDE_NONE); if(!new_rep) return NULL; if(!reply_info_alloc_rrset_keys(new_rep, NULL, region)) @@ -580,6 +582,10 @@ reply_info_parsedelete(struct reply_info* rep, struct alloc_cache* alloc) for(i=0; i<rep->rrset_count; i++) { ub_packed_rrset_parsedelete(rep->rrsets[i], alloc); } + if(rep->reason_bogus_str) { + free(rep->reason_bogus_str); + rep->reason_bogus_str = NULL; + } free(rep); } @@ -661,6 +667,10 @@ void reply_info_delete(void* d, void* ATTR_UNUSED(arg)) { struct reply_info* r = (struct reply_info*)d; + if(r->reason_bogus_str) { + free(r->reason_bogus_str); + r->reason_bogus_str = NULL; + } free(r); } @@ -737,17 +747,36 @@ repinfo_copy_rrsets(struct reply_info* dest, struct reply_info* from, return 1; } -struct reply_info* -reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, +struct reply_info* +reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, struct regional* region) { struct reply_info* cp; - cp = construct_reply_info_base(region, rep->flags, rep->qdcount, - rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, + cp = construct_reply_info_base(region, rep->flags, rep->qdcount, + rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets, - rep->rrset_count, rep->security); + rep->rrset_count, rep->security, rep->reason_bogus); if(!cp) return NULL; + + if(rep->reason_bogus_str && *rep->reason_bogus_str != 0) { + if(region) { + cp->reason_bogus_str = (char*)regional_alloc(region, + sizeof(char) + * (strlen(rep->reason_bogus_str)+1)); + } else { + cp->reason_bogus_str = malloc(sizeof(char) + * (strlen(rep->reason_bogus_str)+1)); + } + if(!cp->reason_bogus_str) { + if(!region) + reply_info_parsedelete(cp, alloc); + return NULL; + } + memcpy(cp->reason_bogus_str, rep->reason_bogus_str, + strlen(rep->reason_bogus_str)+1); + } + /* allocate ub_key structures special or not */ if(!reply_info_alloc_rrset_keys(cp, alloc, region)) { if(!region) @@ -1020,6 +1049,16 @@ int edns_opt_list_append_ede(struct edns_option** list, struct regional* region, return 1; } +int edns_opt_list_append_keepalive(struct edns_option** list, int msec, + struct regional* region) +{ + uint8_t data[2]; /* For keepalive value */ + data[0] = (uint8_t)((msec >> 8) & 0xff); + data[1] = (uint8_t)(msec & 0xff); + return edns_opt_list_append(list, LDNS_EDNS_KEEPALIVE, sizeof(data), + data, region); +} + int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, uint8_t* data, struct regional* region) { @@ -1195,7 +1234,7 @@ int inplace_cb_query_response_call(struct module_env* env, } struct edns_option* edns_opt_copy_region(struct edns_option* list, - struct regional* region) + struct regional* region) { struct edns_option* result = NULL, *cur = NULL, *s; while(list) { @@ -1224,6 +1263,42 @@ struct edns_option* edns_opt_copy_region(struct edns_option* list, return result; } +struct edns_option* edns_opt_copy_filter_region(struct edns_option* list, + uint16_t* filter_list, size_t filter_list_len, struct regional* region) +{ + struct edns_option* result = NULL, *cur = NULL, *s; + size_t i; + while(list) { + for(i=0; i<filter_list_len; i++) + if(filter_list[i] == list->opt_code) goto found; + if(i == filter_list_len) goto next; +found: + /* copy edns option structure */ + s = regional_alloc_init(region, list, sizeof(*list)); + if(!s) return NULL; + s->next = NULL; + + /* copy option data */ + if(s->opt_data) { + s->opt_data = regional_alloc_init(region, s->opt_data, + s->opt_len); + if(!s->opt_data) + return NULL; + } + + /* link into list */ + if(cur) + cur->next = s; + else result = s; + cur = s; + +next: + /* examine next element */ + list = list->next; + } + return result; +} + int edns_opt_compare(struct edns_option* p, struct edns_option* q) { if(!p && !q) return 0; diff --git a/util/data/msgreply.h b/util/data/msgreply.h index 9538adc5a8b2..a9af3d7e657d 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -170,9 +170,17 @@ struct reply_info { /** * EDE (rfc8914) code with reason for DNSSEC bogus status. + * Used for caching the EDE. */ sldns_ede_code reason_bogus; + /** + * EDE (rfc8914) NULL-terminated string with human-readable reason + * for DNSSEC bogus status. + * Used for caching the EDE. + */ + char* reason_bogus_str; + /** * Number of RRsets in each section. * The answer section. Add up the RRs in every RRset to calculate @@ -240,13 +248,15 @@ struct msgreply_entry { * @param ar: ar count * @param total: total rrset count (presumably an+ns+ar). * @param sec: security status of the reply info. + * @param reason_bogus: the Extended DNS Error for DNSSEC bogus status * @return the reply_info base struct with the array for putting the rrsets * in. The array has been zeroed. Returns NULL on malloc failure. */ struct reply_info* construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, - time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns, - size_t ar, size_t total, enum sec_status sec); + time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns, + size_t ar, size_t total, enum sec_status sec, + sldns_ede_code reason_bogus); /** * Parse wire query into a queryinfo structure, return 0 on parse error. @@ -568,6 +578,16 @@ int edns_opt_list_append_ede(struct edns_option** list, struct regional* region, sldns_ede_code code, const char *txt); /** + * Append edns keep alive option to edns options list + * @param list: the edns option list to append the edns option to. + * @param msec: the duration in msecs for the keep alive. + * @param region: region to allocate the new edns option. + * @return false on failure. + */ +int edns_opt_list_append_keepalive(struct edns_option** list, int msec, + struct regional* region); + +/** * Remove any option found on the edns option list that matches the code. * @param list: the list of edns options. * @param code: the opt code to remove. @@ -719,6 +739,12 @@ struct edns_option* edns_opt_copy_region(struct edns_option* list, struct regional* region); /** + * Copy a filtered edns option list allocated to the new region + */ +struct edns_option* edns_opt_copy_filter_region(struct edns_option* list, + uint16_t* filter_list, size_t filter_list_len, struct regional* region); + +/** * Copy edns option list allocated with malloc */ struct edns_option* edns_opt_copy_alloc(struct edns_option* list); diff --git a/util/edns.c b/util/edns.c index f55dcb97e755..2b4047f0b600 100644 --- a/util/edns.c +++ b/util/edns.c @@ -45,8 +45,11 @@ #include "util/netevent.h" #include "util/net_help.h" #include "util/regional.h" +#include "util/rfc_1982.h" +#include "util/siphash.h" #include "util/data/msgparse.h" #include "util/data/msgreply.h" +#include "sldns/sbuffer.h" struct edns_strings* edns_strings_create(void) { @@ -128,3 +131,59 @@ edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr, return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen); } +uint8_t* +edns_cookie_server_hash(const uint8_t* in, const uint8_t* secret, int v4, + uint8_t* hash) +{ + v4?siphash(in, 20, secret, hash, 8):siphash(in, 32, secret, hash, 8); + return hash; +} + +void +edns_cookie_server_write(uint8_t* buf, const uint8_t* secret, int v4, + uint32_t timestamp) +{ + uint8_t hash[8]; + buf[ 8] = 1; /* Version */ + buf[ 9] = 0; /* Reserved */ + buf[10] = 0; /* Reserved */ + buf[11] = 0; /* Reserved */ + sldns_write_uint32(buf + 12, timestamp); + (void)edns_cookie_server_hash(buf, secret, v4, hash); + memcpy(buf + 16, hash, 8); +} + +enum edns_cookie_val_status +edns_cookie_server_validate(const uint8_t* cookie, size_t cookie_len, + const uint8_t* secret, size_t secret_len, int v4, + const uint8_t* hash_input, uint32_t now) +{ + uint8_t hash[8]; + uint32_t timestamp; + uint32_t subt_1982 = 0; /* Initialize for the compiler; unused value */ + int comp_1982; + if(cookie_len != 24) + /* RFC9018 cookies are 24 bytes long */ + return COOKIE_STATUS_CLIENT_ONLY; + if(secret_len != 16 || /* RFC9018 cookies have 16 byte secrets */ + cookie[8] != 1) /* RFC9018 cookies are cookie version 1 */ + return COOKIE_STATUS_INVALID; + timestamp = sldns_read_uint32(cookie + 12); + if((comp_1982 = compare_1982(now, timestamp)) > 0 + && (subt_1982 = subtract_1982(timestamp, now)) > 3600) + /* Cookie is older than 1 hour (see RFC9018 Section 4.3.) */ + return COOKIE_STATUS_EXPIRED; + if(comp_1982 <= 0 && subtract_1982(now, timestamp) > 300) + /* Cookie time is more than 5 minutes in the future. + * (see RFC9018 Section 4.3.) */ + return COOKIE_STATUS_FUTURE; + if(memcmp(edns_cookie_server_hash(hash_input, secret, v4, hash), + cookie + 16, 8) != 0) + /* Hashes do not match */ + return COOKIE_STATUS_INVALID; + if(comp_1982 > 0 && subt_1982 > 1800) + /* Valid cookie but older than 30 minutes, so create a new one + * anyway */ + return COOKIE_STATUS_VALID_RENEW; + return COOKIE_STATUS_VALID; +} diff --git a/util/edns.h b/util/edns.h index d9ded0b84dc4..5da0ecb290a7 100644 --- a/util/edns.h +++ b/util/edns.h @@ -75,6 +75,15 @@ struct edns_string_addr { size_t string_len; }; +enum edns_cookie_val_status { + COOKIE_STATUS_CLIENT_ONLY = -3, + COOKIE_STATUS_FUTURE = -2, + COOKIE_STATUS_EXPIRED = -1, + COOKIE_STATUS_INVALID = 0, + COOKIE_STATUS_VALID = 1, + COOKIE_STATUS_VALID_RENEW = 2, +}; + /** * Create structure to hold EDNS strings * @return: newly created edns_strings, NULL on alloc failure. @@ -106,4 +115,54 @@ struct edns_string_addr* edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr, socklen_t addrlen); +/** + * Compute the interoperable DNS cookie (RFC9018) hash. + * @param in: buffer input for the hash generation. It needs to be: + * Client Cookie | Version | Reserved | Timestamp | Client-IP + * @param secret: the server secret; implicit length of 16 octets. + * @param v4: if the client IP is v4 or v6. + * @param hash: buffer to write the hash to. + * return a pointer to the hash. + */ +uint8_t* edns_cookie_server_hash(const uint8_t* in, const uint8_t* secret, + int v4, uint8_t* hash); + +/** + * Write an interoperable DNS server cookie (RFC9018). + * @param buf: buffer to write to. It should have a size of at least 32 octets + * as it doubles as the output buffer and the hash input buffer. + * The first 8 octets are expected to be the Client Cookie and will be + * left untouched. + * The next 8 octets will be written with Version | Reserved | Timestamp. + * The next 4 or 16 octets are expected to be the IPv4 or the IPv6 address + * based on the v4 flag. + * Thus the first 20 or 32 octets, based on the v4 flag, will be used as + * the hash input. + * The server hash (8 octets) will be written after the first 16 octets; + * overwriting the address information. + * The caller expects a complete, 24 octet long cookie in the buffer. + * @param secret: the server secret; implicit length of 16 octets. + * @param v4: if the client IP is v4 or v6. + * @param timestamp: the timestamp to use. + */ +void edns_cookie_server_write(uint8_t* buf, const uint8_t* secret, int v4, + uint32_t timestamp); + +/** + * Validate an interoperable DNS cookie (RFC9018). + * @param cookie: pointer to the cookie data. + * @param cookie_len: the length of the cookie data. + * @param secret: pointer to the server secret. + * @param secret_len: the length of the secret. + * @param v4: if the client IP is v4 or v6. + * @param hash_input: pointer to the hash input for validation. It needs to be: + * Client Cookie | Version | Reserved | Timestamp | Client-IP + * @param now: the current time. + * return edns_cookie_val_status with the cookie validation status i.e., + * <=0 for invalid, else valid. + */ +enum edns_cookie_val_status edns_cookie_server_validate(const uint8_t* cookie, + size_t cookie_len, const uint8_t* secret, size_t secret_len, int v4, + const uint8_t* hash_input, uint32_t now); + #endif diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index dc8ab6693876..3b88da2358e5 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -659,6 +659,10 @@ int fptr_whitelist_inplace_cb_edns_back_parsed( #else (void)fptr; #endif +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_edns_back_parsed_call) + return 1; +#endif #ifdef WITH_DYNLIBMODULE if(fptr == &dynlib_inplace_cb_edns_back_parsed) return 1; @@ -675,6 +679,10 @@ int fptr_whitelist_inplace_cb_query_response( #else (void)fptr; #endif +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_query_response) + return 1; +#endif #ifdef WITH_DYNLIBMODULE if(fptr == &dynlib_inplace_cb_query_response) return 1; diff --git a/util/iana_ports.inc b/util/iana_ports.inc index b816f8a0464e..5cb127ed897b 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -674,6 +674,8 @@ 911, 912, 913, +914, +915, 989, 990, 991, @@ -1901,6 +1903,7 @@ 2256, 2257, 2258, +2259, 2260, 2261, 2262, @@ -2010,6 +2013,7 @@ 2366, 2367, 2368, +2369, 2370, 2372, 2378, diff --git a/util/module.c b/util/module.c index 6698f94971b8..773dab853d2f 100644 --- a/util/module.c +++ b/util/module.c @@ -84,8 +84,10 @@ void errinf_ede(struct module_qstate* qstate, const char* str, sldns_ede_code reason_bogus) { struct errinf_strlist* p; - if((qstate->env->cfg->val_log_level < 2 && !qstate->env->cfg->log_servfail) || !str) + if(!str || (qstate->env->cfg->val_log_level < 2 && + !qstate->env->cfg->log_servfail)) { return; + } p = (struct errinf_strlist*)regional_alloc(qstate->region, sizeof(*p)); if(!p) { log_err("malloc failure in validator-error-info string"); @@ -152,15 +154,19 @@ char* errinf_to_str_bogus(struct module_qstate* qstate) return p; } +/* Try to find the latest (most specific) dnssec failure */ sldns_ede_code errinf_to_reason_bogus(struct module_qstate* qstate) { struct errinf_strlist* s; + sldns_ede_code ede = LDNS_EDE_NONE; for(s=qstate->errinf; s; s=s->next) { - if (s->reason_bogus != LDNS_EDE_NONE) { - return s->reason_bogus; - } + if(s->reason_bogus == LDNS_EDE_NONE) continue; + if(ede != LDNS_EDE_NONE + && ede != LDNS_EDE_DNSSEC_BOGUS + && s->reason_bogus == LDNS_EDE_DNSSEC_BOGUS) continue; + ede = s->reason_bogus; } - return LDNS_EDE_NONE; + return ede; } char* errinf_to_str_servfail(struct module_qstate* qstate) diff --git a/util/module.h b/util/module.h index 013c65b02dcf..5b6fcc93cf1e 100644 --- a/util/module.h +++ b/util/module.h @@ -619,6 +619,12 @@ struct module_qstate { /** if this is a validation recursion query that does not get * validation itself */ int is_valrec; +#ifdef CLIENT_SUBNET + /** the client network address is needed for the client-subnet option + * when prefetching, but we can't use reply_list in mesh_info, because + * we don't want to send a reply for the internal query. */ + struct sockaddr_storage client_addr; +#endif /** comm_reply contains server replies */ struct comm_reply* reply; @@ -671,6 +677,8 @@ struct module_qstate { * those servers. By comparing expiry time with qstarttime for type NS. */ time_t qstarttime; + /** whether a message from cachedb will be used for the reply */ + int is_cachedb_answer; /** * Attributes of clients that share the qstate that may affect IP-based @@ -818,11 +826,11 @@ void errinf_dname(struct module_qstate* qstate, const char* str, * This string is malloced and has to be freed by caller. */ char* errinf_to_str_bogus(struct module_qstate* qstate); + /** - * Check the sldns_ede_code of the qstate. + * Check the sldns_ede_code of the qstate->errinf. * @param qstate: query state. - * @return LDNS_EDE_DNSSEC_BOGUS by default, or the first explicitly set - * sldns_ede_code. + * @return the latest explicitly set sldns_ede_code or LDNS_EDE_NONE. */ sldns_ede_code errinf_to_reason_bogus(struct module_qstate* qstate); diff --git a/util/net_help.c b/util/net_help.c index 54fad6986f3c..e559c9b2fa6a 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -779,8 +779,8 @@ addr_in_common(struct sockaddr_storage* addr1, int net1, return match; } -void -addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, +void +addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, char* buf, size_t len) { int af = (int)((struct sockaddr_in*)addr)->sin_family; @@ -792,7 +792,50 @@ addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, } } -int +int +prefixnet_is_nat64(int prefixnet) +{ + return (prefixnet == 32 || prefixnet == 40 || + prefixnet == 48 || prefixnet == 56 || + prefixnet == 64 || prefixnet == 96); +} + +void +addr_to_nat64(const struct sockaddr_storage* addr, + const struct sockaddr_storage* nat64_prefix, + socklen_t nat64_prefixlen, int nat64_prefixnet, + struct sockaddr_storage* nat64_addr, socklen_t* nat64_addrlen) +{ + struct sockaddr_in *sin = (struct sockaddr_in *)addr; + struct sockaddr_in6 *sin6; + uint8_t *v4_byte; + + /* This needs to be checked by the caller */ + log_assert(addr->ss_family == AF_INET); + /* Current usage is only from config values; prefix lengths enforced + * during config validation */ + log_assert(prefixnet_is_nat64(nat64_prefixnet)); + + *nat64_addr = *nat64_prefix; + *nat64_addrlen = nat64_prefixlen; + + sin6 = (struct sockaddr_in6 *)nat64_addr; + sin6->sin6_flowinfo = 0; + sin6->sin6_port = sin->sin_port; + + nat64_prefixnet = nat64_prefixnet / 8; + + v4_byte = (uint8_t *)&sin->sin_addr.s_addr; + for(int i = 0; i < 4; i++) { + if(nat64_prefixnet == 8) { + /* bits 64...71 are MBZ */ + sin6->sin6_addr.s6_addr[nat64_prefixnet++] = 0; + } + sin6->sin6_addr.s6_addr[nat64_prefixnet++] = *v4_byte++; + } +} + +int addr_is_ip4mapped(struct sockaddr_storage* addr, socklen_t addrlen) { /* prefix for ipv4 into ipv6 mapping is ::ffff:x.x.x.x */ @@ -1005,6 +1048,16 @@ listen_sslctx_setup(void* ctxt) log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list"); } #endif +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) + /* ignore errors when peers do not send the mandatory close_notify + * alert on shutdown. + * Relevant for openssl >= 3 */ + if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) & + SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) { + log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF"); + return 0; + } +#endif if((SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE) & SSL_OP_CIPHER_SERVER_PREFERENCE) != @@ -1234,6 +1287,17 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert) return 0; } #endif +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) + /* ignore errors when peers do not send the mandatory close_notify + * alert on shutdown. + * Relevant for openssl >= 3 */ + if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) & + SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) { + log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF"); + SSL_CTX_free(ctx); + return 0; + } +#endif if(key && key[0]) { if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { log_err("error in client certificate %s", pem); diff --git a/util/net_help.h b/util/net_help.h index f1881b3ed0ca..a9de910d5461 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -332,6 +332,29 @@ void addr_to_str(struct sockaddr_storage* addr, socklen_t addrlen, char* buf, size_t len); /** + * Check if the prefix network length is one of the allowed 32, 40, 48, 56, 64, + * or 96. + * @param prefixnet: prefix network length to check. + * @return 1 on success, 0 on failure. + */ +int prefixnet_is_nat64(int prefixnet); + +/** + * Create a NAT64 address from a given address (needs to be IPv4) and a given + * NAT64 prefix. The NAT64 prefix net needs to be one of 32, 40, 48, 56, 64, 96. + * @param addr: IPv4 address. + * @param nat64_prefix: NAT64 prefix. + * @param nat64_prefixlen: NAT64 prefix len. + * @param nat64_prefixnet: NAT64 prefix mask. + * @param nat64_addr: the resulting NAT64 address. + * @param nat64_addrlen: the resulting NAT64 address length. + */ +void addr_to_nat64(const struct sockaddr_storage* addr, + const struct sockaddr_storage* nat64_prefix, + socklen_t nat64_prefixlen, int nat64_prefixnet, + struct sockaddr_storage* nat64_addr, socklen_t* nat64_addrlen); + +/** * See if sockaddr is an ipv6 mapped ipv4 address, "::ffff:0.0.0.0" * @param addr: address * @param addrlen: length of address diff --git a/util/netevent.c b/util/netevent.c index fe3d511643f8..204e4883cf27 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -46,6 +46,7 @@ #include "util/tcp_conn_limit.h" #include "util/fptr_wlist.h" #include "util/proxy_protocol.h" +#include "util/timeval_func.h" #include "sldns/pkthdr.h" #include "sldns/sbuffer.h" #include "sldns/str2wire.h" @@ -71,7 +72,9 @@ #ifdef HAVE_OPENSSL_ERR_H #include <openssl/err.h> #endif - +#ifdef HAVE_LINUX_NET_TSTAMP_H +#include <linux/net_tstamp.h> +#endif /* -------- Start of local definitions -------- */ /** if CMSG_ALIGN is not defined on this platform, a workaround */ #ifndef CMSG_ALIGN @@ -114,6 +117,16 @@ /** timeout in millisec to wait for write to unblock, packets dropped after.*/ #define SEND_BLOCKED_WAIT_TIMEOUT 200 +/** Let's make timestamping code cleaner and redefine SO_TIMESTAMP* */ +#ifndef SO_TIMESTAMP +#define SO_TIMESTAMP 29 +#endif +#ifndef SO_TIMESTAMPNS +#define SO_TIMESTAMPNS 35 +#endif +#ifndef SO_TIMESTAMPING +#define SO_TIMESTAMPING 37 +#endif /** * The internal event structure for keeping ub_event info for the event. * Possibly other structures (list, tree) this is part of. @@ -177,7 +190,7 @@ static struct comm_point* comm_point_create_tcp_handler( /* -------- End of local definitions -------- */ -struct comm_base* +struct comm_base* comm_base_create(int sigs) { struct comm_base* b = (struct comm_base*)calloc(1, @@ -220,7 +233,7 @@ comm_base_create_event(struct ub_event_base* base) return b; } -void +void comm_base_delete(struct comm_base* b) { if(!b) @@ -237,7 +250,7 @@ comm_base_delete(struct comm_base* b) free(b); } -void +void comm_base_delete_no_base(struct comm_base* b) { if(!b) @@ -253,14 +266,14 @@ comm_base_delete_no_base(struct comm_base* b) free(b); } -void +void comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv) { *tt = &b->eb->secs; *tv = &b->eb->now; } -void +void comm_base_dispatch(struct comm_base* b) { int retval; @@ -470,7 +483,7 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, (struct sockaddr_storage*)addr, addrlen); return 0; } else if((size_t)sent != sldns_buffer_remaining(packet)) { - log_err("sent %d in place of %d bytes", + log_err("sent %d in place of %d bytes", (int)sent, (int)sldns_buffer_remaining(packet)); return 0; } @@ -489,7 +502,7 @@ static void p_ancil(const char* str, struct comm_reply* r) if(r->srctype == 6) { #ifdef IPV6_PKTINFO char buf[1024]; - if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, + if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, buf, (socklen_t)sizeof(buf)) == 0) { (void)strlcpy(buf, "(inet_ntop error)", sizeof(buf)); } @@ -499,13 +512,13 @@ static void p_ancil(const char* str, struct comm_reply* r) } else if(r->srctype == 4) { #ifdef IP_PKTINFO char buf1[1024], buf2[1024]; - if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_addr, + if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_addr, buf1, (socklen_t)sizeof(buf1)) == 0) { (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); } buf1[sizeof(buf1)-1]=0; #ifdef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST - if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_spec_dst, + if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_spec_dst, buf2, (socklen_t)sizeof(buf2)) == 0) { (void)strlcpy(buf2, "(inet_ntop error)", sizeof(buf2)); } @@ -517,7 +530,7 @@ static void p_ancil(const char* str, struct comm_reply* r) buf1, buf2); #elif defined(IP_RECVDSTADDR) char buf1[1024]; - if(inet_ntop(AF_INET, &r->pktinfo.v4addr, + if(inet_ntop(AF_INET, &r->pktinfo.v4addr, buf1, (socklen_t)sizeof(buf1)) == 0) { (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); } @@ -531,7 +544,7 @@ static void p_ancil(const char* str, struct comm_reply* r) /** send a UDP reply over specified interface*/ static int comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen, struct comm_reply* r) + struct sockaddr* addr, socklen_t addrlen, struct comm_reply* r) { #if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_SENDMSG) ssize_t sent; @@ -579,6 +592,11 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, cmsg_data = CMSG_DATA(cmsg); ((struct in_pktinfo *) cmsg_data)->ipi_ifindex = 0; cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); + /* zero the padding bytes inserted by the CMSG_LEN */ + if(sizeof(struct in_pktinfo) < cmsg->cmsg_len) + memset(((uint8_t*)(CMSG_DATA(cmsg))) + + sizeof(struct in_pktinfo), 0, cmsg->cmsg_len + - sizeof(struct in_pktinfo)); #elif defined(IP_SENDSRCADDR) msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr)); log_assert(msg.msg_controllen <= sizeof(control.buf)); @@ -587,6 +605,11 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, memmove(CMSG_DATA(cmsg), &r->pktinfo.v4addr, sizeof(struct in_addr)); cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr)); + /* zero the padding bytes inserted by the CMSG_LEN */ + if(sizeof(struct in_addr) < cmsg->cmsg_len) + memset(((uint8_t*)(CMSG_DATA(cmsg))) + + sizeof(struct in_addr), 0, cmsg->cmsg_len + - sizeof(struct in_addr)); #else verbose(VERB_ALGO, "no IP_PKTINFO or IP_SENDSRCADDR"); msg.msg_control = NULL; @@ -603,6 +626,11 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, cmsg_data = CMSG_DATA(cmsg); ((struct in6_pktinfo *) cmsg_data)->ipi6_ifindex = 0; cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + /* zero the padding bytes inserted by the CMSG_LEN */ + if(sizeof(struct in6_pktinfo) < cmsg->cmsg_len) + memset(((uint8_t*)(CMSG_DATA(cmsg))) + + sizeof(struct in6_pktinfo), 0, cmsg->cmsg_len + - sizeof(struct in6_pktinfo)); } else { /* try to pass all 0 to use default route */ msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); @@ -611,9 +639,14 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, cmsg->cmsg_type = IPV6_PKTINFO; memset(CMSG_DATA(cmsg), 0, sizeof(struct in6_pktinfo)); cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + /* zero the padding bytes inserted by the CMSG_LEN */ + if(sizeof(struct in6_pktinfo) < cmsg->cmsg_len) + memset(((uint8_t*)(CMSG_DATA(cmsg))) + + sizeof(struct in6_pktinfo), 0, cmsg->cmsg_len + - sizeof(struct in6_pktinfo)); } #endif /* S_SPLINT_S */ - if(verbosity >= VERB_ALGO) + if(verbosity >= VERB_ALGO && r->srctype != 0) p_ancil("send_udp over interface", r); sent = sendmsg(c->fd, &msg, 0); if(sent == -1) { @@ -695,7 +728,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, if(!udp_send_errno_needs_log(addr, addrlen)) return 0; verbose(VERB_OPS, "sendmsg failed: %s", strerror(errno)); - log_addr(VERB_OPS, "remote address is", + log_addr(VERB_OPS, "remote address is", (struct sockaddr_storage*)addr, addrlen); #ifdef __NetBSD__ /* netbsd 7 has IP_PKTINFO for recv but not send */ @@ -705,7 +738,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, #endif return 0; } else if((size_t)sent != sldns_buffer_remaining(packet)) { - log_err("sent %d in place of %d bytes", + log_err("sent %d in place of %d bytes", (int)sent, (int)sldns_buffer_remaining(packet)); return 0; } @@ -817,7 +850,7 @@ done: return 1; } -void +void comm_point_udp_ancil_callback(int fd, short event, void* arg) { #if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_RECVMSG) @@ -833,6 +866,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) #ifndef S_SPLINT_S struct cmsghdr* cmsg; #endif /* S_SPLINT_S */ +#ifdef HAVE_LINUX_NET_TSTAMP_H + struct timespec *ts; +#endif /* HAVE_LINUX_NET_TSTAMP_H */ rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); @@ -843,6 +879,7 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) ub_comm_base_now(rep.c->ev->base); for(i=0; i<NUM_UDP_PER_SELECT; i++) { sldns_buffer_clear(rep.c->buffer); + timeval_clear(&rep.c->recv_tv); rep.remote_addrlen = (socklen_t)sizeof(rep.remote_addr); log_assert(fd != -1); log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); @@ -894,9 +931,23 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) sizeof(struct in_addr)); break; #endif /* IP_PKTINFO or IP_RECVDSTADDR */ +#ifdef HAVE_LINUX_NET_TSTAMP_H + } else if( cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SO_TIMESTAMPNS) { + ts = (struct timespec *)CMSG_DATA(cmsg); + TIMESPEC_TO_TIMEVAL(&rep.c->recv_tv, ts); + } else if( cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SO_TIMESTAMPING) { + ts = (struct timespec *)CMSG_DATA(cmsg); + TIMESPEC_TO_TIMEVAL(&rep.c->recv_tv, ts); + } else if( cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SO_TIMESTAMP) { + memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval)); +#endif /* HAVE_LINUX_NET_TSTAMP_H */ } } - if(verbosity >= VERB_ALGO) + + if(verbosity >= VERB_ALGO && rep.srctype != 0) p_ancil("receive_udp on interface", &rep); #endif /* S_SPLINT_S */ @@ -930,7 +981,7 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG */ } -void +void comm_point_udp_callback(int fd, short event, void* arg) { struct comm_reply rep; @@ -950,14 +1001,14 @@ comm_point_udp_callback(int fd, short event, void* arg) rep.remote_addrlen = (socklen_t)sizeof(rep.remote_addr); log_assert(fd != -1); log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); - rcv = recvfrom(fd, (void*)sldns_buffer_begin(rep.c->buffer), + rcv = recvfrom(fd, (void*)sldns_buffer_begin(rep.c->buffer), sldns_buffer_remaining(rep.c->buffer), MSG_DONTWAIT, (struct sockaddr*)&rep.remote_addr, &rep.remote_addrlen); if(rcv == -1) { #ifndef USE_WINSOCK if(errno != EAGAIN && errno != EINTR && udp_recv_needs_log(errno)) - log_err("recvfrom %d failed: %s", + log_err("recvfrom %d failed: %s", fd, strerror(errno)); #else if(WSAGetLastError() != WSAEINPROGRESS && @@ -1012,7 +1063,7 @@ int adjusted_tcp_timeout(struct comm_point* c) /** Use a new tcp handler for new query fd, set to read query */ static void -setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) +setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) { int handler_usage; log_assert(c->type == comm_tcp || c->type == comm_http); @@ -1076,10 +1127,10 @@ int comm_point_perform_accept(struct comm_point* c, /* EINTR is signal interrupt. others are closed connection. */ if( errno == EINTR || errno == EAGAIN #ifdef EWOULDBLOCK - || errno == EWOULDBLOCK + || errno == EWOULDBLOCK #endif #ifdef ECONNABORTED - || errno == ECONNABORTED + || errno == ECONNABORTED #endif #ifdef EPROTO || errno == EPROTO @@ -1253,7 +1304,7 @@ static int http2_submit_settings(struct http2_session* h2_session) #endif /* HAVE_NGHTTP2 */ -void +void comm_point_tcp_accept_callback(int fd, short event, void* arg) { struct comm_point* c = (struct comm_point*)arg, *c_hdl; @@ -2161,7 +2212,7 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) log_err("in comm_point_tcp_handle_read buffer_remaining is " "not > 0 as expected, continuing with (harmless) 0 " "length recv"); - r = recv(fd, (void*)sldns_buffer_current(c->buffer), + r = recv(fd, (void*)sldns_buffer_current(c->buffer), sldns_buffer_remaining(c->buffer), MSG_DONTWAIT); if(r == 0) { if(c->tcp_req_info) @@ -2252,8 +2303,8 @@ recv_error: return 0; } -/** - * Handle tcp writing callback. +/** + * Handle tcp writing callback. * @param fd: file descriptor of socket. * @param c: comm point to write buffer out of. * @return: 0 on error @@ -2277,7 +2328,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ int error = 0; socklen_t len = (socklen_t)sizeof(error); - if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, &len) < 0){ #ifndef USE_WINSOCK error = errno; /* on solaris errno is error */ @@ -2318,7 +2369,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) return ssl_handle_it(c, 1); #ifdef USE_MSG_FASTOPEN - /* Only try this on first use of a connection that uses tfo, + /* Only try this on first use of a connection that uses tfo, otherwise fall through to normal write */ /* Also, TFO support on WINDOWS not implemented at the moment */ if(c->tcp_do_fastopen == 1) { @@ -2473,7 +2524,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if(WSAGetLastError() == WSAEWOULDBLOCK) { ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; + return 1; } if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ @@ -2522,7 +2573,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; + return 1; } if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ @@ -2541,7 +2592,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); } - + return 1; } @@ -2561,7 +2612,7 @@ tcp_req_info_read_again(int fd, struct comm_point* c) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } return 0; @@ -2618,7 +2669,7 @@ tcp_more_write_again(int fd, struct comm_point* c) } } -void +void comm_point_tcp_handle_callback(int fd, short event, void* arg) { struct comm_point* c = (struct comm_point*)arg; @@ -2783,7 +2834,7 @@ http_read_more(int fd, struct comm_point* c) { ssize_t r; log_assert(sldns_buffer_remaining(c->buffer) > 0); - r = recv(fd, (void*)sldns_buffer_current(c->buffer), + r = recv(fd, (void*)sldns_buffer_current(c->buffer), sldns_buffer_remaining(c->buffer), MSG_DONTWAIT); if(r == 0) { return 0; @@ -3052,7 +3103,7 @@ http_chunked_segment(struct comm_point* c) /* return and wait to read more */ return 1; } - + /* callback of http reader for a new part of the data */ c->http_stored = 0; sldns_buffer_set_position(c->buffer, 0); @@ -3402,7 +3453,7 @@ http_check_connect(int fd, struct comm_point* c) /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ int error = 0; socklen_t len = (socklen_t)sizeof(error); - if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, &len) < 0){ #ifndef USE_WINSOCK error = errno; /* on solaris errno is error */ @@ -3487,7 +3538,7 @@ http_write_more(int fd, struct comm_point* c) { ssize_t r; log_assert(sldns_buffer_remaining(c->buffer) > 0); - r = send(fd, (void*)sldns_buffer_current(c->buffer), + r = send(fd, (void*)sldns_buffer_current(c->buffer), sldns_buffer_remaining(c->buffer), 0); if(r == -1) { #ifndef USE_WINSOCK @@ -3498,7 +3549,7 @@ http_write_more(int fd, struct comm_point* c) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); - return 1; + return 1; } #endif log_err_addr("http send r", sock_strerror(errno), @@ -3619,8 +3670,8 @@ comm_point_http2_handle_write(int ATTR_UNUSED(fd), struct comm_point* c) #endif } -/** - * Handle http writing callback. +/** + * Handle http writing callback. * @param fd: file descriptor of socket. * @param c: comm point to write buffer out of. * @return: 0 on error @@ -3686,7 +3737,7 @@ comm_point_http_handle_write(int fd, struct comm_point* c) return 1; } -void +void comm_point_http_handle_callback(int fd, short event, void* arg) { struct comm_point* c = (struct comm_point*)arg; @@ -3739,7 +3790,7 @@ void comm_point_local_handle_callback(int fd, short event, void* arg) if(event&UB_EV_READ) { if(!comm_point_tcp_handle_read(fd, c, 1)) { fptr_ok(fptr_whitelist_comm_point(c->callback)); - (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } return; @@ -3747,21 +3798,21 @@ void comm_point_local_handle_callback(int fd, short event, void* arg) log_err("Ignored event %d for localhdl.", event); } -void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), +void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), short event, void* arg) { struct comm_point* c = (struct comm_point*)arg; int err = NETEVENT_NOERROR; log_assert(c->type == comm_raw); ub_comm_base_now(c->ev->base); - + if(event&UB_EV_TIMEOUT) err = NETEVENT_TIMEOUT; fptr_ok(fptr_whitelist_comm_point_raw(c->callback)); (void)(*c->callback)(c, c->cb_arg, err, NULL); } -struct comm_point* +struct comm_point* comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, int pp2_enabled, comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) @@ -3809,7 +3860,11 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, +#ifdef USE_WINSOCK comm_point_udp_callback, c); +#else + comm_point_udp_ancil_callback, c); +#endif if(c->ev->ev == NULL) { log_err("could not baseset udp event"); comm_point_delete(c); @@ -3824,7 +3879,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, return c; } -struct comm_point* +struct comm_point* comm_point_create_udp_ancil(struct comm_base *base, int fd, sldns_buffer* buffer, int pp2_enabled, comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) @@ -3887,8 +3942,8 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, return c; } -static struct comm_point* -comm_point_create_tcp_handler(struct comm_base *base, +static struct comm_point* +comm_point_create_tcp_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) @@ -3985,8 +4040,8 @@ comm_point_create_tcp_handler(struct comm_base *base, return c; } -static struct comm_point* -comm_point_create_http_handler(struct comm_base *base, +static struct comm_point* +comm_point_create_http_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, int harden_large_queries, uint32_t http_max_streams, char* http_endpoint, comm_point_callback_type* callback, void* callback_arg, @@ -4083,7 +4138,7 @@ comm_point_create_http_handler(struct comm_base *base, return NULL; } #endif - + /* add to parent free list */ c->tcp_free = parent->tcp_free; parent->tcp_free = c; @@ -4105,7 +4160,7 @@ comm_point_create_http_handler(struct comm_base *base, return c; } -struct comm_point* +struct comm_point* comm_point_create_tcp(struct comm_base *base, int fd, int num, int idle_timeout, int harden_large_queries, uint32_t http_max_streams, char* http_endpoint, @@ -4203,11 +4258,11 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, return NULL; } } - + return c; } -struct comm_point* +struct comm_point* comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, comm_point_callback_type* callback, void* callback_arg) { @@ -4274,7 +4329,7 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, return c; } -struct comm_point* +struct comm_point* comm_point_create_http_out(struct comm_base *base, size_t bufsize, comm_point_callback_type* callback, void* callback_arg, sldns_buffer* temp) @@ -4345,7 +4400,7 @@ comm_point_create_http_out(struct comm_base *base, size_t bufsize, return c; } -struct comm_point* +struct comm_point* comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, comm_point_callback_type* callback, void* callback_arg) { @@ -4413,8 +4468,8 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, return c; } -struct comm_point* -comm_point_create_raw(struct comm_base* base, int fd, int writing, +struct comm_point* +comm_point_create_raw(struct comm_base* base, int fd, int writing, comm_point_callback_type* callback, void* callback_arg) { struct comm_point* c = (struct comm_point*)calloc(1, @@ -4478,7 +4533,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing, return c; } -void +void comm_point_close(struct comm_point* c) { if(!c) @@ -4518,10 +4573,10 @@ comm_point_close(struct comm_point* c) c->fd = -1; } -void +void comm_point_delete(struct comm_point* c) { - if(!c) + if(!c) return; if((c->type == comm_tcp || c->type == comm_http) && c->ssl) { #ifdef HAVE_SSL @@ -4560,7 +4615,7 @@ comm_point_delete(struct comm_point* c) free(c); } -void +void comm_point_send_reply(struct comm_reply *repinfo) { struct sldns_buffer* buffer; @@ -4624,7 +4679,7 @@ comm_point_send_reply(struct comm_reply *repinfo) } } -void +void comm_point_drop_reply(struct comm_reply* repinfo) { if(!repinfo) @@ -4648,7 +4703,7 @@ comm_point_drop_reply(struct comm_reply* repinfo) reclaim_tcp_handler(repinfo->c); } -void +void comm_point_stop_listening(struct comm_point* c) { verbose(VERB_ALGO, "comm point stop listening %d", c->fd); @@ -4660,10 +4715,10 @@ comm_point_stop_listening(struct comm_point* c) } } -void +void comm_point_start_listening(struct comm_point* c, int newfd, int msec) { - verbose(VERB_ALGO, "comm point start listening %d (%d msec)", + verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); if(c->type == comm_tcp_accept && !c->tcp_free) { /* no use to start listening no free slots. */ @@ -4747,10 +4802,10 @@ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) size_t comm_point_get_mem(struct comm_point* c) { size_t s; - if(!c) + if(!c) return 0; s = sizeof(*c) + sizeof(*c->ev); - if(c->timeout) + if(c->timeout) s += sizeof(*c->timeout); if(c->type == comm_tcp || c->type == comm_local) { s += sizeof(*c->buffer) + sldns_buffer_capacity(c->buffer); @@ -4769,7 +4824,7 @@ size_t comm_point_get_mem(struct comm_point* c) return s; } -struct comm_timer* +struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) { struct internal_timer *tm = (struct internal_timer*)calloc(1, @@ -4782,7 +4837,7 @@ comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) tm->base = base; tm->super.callback = cb; tm->super.cb_arg = cb_arg; - tm->ev = ub_event_new(base->eb->base, -1, UB_EV_TIMEOUT, + tm->ev = ub_event_new(base->eb->base, -1, UB_EV_TIMEOUT, comm_timer_callback, &tm->super); if(tm->ev == NULL) { log_err("timer_create: event_base_set failed."); @@ -4792,7 +4847,7 @@ comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) return &tm->super; } -void +void comm_timer_disable(struct comm_timer* timer) { if(!timer) @@ -4801,7 +4856,7 @@ comm_timer_disable(struct comm_timer* timer) timer->ev_timer->enabled = 0; } -void +void comm_timer_set(struct comm_timer* timer, struct timeval* tv) { log_assert(tv); @@ -4813,7 +4868,7 @@ comm_timer_set(struct comm_timer* timer, struct timeval* tv) timer->ev_timer->enabled = 1; } -void +void comm_timer_delete(struct comm_timer* timer) { if(!timer) @@ -4826,7 +4881,7 @@ comm_timer_delete(struct comm_timer* timer) free(timer->ev_timer); } -void +void comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) { struct comm_timer* tm = (struct comm_timer*)arg; @@ -4838,19 +4893,19 @@ comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) (*tm->callback)(tm->cb_arg); } -int +int comm_timer_is_set(struct comm_timer* timer) { return (int)timer->ev_timer->enabled; } -size_t +size_t comm_timer_get_mem(struct comm_timer* ATTR_UNUSED(timer)) { return sizeof(struct internal_timer); } -struct comm_signal* +struct comm_signal* comm_signal_create(struct comm_base* base, void (*callback)(int, void*), void* cb_arg) { @@ -4867,7 +4922,7 @@ comm_signal_create(struct comm_base* base, return com; } -void +void comm_signal_callback(int sig, short event, void* arg) { struct comm_signal* comsig = (struct comm_signal*)arg; @@ -4878,10 +4933,10 @@ comm_signal_callback(int sig, short event, void* arg) (*comsig->callback)(sig, comsig->cb_arg); } -int +int comm_signal_bind(struct comm_signal* comsig, int sig) { - struct internal_signal* entry = (struct internal_signal*)calloc(1, + struct internal_signal* entry = (struct internal_signal*)calloc(1, sizeof(struct internal_signal)); if(!entry) { log_err("malloc failed"); @@ -4908,7 +4963,7 @@ comm_signal_bind(struct comm_signal* comsig, int sig) return 1; } -void +void comm_signal_delete(struct comm_signal* comsig) { struct internal_signal* p, *np; diff --git a/util/netevent.h b/util/netevent.h index 3e7849c13949..dc9619c163b0 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -60,6 +60,7 @@ #ifndef NET_EVENT_H #define NET_EVENT_H +#include <sys/time.h> #include "dnscrypt/dnscrypt.h" #ifdef HAVE_NGHTTP2_NGHTTP2_H #include <nghttp2/nghttp2.h> @@ -83,7 +84,7 @@ struct internal_timer; /* A sub struct of the comm_timer super struct */ enum listen_type; /** callback from communication point function type */ -typedef int comm_point_callback_type(struct comm_point*, void*, int, +typedef int comm_point_callback_type(struct comm_point*, void*, int, struct comm_reply*); /** to pass no_error to callback function */ @@ -91,7 +92,7 @@ typedef int comm_point_callback_type(struct comm_point*, void*, int, /** to pass closed connection to callback function */ #define NETEVENT_CLOSED -1 /** to pass timeout happened to callback function */ -#define NETEVENT_TIMEOUT -2 +#define NETEVENT_TIMEOUT -2 /** to pass fallback from capsforID to callback function; 0x20 failed */ #define NETEVENT_CAPSFAIL -3 /** to pass done transfer to callback function; http file is complete */ @@ -165,8 +166,8 @@ struct comm_reply { socklen_t client_addrlen; }; -/** - * Communication point to the network +/** + * Communication point to the network * These behaviours can be accomplished by setting the flags * and passing return values from the callback. * udp frontside: called after readdone. sendafter. @@ -206,7 +207,7 @@ struct comm_point { int max_tcp_count; /** current number of tcp handler in-use for this accept socket */ int cur_tcp_count; - /** malloced array of tcp handlers for a tcp-accept, + /** malloced array of tcp handlers for a tcp-accept, of size max_tcp_count. */ struct comm_point** tcp_handlers; /** linked list of free tcp_handlers to use for new queries. @@ -271,9 +272,9 @@ struct comm_point { /** is this a UDP, TCP-accept or TCP socket. */ enum comm_point_type { /** UDP socket - handle datagrams. */ - comm_udp, + comm_udp, /** TCP accept socket - only creates handlers if readable. */ - comm_tcp_accept, + comm_tcp_accept, /** TCP handler socket - handle byteperbyte readwrite. */ comm_tcp, /** HTTP handler socket */ @@ -282,7 +283,7 @@ struct comm_point { comm_local, /** raw - not DNS format - for pipe readers and writers */ comm_raw - } + } /** variable with type of socket, UDP,TCP-accept,TCP,pipe */ type; @@ -303,7 +304,7 @@ struct comm_point { /** if set the connection is NOT closed on delete. */ int do_not_close; - /** if set, the connection is closed on error, on timeout, + /** if set, the connection is closed on error, on timeout, and after read/write completes. No callback is done. */ int tcp_do_close; @@ -383,15 +384,16 @@ struct comm_point { /** number of queries outstanding on this socket, used by * outside network for udp ports */ int inuse; - + /** the timestamp when the packet was received by the kernel */ + struct timeval recv_tv; /** callback when done. tcp_accept does not get called back, is NULL then. If a timeout happens, callback with timeout=1 is called. - If an error happens, callback is called with error set + If an error happens, callback is called with error set nonzero. If not NETEVENT_NOERROR, it is an errno value. If the connection is closed (by remote end) then the callback is called with error set to NETEVENT_CLOSED=-1. - If a timeout happens on the connection, the error is set to + If a timeout happens on the connection, the error is set to NETEVENT_TIMEOUT=-2. The reply_info can be copied if the reply needs to happen at a later time. It consists of a struct with commpoint and address. @@ -399,7 +401,7 @@ struct comm_point { Note the reply information is temporary and must be copied. NULL is passed for_reply info, in cases where error happened. - declare as: + declare as: int my_callback(struct comm_point* c, void* my_arg, int error, struct comm_reply *reply_info); @@ -446,14 +448,14 @@ struct comm_signal { /** * Create a new comm base. - * @param sigs: if true it attempts to create a default loop for + * @param sigs: if true it attempts to create a default loop for * signal handling. * @return: the new comm base. NULL on error. */ struct comm_base* comm_base_create(int sigs); /** - * Create comm base that uses the given ub_event_base (underlying pluggable + * Create comm base that uses the given ub_event_base (underlying pluggable * event mechanism pointer). * @param base: underlying pluggable event base. * @return: the new comm base. NULL on error. @@ -619,7 +621,7 @@ struct comm_point* comm_point_create_http_out(struct comm_base* base, * @return: the commpoint or NULL on error. */ struct comm_point* comm_point_create_local(struct comm_base* base, - int fd, size_t bufsize, + int fd, size_t bufsize, comm_point_callback_type* callback, void* callback_arg); /** @@ -632,7 +634,7 @@ struct comm_point* comm_point_create_local(struct comm_base* base, * @return: the commpoint or NULL on error. */ struct comm_point* comm_point_create_raw(struct comm_base* base, - int fd, int writing, + int fd, int writing, comm_point_callback_type* callback, void* callback_arg); /** @@ -722,7 +724,7 @@ size_t comm_point_get_mem(struct comm_point* c); * @param cb_arg: user callback argument. * @return: the new timer or NULL on error. */ -struct comm_timer* comm_timer_create(struct comm_base* base, +struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg); /** @@ -792,7 +794,7 @@ void comm_signal_delete(struct comm_signal* comsig); * if -1, error message has been printed if necessary, simply drop * out of the reading handler. */ -int comm_point_perform_accept(struct comm_point* c, +int comm_point_perform_accept(struct comm_point* c, struct sockaddr_storage* addr, socklen_t* addrlen); /**** internal routines ****/ @@ -801,7 +803,7 @@ int comm_point_perform_accept(struct comm_point* c, * This routine is published for checks and tests, and is only used internally. * handle libevent callback for udp comm point. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -811,7 +813,7 @@ void comm_point_udp_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for udp ancillary data comm point. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -821,7 +823,7 @@ void comm_point_udp_ancil_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for tcp accept comm point * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -831,7 +833,7 @@ void comm_point_tcp_accept_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for tcp data comm point * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -841,7 +843,7 @@ void comm_point_tcp_handle_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for tcp data comm point * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -955,7 +957,7 @@ void http2_stream_add_meshstate(struct http2_stream* h2_stream, * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm. * @param fd: file descriptor (always -1). - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_timer structure. */ @@ -965,7 +967,7 @@ void comm_timer_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * handle libevent callback for signal comm. * @param fd: file descriptor (used for the signal number). - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the internal commsignal structure. */ @@ -975,7 +977,7 @@ void comm_signal_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * libevent callback for AF_UNIX fds * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -985,7 +987,7 @@ void comm_point_local_handle_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * libevent callback for raw fd access. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ @@ -995,7 +997,7 @@ void comm_point_raw_handle_callback(int fd, short event, void* arg); * This routine is published for checks and tests, and is only used internally. * libevent callback for timeout on slow accept. * @param fd: file descriptor. - * @param event: event bits from libevent: + * @param event: event bits from libevent: * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. * @param arg: the comm_point structure. */ diff --git a/util/regional.c b/util/regional.c index 93e911c5ec1a..44aee68b2023 100644 --- a/util/regional.c +++ b/util/regional.c @@ -186,7 +186,7 @@ regional_alloc_init(struct regional* r, const void *init, size_t size) { void *s = regional_alloc(r, size); if(!s) return NULL; - memcpy(s, init, size); + memmove(s, init, size); return s; } diff --git a/util/rfc_1982.c b/util/rfc_1982.c new file mode 100644 index 000000000000..c28deded606b --- /dev/null +++ b/util/rfc_1982.c @@ -0,0 +1,74 @@ +/* + * util/rfc_1982.c - RFC 1982 Serial Number Arithmetic + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions for RFC 1982 serial number arithmetic. + */ +#include "config.h" + +int +compare_1982(uint32_t a, uint32_t b) +{ + /* for 32 bit values */ + const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); + + if (a == b) { + return 0; + } else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) { + return -1; + } else { + return 1; + } +} + +uint32_t +subtract_1982(uint32_t a, uint32_t b) +{ + /* for 32 bit values */ + const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); + + if(a == b) + return 0; + if(a < b && b - a < cutoff) { + return b-a; + } + if(a > b && a - b > cutoff) { + return ((uint32_t)0xffffffff) - (a-b-1); + } + /* wrong case, b smaller than a */ + return 0; +} diff --git a/util/rfc_1982.h b/util/rfc_1982.h new file mode 100644 index 000000000000..bae383d0e010 --- /dev/null +++ b/util/rfc_1982.h @@ -0,0 +1,63 @@ +/* + * util/rfc_1982.h - RFC 1982 Serial Number Arithmetic + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions for RFC 1982 serial number arithmetic. + */ +#ifndef RFC_1982_H +#define RFC_1982_H + +/** + * RFC 1982 comparison, uses unsigned integers, and tries to avoid + * compiler optimization (eg. by avoiding a-b<0 comparisons). + * @param a: value to compare. + * @param b: value to compare. + * @return 0 if equal, 1 if a > b, else -1. + */ +int compare_1982(uint32_t a, uint32_t b); + +/** + * RFC 1982 subtraction, uses unsigned integers, and tries to avoid + * compiler optimization (eg. by avoiding a-b<0 comparisons). + * @param a: value to subtract from. + * @param b: value to subtract. + * @return the difference between them if we know that b is larger than a, + * that is the distance between them in serial number arithmetic. + */ +uint32_t subtract_1982(uint32_t a, uint32_t b); + +#endif /* RFC_1982_H */ diff --git a/util/siphash.c b/util/siphash.c new file mode 100644 index 000000000000..0e1b597d0523 --- /dev/null +++ b/util/siphash.c @@ -0,0 +1,187 @@ +/* + SipHash reference C implementation + + Copyright (c) 2012-2016 Jean-Philippe Aumasson + <jeanphilippe.aumasson@gmail.com> + Copyright (c) 2012-2014 Daniel J. Bernstein <djb@cr.yp.to> + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along + with + this software. If not, see + <http://creativecommons.org/publicdomain/zero/1.0/>. + */ +/** + * Edited slightly for integration in Unbound. Edits are noted with 'EDIT'. + */ +/** EDIT + * \#include <assert.h> + * \#include <stdint.h> + * \#include <stdio.h> + * \#include <string.h> + * Replaced the above includes with Unbound's config.h + */ +#include "config.h" + +/* default: SipHash-2-4 */ +#define cROUNDS 2 +#define dROUNDS 4 + +#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b)))) + +#define U32TO8_LE(p, v) \ + (p)[0] = (uint8_t)((v)); \ + (p)[1] = (uint8_t)((v) >> 8); \ + (p)[2] = (uint8_t)((v) >> 16); \ + (p)[3] = (uint8_t)((v) >> 24); + +#define U64TO8_LE(p, v) \ + U32TO8_LE((p), (uint32_t)((v))); \ + U32TO8_LE((p) + 4, (uint32_t)((v) >> 32)); + +#define U8TO64_LE(p) \ + (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) | \ + ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) | \ + ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) | \ + ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56)) + +#define SIPROUND \ + do { \ + v0 += v1; \ + v1 = ROTL(v1, 13); \ + v1 ^= v0; \ + v0 = ROTL(v0, 32); \ + v2 += v3; \ + v3 = ROTL(v3, 16); \ + v3 ^= v2; \ + v0 += v3; \ + v3 = ROTL(v3, 21); \ + v3 ^= v0; \ + v2 += v1; \ + v1 = ROTL(v1, 17); \ + v1 ^= v2; \ + v2 = ROTL(v2, 32); \ + } while (0) + +#ifdef DEBUG +#define TRACE \ + do { \ + printf("(%3d) v0 %08x %08x\n", (int)inlen, (uint32_t)(v0 >> 32), \ + (uint32_t)v0); \ + printf("(%3d) v1 %08x %08x\n", (int)inlen, (uint32_t)(v1 >> 32), \ + (uint32_t)v1); \ + printf("(%3d) v2 %08x %08x\n", (int)inlen, (uint32_t)(v2 >> 32), \ + (uint32_t)v2); \ + printf("(%3d) v3 %08x %08x\n", (int)inlen, (uint32_t)(v3 >> 32), \ + (uint32_t)v3); \ + } while (0) +#else +#define TRACE +#endif + +int siphash(const uint8_t *in, const size_t inlen, const uint8_t *k, + uint8_t *out, const size_t outlen) { + + uint64_t v0 = 0x736f6d6570736575ULL; + uint64_t v1 = 0x646f72616e646f6dULL; + uint64_t v2 = 0x6c7967656e657261ULL; + uint64_t v3 = 0x7465646279746573ULL; + uint64_t k0 = U8TO64_LE(k); + uint64_t k1 = U8TO64_LE(k + 8); + uint64_t m; + int i; + const uint8_t *end = in + inlen - (inlen % sizeof(uint64_t)); + const int left = inlen & 7; + uint64_t b = ((uint64_t)inlen) << 56; + /** EDIT + * The following assert moved here from the top for C90 compliance. + */ + assert((outlen == 8) || (outlen == 16)); + v3 ^= k1; + v2 ^= k0; + v1 ^= k1; + v0 ^= k0; + + if (outlen == 16) + v1 ^= 0xee; + + for (; in != end; in += 8) { + m = U8TO64_LE(in); + v3 ^= m; + + TRACE; + for (i = 0; i < cROUNDS; ++i) + SIPROUND; + + v0 ^= m; + } + + switch (left) { + case 7: + b |= ((uint64_t)in[6]) << 48; + /** EDIT annotate case statement fallthrough for gcc */ + /* fallthrough */ + case 6: + b |= ((uint64_t)in[5]) << 40; + /** EDIT annotate case statement fallthrough for gcc */ + /* fallthrough */ + case 5: + b |= ((uint64_t)in[4]) << 32; + /** EDIT annotate case statement fallthrough for gcc */ + /* fallthrough */ + case 4: + b |= ((uint64_t)in[3]) << 24; + /** EDIT annotate case statement fallthrough for gcc */ + /* fallthrough */ + case 3: + b |= ((uint64_t)in[2]) << 16; + /** EDIT annotate case statement fallthrough for gcc */ + /* fallthrough */ + case 2: + b |= ((uint64_t)in[1]) << 8; + /** EDIT annotate case statement fallthrough for gcc */ + /* fallthrough */ + case 1: + b |= ((uint64_t)in[0]); + break; + case 0: + break; + } + + v3 ^= b; + + TRACE; + for (i = 0; i < cROUNDS; ++i) + SIPROUND; + + v0 ^= b; + + if (outlen == 16) + v2 ^= 0xee; + else + v2 ^= 0xff; + + TRACE; + for (i = 0; i < dROUNDS; ++i) + SIPROUND; + + b = v0 ^ v1 ^ v2 ^ v3; + U64TO8_LE(out, b); + + if (outlen == 8) + return 0; + + v1 ^= 0xdd; + + TRACE; + for (i = 0; i < dROUNDS; ++i) + SIPROUND; + + b = v0 ^ v1 ^ v2 ^ v3; + U64TO8_LE(out + 8, b); + + return 0; +} diff --git a/util/siphash.h b/util/siphash.h new file mode 100644 index 000000000000..63da2175cabb --- /dev/null +++ b/util/siphash.h @@ -0,0 +1,43 @@ +/* + * util/siphash.h - header for SipHash reference C implementation. + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * Contains the SipHash reference C implementation. + */ +#ifndef UTIL_SIPHASH_H +#define UTIL_SIPHASH_H +int siphash(const uint8_t *in, const size_t inlen, const uint8_t *k, + uint8_t *out, const size_t outlen); +#endif /* UTIL_SIPHASH_H */ diff --git a/util/storage/lruhash.c b/util/storage/lruhash.c index 3500a4ef0fe8..e17b180db8b8 100644 --- a/util/storage/lruhash.c +++ b/util/storage/lruhash.c @@ -81,6 +81,7 @@ lruhash_create(size_t start_size, size_t maxmem, table->num = 0; table->space_used = 0; table->space_max = maxmem; + table->max_collisions = 0; table->array = calloc(table->size, sizeof(struct lruhash_bin)); if(!table->array) { lock_quick_destroy(&table->lock); @@ -216,15 +217,19 @@ reclaim_space(struct lruhash* table, struct lruhash_entry** list) struct lruhash_entry* bin_find_entry(struct lruhash* table, - struct lruhash_bin* bin, hashvalue_type hash, void* key) + struct lruhash_bin* bin, hashvalue_type hash, void* key, size_t* collisions) { + size_t c = 0; struct lruhash_entry* p = bin->overflow_list; while(p) { if(p->hash == hash && table->compfunc(p->key, key) == 0) - return p; + break; + c++; p = p->overflow_next; } - return NULL; + if (collisions != NULL) + *collisions = c; + return p; } void @@ -303,6 +308,7 @@ lruhash_insert(struct lruhash* table, hashvalue_type hash, struct lruhash_bin* bin; struct lruhash_entry* found, *reclaimlist=NULL; size_t need_size; + size_t collisions; fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); @@ -317,12 +323,14 @@ lruhash_insert(struct lruhash* table, hashvalue_type hash, lock_quick_lock(&bin->lock); /* see if entry exists already */ - if(!(found=bin_find_entry(table, bin, hash, entry->key))) { + if(!(found=bin_find_entry(table, bin, hash, entry->key, &collisions))) { /* if not: add to bin */ entry->overflow_next = bin->overflow_list; bin->overflow_list = entry; lru_front(table, entry); table->num++; + if (table->max_collisions < collisions) + table->max_collisions = collisions; table->space_used += need_size; } else { /* if so: update data - needs a writelock */ @@ -362,7 +370,7 @@ lruhash_lookup(struct lruhash* table, hashvalue_type hash, void* key, int wr) lock_quick_lock(&table->lock); bin = &table->array[hash & table->size_mask]; lock_quick_lock(&bin->lock); - if((entry=bin_find_entry(table, bin, hash, key))) + if((entry=bin_find_entry(table, bin, hash, key, NULL))) lru_touch(table, entry); lock_quick_unlock(&table->lock); @@ -389,7 +397,7 @@ lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key) lock_quick_lock(&table->lock); bin = &table->array[hash & table->size_mask]; lock_quick_lock(&bin->lock); - if((entry=bin_find_entry(table, bin, hash, key))) { + if((entry=bin_find_entry(table, bin, hash, key, NULL))) { bin_overflow_remove(bin, entry); lru_remove(table, entry); } else { @@ -579,6 +587,7 @@ lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, struct lruhash_bin* bin; struct lruhash_entry* found, *reclaimlist = NULL; size_t need_size; + size_t collisions; fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); @@ -593,7 +602,7 @@ lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, lock_quick_lock(&bin->lock); /* see if entry exists already */ - if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) { + if ((found = bin_find_entry(table, bin, hash, entry->key, &collisions)) != NULL) { /* if so: keep the existing data - acquire a writelock */ lock_rw_wrlock(&found->lock); } @@ -604,6 +613,8 @@ lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, bin->overflow_list = entry; lru_front(table, entry); table->num++; + if (table->max_collisions < collisions) + table->max_collisions = collisions; table->space_used += need_size; /* return the entry that was presented, and lock it */ found = entry; diff --git a/util/storage/lruhash.h b/util/storage/lruhash.h index 4759b5001231..2086e4dec93e 100644 --- a/util/storage/lruhash.h +++ b/util/storage/lruhash.h @@ -178,6 +178,8 @@ struct lruhash { size_t space_used; /** the amount of space the hash table is maximally allowed to use. */ size_t space_max; + /** the maximum collisions were detected during the lruhash_insert operations. */ + size_t max_collisions; }; /** @@ -357,10 +359,11 @@ void bin_delete(struct lruhash* table, struct lruhash_bin* bin); * @param bin: hash bin to look into. * @param hash: hash value to look for. * @param key: key to look for. + * @param collisions: how many collisions were found during the search. * @return: the entry or NULL if not found. */ struct lruhash_entry* bin_find_entry(struct lruhash* table, - struct lruhash_bin* bin, hashvalue_type hash, void* key); + struct lruhash_bin* bin, hashvalue_type hash, void* key, size_t* collisions); /** * Remove entry from bin overflow chain. diff --git a/util/storage/slabhash.c b/util/storage/slabhash.c index a6c3d0fa6490..7d376c4d684a 100644 --- a/util/storage/slabhash.c +++ b/util/storage/slabhash.c @@ -242,3 +242,21 @@ size_t count_slabhash_entries(struct slabhash* sh) } return cnt; } + +void get_slabhash_stats(struct slabhash* sh, long long* num, long long* collisions) +{ + size_t slab, cnt = 0, max_collisions = 0; + + for(slab=0; slab<sh->size; slab++) { + lock_quick_lock(&sh->array[slab]->lock); + cnt += sh->array[slab]->num; + if (max_collisions < sh->array[slab]->max_collisions) { + max_collisions = sh->array[slab]->max_collisions; + } + lock_quick_unlock(&sh->array[slab]->lock); + } + if (num != NULL) + *num = cnt; + if (collisions != NULL) + *collisions = max_collisions; +} diff --git a/util/storage/slabhash.h b/util/storage/slabhash.h index 4ecb60421678..dc5fc3603294 100644 --- a/util/storage/slabhash.h +++ b/util/storage/slabhash.h @@ -200,6 +200,15 @@ void slabhash_traverse(struct slabhash* table, int wr, */ size_t count_slabhash_entries(struct slabhash* table); +/** + * Retrieves number of items in slabhash and the current max collision level + * @param table: slabbed hash table. + * @param entries_count: where to save the current number of elements. + * @param max_collisions: where to save the current max collisions level. + */ +void get_slabhash_stats(struct slabhash* table, + long long* entries_count, long long* max_collisions); + /* --- test representation --- */ /** test structure contains test key */ struct slabhash_testkey { diff --git a/util/timehist.c b/util/timehist.c index 61cc995fd8ef..2063fe80eead 100644 --- a/util/timehist.c +++ b/util/timehist.c @@ -4,22 +4,22 @@ * Copyright (c) 2007, NLnet Labs. All rights reserved. * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * Neither the name of the NLNET LABS nor the names of its contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -46,6 +46,7 @@ #include <sys/types.h> #include "util/timehist.h" #include "util/log.h" +#include "util/timeval_func.h" /** special timestwo operation for time values in histogram setup */ static void @@ -83,12 +84,12 @@ dosetup(struct timehist* hist) struct timehist* timehist_setup(void) { - struct timehist* hist = (struct timehist*)calloc(1, + struct timehist* hist = (struct timehist*)calloc(1, sizeof(struct timehist)); if(!hist) return NULL; hist->num = NUM_BUCKETS_HIST; - hist->buckets = (struct th_buck*)calloc(hist->num, + hist->buckets = (struct th_buck*)calloc(hist->num, sizeof(struct th_buck)); if(!hist->buckets) { free(hist); @@ -114,23 +115,6 @@ void timehist_clear(struct timehist* hist) hist->buckets[i].count = 0; } -/** histogram compare of time values */ -static int -timeval_smaller(const struct timeval* x, const struct timeval* y) -{ -#ifndef S_SPLINT_S - if(x->tv_sec < y->tv_sec) - return 1; - else if(x->tv_sec == y->tv_sec) { - if(x->tv_usec <= y->tv_usec) - return 1; - else return 0; - } - else return 0; -#endif -} - - void timehist_insert(struct timehist* hist, struct timeval* tv) { size_t i; @@ -194,7 +178,7 @@ timehist_count(struct timehist* hist) return res; } -double +double timehist_quartile(struct timehist* hist, double q) { double lookfor, passed, res; @@ -209,22 +193,22 @@ timehist_quartile(struct timehist* hist, double q) lookfor *= q; passed = 0; i = 0; - while(i+1 < hist->num && + while(i+1 < hist->num && passed+(double)hist->buckets[i].count < lookfor) { passed += (double)hist->buckets[i++].count; } /* got the right bucket */ #ifndef S_SPLINT_S - low = (double)hist->buckets[i].lower.tv_sec + + low = (double)hist->buckets[i].lower.tv_sec + (double)hist->buckets[i].lower.tv_usec/1000000.; - up = (double)hist->buckets[i].upper.tv_sec + + up = (double)hist->buckets[i].upper.tv_sec + (double)hist->buckets[i].upper.tv_usec/1000000.; #endif res = (lookfor - passed)*(up-low)/((double)hist->buckets[i].count); return low+res; } -void +void timehist_export(struct timehist* hist, long long* array, size_t sz) { size_t i; @@ -235,7 +219,7 @@ timehist_export(struct timehist* hist, long long* array, size_t sz) array[i] = (long long)hist->buckets[i].count; } -void +void timehist_import(struct timehist* hist, long long* array, size_t sz) { size_t i; diff --git a/util/timeval_func.c b/util/timeval_func.c new file mode 100644 index 000000000000..90250e153d90 --- /dev/null +++ b/util/timeval_func.c @@ -0,0 +1,113 @@ +/* + * util/timeval_func.c - helpers to work with struct timeval values. + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains helpers to manipulate struct timeval values. + */ + +#include "config.h" +#include "timeval_func.h" + +/** subtract timers and the values do not overflow or become negative */ +void +timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start) +{ +#ifndef S_SPLINT_S + time_t end_usec = end->tv_usec; + d->tv_sec = end->tv_sec - start->tv_sec; + if(end_usec < start->tv_usec) { + end_usec += 1000000; + d->tv_sec--; + } + d->tv_usec = end_usec - start->tv_usec; +#endif +} + +/** add timers and the values do not overflow or become negative */ +void +timeval_add(struct timeval* d, const struct timeval* add) +{ +#ifndef S_SPLINT_S + d->tv_sec += add->tv_sec; + d->tv_usec += add->tv_usec; + if(d->tv_usec >= 1000000 ) { + d->tv_usec -= 1000000; + d->tv_sec++; + } +#endif +} + +/** divide sum of timers to get average */ +void +timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) +{ +#ifndef S_SPLINT_S + long long leftover; + if(d <= 0) { + avg->tv_sec = 0; + avg->tv_usec = 0; + return; + } + avg->tv_sec = sum->tv_sec / d; + avg->tv_usec = sum->tv_usec / d; + /* handle fraction from seconds divide */ + leftover = sum->tv_sec - avg->tv_sec*d; + if(leftover <= 0) + leftover = 0; + avg->tv_usec += (((long long)leftover)*((long long)1000000))/d; + if(avg->tv_sec < 0) + avg->tv_sec = 0; + if(avg->tv_usec < 0) + avg->tv_usec = 0; +#endif +} + +/** histogram compare of time values */ +int +timeval_smaller(const struct timeval* x, const struct timeval* y) +{ +#ifndef S_SPLINT_S + if(x->tv_sec < y->tv_sec) + return 1; + else if(x->tv_sec == y->tv_sec) { + if(x->tv_usec <= y->tv_usec) + return 1; + else return 0; + } + else return 0; +#endif +} diff --git a/util/timeval_func.h b/util/timeval_func.h new file mode 100644 index 000000000000..819d1dd80fb7 --- /dev/null +++ b/util/timeval_func.h @@ -0,0 +1,53 @@ +/* + * util/timeval_func.h - definitions of helpers for struct timeval values. + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains definitions of helpers to manipulate struct timeval + * values, implemented in the corresponding C file. + */ +#include <sys/time.h> + +#ifndef timeval_isset +#define timeval_isset(tv) ((tv)->tv_sec || (tv)->tv_usec) +#endif +#ifndef timeval_clear +#define timeval_clear(tv) ((tv)->tv_sec = (tv)->tv_usec = 0) +#endif +void timeval_subtract(struct timeval* d, const struct timeval* end, const struct timeval* start); +void timeval_add(struct timeval* d, const struct timeval* add); +void timeval_divide(struct timeval* avg, const struct timeval* sum, long long d); +int timeval_smaller(const struct timeval* x, const struct timeval* y); diff --git a/validator/autotrust.c b/validator/autotrust.c index 3cdf9ceae851..3011a0ace7a2 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -2376,6 +2376,8 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp) edns.opt_list_out = NULL; edns.opt_list_inplace_cb_out = NULL; edns.padding_block_size = 0; + edns.cookie_present = 0; + edns.cookie_valid = 0; if(sldns_buffer_capacity(buf) < 65535) edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); else edns.udp_size = 65535; diff --git a/validator/val_kcache.c b/validator/val_kcache.c index c190085b56ff..f5d49d24f2db 100644 --- a/validator/val_kcache.c +++ b/validator/val_kcache.c @@ -81,17 +81,11 @@ key_cache_delete(struct key_cache* kcache) void key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey, - struct module_qstate* qstate) + int copy_reason) { - struct key_entry_key* k = key_entry_copy(kkey); + struct key_entry_key* k = key_entry_copy(kkey, copy_reason); if(!k) return; - if(key_entry_isbad(k) && qstate->errinf && - qstate->env->cfg->val_log_level >= 2) { - /* on malloc failure there is simply no reason string */ - key_entry_set_reason(k, errinf_to_str_bogus(qstate)); - key_entry_set_reason_bogus(k, errinf_to_reason_bogus(qstate)); - } key_entry_hash(k); slabhash_insert(kcache->slab, k->entry.hash, &k->entry, k->entry.data, NULL); diff --git a/validator/val_kcache.h b/validator/val_kcache.h index 76c9dd094d1a..df8de0999b3f 100644 --- a/validator/val_kcache.h +++ b/validator/val_kcache.h @@ -76,10 +76,10 @@ void key_cache_delete(struct key_cache* kcache); * @param kcache: the key cache. * @param kkey: key entry key, assumed malloced in a region, is copied * to perform update or insertion. Its data pointer is also copied. - * @param qstate: store errinf reason in case its bad. + * @param copy_reason: if the reason string needs to be copied (allocated). */ void key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey, - struct module_qstate* qstate); + int copy_reason); /** * Remove an entry from the key cache. diff --git a/validator/val_kentry.c b/validator/val_kentry.c index a47feba61a9f..85f026402fa3 100644 --- a/validator/val_kentry.c +++ b/validator/val_kentry.c @@ -152,7 +152,7 @@ key_entry_copy_toregion(struct key_entry_key* kkey, struct regional* region) } struct key_entry_key* -key_entry_copy(struct key_entry_key* kkey) +key_entry_copy(struct key_entry_key* kkey, int copy_reason) { struct key_entry_key* newk; if(!kkey) @@ -190,7 +190,7 @@ key_entry_copy(struct key_entry_key* kkey) } packed_rrset_ptr_fixup(newd->rrset_data); } - if(d->reason) { + if(copy_reason && d->reason && *d->reason != 0) { newd->reason = strdup(d->reason); if(!newd->reason) { free(newd->rrset_data); @@ -199,6 +199,8 @@ key_entry_copy(struct key_entry_key* kkey) free(newk); return NULL; } + } else { + newd->reason = NULL; } if(d->algo) { newd->algo = (uint8_t*)strdup((char*)d->algo); @@ -237,22 +239,6 @@ key_entry_isbad(struct key_entry_key* kkey) return (int)(d->isbad); } -void -key_entry_set_reason(struct key_entry_key* kkey, char* reason) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - d->reason = reason; -} - -void -key_entry_set_reason_bogus(struct key_entry_key* kkey, sldns_ede_code ede) -{ - struct key_entry_data* d = (struct key_entry_data*)kkey->entry.data; - if (ede != LDNS_EDE_NONE) { /* reason_bogus init is LDNS_EDE_NONE already */ - d->reason_bogus = ede; - } -} - char* key_entry_get_reason(struct key_entry_key* kkey) { @@ -294,6 +280,7 @@ key_entry_setup(struct regional* region, struct key_entry_key* key_entry_create_null(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now) { struct key_entry_key* k; @@ -302,8 +289,10 @@ key_entry_create_null(struct regional* region, return NULL; d->ttl = now + ttl; d->isbad = 0; - d->reason = NULL; - d->reason_bogus = LDNS_EDE_NONE; + d->reason = (!reason || *reason == 0) + ?NULL :(char*)regional_strdup(region, reason); + /* On allocation error we don't store the reason string */ + d->reason_bogus = reason_bogus; d->rrset_type = LDNS_RR_TYPE_DNSKEY; d->rrset_data = NULL; d->algo = NULL; @@ -313,7 +302,9 @@ key_entry_create_null(struct regional* region, struct key_entry_key* key_entry_create_rrset(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now) + struct ub_packed_rrset_key* rrset, uint8_t* sigalg, + sldns_ede_code reason_bogus, const char* reason, + time_t now) { struct key_entry_key* k; struct key_entry_data* d; @@ -323,8 +314,10 @@ key_entry_create_rrset(struct regional* region, return NULL; d->ttl = rd->ttl + now; d->isbad = 0; - d->reason = NULL; - d->reason_bogus = LDNS_EDE_NONE; + d->reason = (!reason || *reason == 0) + ?NULL :(char*)regional_strdup(region, reason); + /* On allocation error we don't store the reason string */ + d->reason_bogus = reason_bogus; d->rrset_type = ntohs(rrset->rk.type); d->rrset_data = (struct packed_rrset_data*)regional_alloc_init(region, rd, packed_rrset_sizeof(rd)); @@ -341,7 +334,8 @@ key_entry_create_rrset(struct regional* region, struct key_entry_key* key_entry_create_bad(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now) { struct key_entry_key* k; @@ -350,8 +344,10 @@ key_entry_create_bad(struct regional* region, return NULL; d->ttl = now + ttl; d->isbad = 1; - d->reason = NULL; - d->reason_bogus = LDNS_EDE_NONE; + d->reason = (!reason || *reason == 0) + ?NULL :(char*)regional_strdup(region, reason); + /* On allocation error we don't store the reason string */ + d->reason_bogus = reason_bogus; d->rrset_type = LDNS_RR_TYPE_DNSKEY; d->rrset_data = NULL; d->algo = NULL; diff --git a/validator/val_kentry.h b/validator/val_kentry.h index ded45beaa71d..ca9f0dabceb2 100644 --- a/validator/val_kentry.h +++ b/validator/val_kentry.h @@ -120,9 +120,11 @@ struct key_entry_key* key_entry_copy_toregion(struct key_entry_key* kkey, /** * Copy a key entry, malloced. * @param kkey: the key entry key (and data pointer) to copy. + * @param copy_reason: if the reason string needs to be copied (allocated). * @return newly allocated entry or NULL on a failure to allocate memory. */ -struct key_entry_key* key_entry_copy(struct key_entry_key* kkey); +struct key_entry_key* key_entry_copy(struct key_entry_key* kkey, + int copy_reason); /** * See if this is a null entry. Does not do locking. @@ -146,23 +148,6 @@ int key_entry_isgood(struct key_entry_key* kkey); int key_entry_isbad(struct key_entry_key* kkey); /** - * Set reason why a key is bad. - * @param kkey: bad key. - * @param reason: string to attach, you must allocate it. - * Not safe to call twice unless you deallocate it yourself. - */ -void key_entry_set_reason(struct key_entry_key* kkey, char* reason); - -/** - * Set the EDE (RFC8914) code why the key is bad, if it - * exists (so not LDNS_EDE_NONE). - * @param kkey: bad key. - * @param ede: EDE code to attach to this key. - */ -void key_entry_set_reason_bogus(struct key_entry_key* kkey, sldns_ede_code ede); - - -/** * Get reason why a key is bad. * @param kkey: bad key * @return pointer to string. @@ -184,11 +169,14 @@ sldns_ede_code key_entry_get_reason_bogus(struct key_entry_key* kkey); * @param namelen: length of name * @param dclass: class of key entry. (host order); * @param ttl: what ttl should the key have. relative. + * @param reason_bogus: accompanying EDE code. + * @param reason: accompanying NULL-terminated EDE string (or NULL). * @param now: current time (added to ttl). * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_null(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now); /** @@ -199,12 +187,16 @@ struct key_entry_key* key_entry_create_null(struct regional* region, * @param dclass: class of key entry. (host order); * @param rrset: data for key entry. This is copied to the region. * @param sigalg: signalled algorithm list (or NULL). + * @param reason_bogus: accompanying EDE code (usually LDNS_EDE_NONE). + * @param reason: accompanying NULL-terminated EDE string (or NULL). * @param now: current time (added to ttl of rrset) * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_rrset(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now); + uint8_t* name, size_t namelen, uint16_t dclass, + struct ub_packed_rrset_key* rrset, uint8_t* sigalg, + sldns_ede_code reason_bogus, const char* reason, + time_t now); /** * Create a bad entry, in the given region. @@ -213,11 +205,14 @@ struct key_entry_key* key_entry_create_rrset(struct regional* region, * @param namelen: length of name * @param dclass: class of key entry. (host order); * @param ttl: what ttl should the key have. relative. + * @param reason_bogus: accompanying EDE code. + * @param reason: accompanying NULL-terminated EDE string (or NULL). * @param now: current time (added to ttl). * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_bad(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + sldns_ede_code reason_bogus, const char* reason, time_t now); /** diff --git a/validator/val_neg.c b/validator/val_neg.c index 67699b1f7c1e..52bc68387260 100644 --- a/validator/val_neg.c +++ b/validator/val_neg.c @@ -43,7 +43,7 @@ */ #include "config.h" #ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" +#include <openssl/ssl.h> #define NSEC3_SHA_LEN SHA_DIGEST_LENGTH #else #define NSEC3_SHA_LEN 20 @@ -1407,6 +1407,11 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, /* Matching NSEC, use to generate No Data answer. Not creating answers * yet for No Data proven using wildcard. */ if(nsec && nsec_proves_nodata(nsec, qinfo, &nodata_wc) && !nodata_wc) { + /* do not create nodata answers for qtype ANY, it is a query + * type, not an rrtype to disprove. Nameerrors are useful for + * qtype ANY, in the else branch. */ + if(qinfo->qtype == LDNS_RR_TYPE_ANY) + return NULL; if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, region, 2))) return NULL; diff --git a/validator/val_nsec.c b/validator/val_nsec.c index 876bfab6dbbd..17c90d83f594 100644 --- a/validator/val_nsec.c +++ b/validator/val_nsec.c @@ -174,9 +174,10 @@ val_nsec_proves_no_ds(struct ub_packed_rrset_key* nsec, /** check security status from cache or verify rrset, returns true if secure */ static int -nsec_verify_rrset(struct module_env* env, struct val_env* ve, - struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, - char** reason, struct module_qstate* qstate) +nsec_verify_rrset(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, + char** reason, sldns_ede_code* reason_bogus, + struct module_qstate* qstate) { struct packed_rrset_data* d = (struct packed_rrset_data*) nsec->entry.data; @@ -187,7 +188,7 @@ nsec_verify_rrset(struct module_env* env, struct val_env* ve, if(d->security == sec_status_secure) return 1; d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason, - NULL, LDNS_SECTION_AUTHORITY, qstate); + reason_bogus, LDNS_SECTION_AUTHORITY, qstate); if(d->security == sec_status_secure) { rrset_update_sec_status(env->rrset_cache, nsec, *env->now); return 1; @@ -199,7 +200,7 @@ enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, time_t* proof_ttl, char** reason, - struct module_qstate* qstate) + sldns_ede_code* reason_bogus, struct module_qstate* qstate) { struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns( rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_NSEC, @@ -216,7 +217,8 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, * 1) this is a delegation point and there is no DS * 2) this is not a delegation point */ if(nsec) { - if(!nsec_verify_rrset(env, ve, nsec, kkey, reason, qstate)) { + if(!nsec_verify_rrset(env, ve, nsec, kkey, reason, + reason_bogus, qstate)) { verbose(VERB_ALGO, "NSEC RRset for the " "referral did not verify."); return sec_status_bogus; @@ -225,6 +227,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, if(sec == sec_status_bogus) { /* something was wrong. */ *reason = "NSEC does not prove absence of DS"; + *reason_bogus = LDNS_EDE_DNSSEC_BOGUS; return sec; } else if(sec == sec_status_insecure) { /* this wasn't a delegation point. */ @@ -246,9 +249,11 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, if(rep->rrsets[i]->rk.type != htons(LDNS_RR_TYPE_NSEC)) continue; if(!nsec_verify_rrset(env, ve, rep->rrsets[i], kkey, reason, - qstate)) { + reason_bogus, qstate)) { verbose(VERB_ALGO, "NSEC for empty non-terminal " "did not verify."); + *reason = "NSEC for empty non-terminal " + "did not verify."; return sec_status_bogus; } if(nsec_proves_nodata(rep->rrsets[i], qinfo, &wc)) { diff --git a/validator/val_nsec.h b/validator/val_nsec.h index 7117809d60ae..81844c908e54 100644 --- a/validator/val_nsec.h +++ b/validator/val_nsec.h @@ -44,6 +44,7 @@ #ifndef VALIDATOR_VAL_NSEC_H #define VALIDATOR_VAL_NSEC_H #include "util/data/packed_rrset.h" +#include "sldns/rrdef.h" struct val_env; struct module_env; struct module_qstate; @@ -65,6 +66,7 @@ struct key_entry_key; * @param kkey: key entry to use for verification of signatures. * @param proof_ttl: if secure, the TTL of how long this proof lasts. * @param reason: string explaining why bogus. + * @param reason_bogus: relevant EDE code for validation failure. * @param qstate: qstate with region. * @return security status. * SECURE: proved absence of DS. @@ -75,7 +77,8 @@ struct key_entry_key; enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, - time_t* proof_ttl, char** reason, struct module_qstate* qstate); + time_t* proof_ttl, char** reason, sldns_ede_code* reason_bogus, + struct module_qstate* qstate); /** * nsec typemap check, takes an NSEC-type bitmap as argument, checks for type. diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index 5ab21e20e735..37730f179676 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -48,6 +48,7 @@ #include "util/data/msgparse.h" #include "util/data/dname.h" #include "util/rbtree.h" +#include "util/rfc_1982.h" #include "util/module.h" #include "util/net_help.h" #include "util/regional.h" @@ -718,9 +719,9 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve, } verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus"); if(!numchecked) { - *reason = "signature missing"; + *reason = "signature for expected key and algorithm missing"; if(reason_bogus) - *reason_bogus = LDNS_EDE_RRSIGS_MISSING; + *reason_bogus = LDNS_EDE_DNSSEC_BOGUS; } else if(numchecked == numindeterminate) { verbose(VERB_ALGO, "rrset failed to verify due to algorithm " "refusal by cryptolib"); @@ -1378,44 +1379,6 @@ sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) (unsigned)incep, (unsigned)now); } -/** RFC 1982 comparison, uses unsigned integers, and tries to avoid - * compiler optimization (eg. by avoiding a-b<0 comparisons), - * this routine matches compare_serial(), for SOA serial number checks */ -static int -compare_1982(uint32_t a, uint32_t b) -{ - /* for 32 bit values */ - const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); - - if (a == b) { - return 0; - } else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) { - return -1; - } else { - return 1; - } -} - -/** if we know that b is larger than a, return the difference between them, - * that is the distance between them. in RFC1982 arith */ -static uint32_t -subtract_1982(uint32_t a, uint32_t b) -{ - /* for 32 bit values */ - const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); - - if(a == b) - return 0; - if(a < b && b - a < cutoff) { - return b-a; - } - if(a > b && a - b > cutoff) { - return ((uint32_t)0xffffffff) - (a-b-1); - } - /* wrong case, b smaller than a */ - return 0; -} - /** check rrsig dates */ static int check_dates(struct val_env* ve, uint32_t unow, uint8_t* expi_p, diff --git a/validator/val_utils.c b/validator/val_utils.c index e2319ee2399d..8b388882b82a 100644 --- a/validator/val_utils.c +++ b/validator/val_utils.c @@ -587,16 +587,18 @@ val_verify_new_DNSKEYs(struct regional* region, struct module_env* env, return key_entry_create_rrset(region, ds_rrset->rk.dname, ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class), dnskey_rrset, - downprot?sigalg:NULL, *env->now); + downprot?sigalg:NULL, LDNS_EDE_NONE, NULL, + *env->now); } else if(sec == sec_status_insecure) { return key_entry_create_null(region, ds_rrset->rk.dname, - ds_rrset->rk.dname_len, + ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class), - rrset_get_ttl(ds_rrset), *env->now); + rrset_get_ttl(ds_rrset), *reason_bogus, *reason, + *env->now); } return key_entry_create_bad(region, ds_rrset->rk.dname, ds_rrset->rk.dname_len, ntohs(ds_rrset->rk.rrset_class), - BOGUS_KEY_TTL, *env->now); + BOGUS_KEY_TTL, *reason_bogus, *reason, *env->now); } enum sec_status @@ -694,7 +696,7 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, has_useful_ta = 1; sec = dnskey_verify_rrset(env, ve, dnskey_rrset, - ta_dnskey, i, reason, NULL, LDNS_SECTION_ANSWER, qstate); + ta_dnskey, i, reason, reason_bogus, LDNS_SECTION_ANSWER, qstate); if(sec == sec_status_secure) { if(!sigalg || algo_needs_set_secure(&needs, (uint8_t)dnskey_get_algo(ta_dnskey, i))) { @@ -743,16 +745,17 @@ val_verify_new_DNSKEYs_with_ta(struct regional* region, struct module_env* env, return key_entry_create_rrset(region, dnskey_rrset->rk.dname, dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class), dnskey_rrset, - downprot?sigalg:NULL, *env->now); + downprot?sigalg:NULL, LDNS_EDE_NONE, NULL, *env->now); } else if(sec == sec_status_insecure) { return key_entry_create_null(region, dnskey_rrset->rk.dname, dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class), - rrset_get_ttl(dnskey_rrset), *env->now); + rrset_get_ttl(dnskey_rrset), *reason_bogus, *reason, + *env->now); } return key_entry_create_bad(region, dnskey_rrset->rk.dname, dnskey_rrset->rk.dname_len, ntohs(dnskey_rrset->rk.rrset_class), - BOGUS_KEY_TTL, *env->now); + BOGUS_KEY_TTL, *reason_bogus, *reason, *env->now); } int diff --git a/validator/validator.c b/validator/validator.c index 1723afefe353..9de9d54db27c 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -70,16 +70,16 @@ static void process_ds_response(struct module_qstate* qstate, struct query_info* qinfo, struct sock_list* origin); -/* Updates the suplied EDE (RFC8914) code selectively so we don't loose - * a more specific code - */ +/* Updates the suplied EDE (RFC8914) code selectively so we don't lose + * a more specific code */ static void update_reason_bogus(struct reply_info* rep, sldns_ede_code reason_bogus) { - if (rep->reason_bogus == LDNS_EDE_DNSSEC_BOGUS || - rep->reason_bogus == LDNS_EDE_NONE) { - rep->reason_bogus = reason_bogus; - } + if(reason_bogus == LDNS_EDE_NONE) return; + if(reason_bogus == LDNS_EDE_DNSSEC_BOGUS + && rep->reason_bogus != LDNS_EDE_NONE + && rep->reason_bogus != LDNS_EDE_DNSSEC_BOGUS) return; + rep->reason_bogus = reason_bogus; } @@ -1672,20 +1672,13 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, vq->state = VAL_FINISHED_STATE; return 1; } else if(key_entry_isbad(vq->key_entry)) { - sldns_ede_code ede = LDNS_EDE_DNSSEC_BOGUS; - - /* the key could have a more spefic EDE than just bogus */ - if(key_entry_get_reason_bogus(vq->key_entry) != LDNS_EDE_NONE) { - ede = key_entry_get_reason_bogus(vq->key_entry); - } - + /* Bad keys should have the relevant EDE code and text */ + sldns_ede_code ede = key_entry_get_reason_bogus(vq->key_entry); /* key is bad, chain is bad, reply is bogus */ errinf_dname(qstate, "key for validation", vq->key_entry->name); errinf_ede(qstate, "is marked as invalid", ede); - if(key_entry_get_reason(vq->key_entry)) { - errinf(qstate, "because of a previous"); - errinf(qstate, key_entry_get_reason(vq->key_entry)); - } + errinf(qstate, "because of a previous"); + errinf(qstate, key_entry_get_reason(vq->key_entry)); /* no retries, stop bothering the authority until timeout */ vq->restart_count = ve->max_restart; @@ -1888,7 +1881,8 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, vq->chase_reply->security = sec_status_insecure; val_mark_insecure(vq->chase_reply, vq->key_entry->name, qstate->env->rrset_cache, qstate->env); - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); return 1; } @@ -1897,12 +1891,13 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, "of trust to keys for", vq->key_entry->name, LDNS_RR_TYPE_DNSKEY, vq->key_entry->key_class); vq->chase_reply->security = sec_status_bogus; - - update_reason_bogus(vq->chase_reply, LDNS_EDE_DNSKEY_MISSING); + update_reason_bogus(vq->chase_reply, + key_entry_get_reason_bogus(vq->key_entry)); errinf_ede(qstate, "while building chain of trust", - LDNS_EDE_DNSKEY_MISSING); + key_entry_get_reason_bogus(vq->key_entry)); if(vq->restart_count >= ve->max_restart) - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); return 1; } @@ -2151,9 +2146,19 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, log_query_info(NO_VERBOSE, "validation failure", &qstate->qinfo); else { - char* err = errinf_to_str_bogus(qstate); - if(err) log_info("%s", err); - free(err); + char* err_str = errinf_to_str_bogus(qstate); + if(err_str) { + size_t err_str_len = strlen(err_str); + log_info("%s", err_str); + /* allocate space and store the error + * string */ + vq->orig_msg->rep->reason_bogus_str = regional_alloc( + qstate->region, + sizeof(char) * (err_str_len+1)); + memcpy(vq->orig_msg->rep->reason_bogus_str, + err_str, err_str_len+1); + } + free(err_str); } } /* @@ -2195,6 +2200,9 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, } } } + + /* Update rep->reason_bogus as it is the one being cached */ + update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate)); /* store results in cache */ if(qstate->query_flags&BIT_RD) { /* if secure, this will override cache anyway, no need @@ -2370,13 +2378,17 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- " "could not fetch DNSKEY rrset", ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); + reason_bogus = LDNS_EDE_DNSKEY_MISSING; + reason = "no DNSKEY rrset"; if(qstate->env->cfg->harden_dnssec_stripped) { - errinf_ede(qstate, "no DNSKEY rrset", LDNS_EDE_DNSKEY_MISSING); + errinf_ede(qstate, reason, reason_bogus); kkey = key_entry_create_bad(qstate->region, ta->name, ta->namelen, ta->dclass, BOGUS_KEY_TTL, + reason_bogus, reason, *qstate->env->now); } else kkey = key_entry_create_null(qstate->region, ta->name, ta->namelen, ta->dclass, NULL_KEY_TTL, + reason_bogus, reason, *qstate->env->now); if(!kkey) { log_err("out of memory: allocate fail prime key"); @@ -2409,9 +2421,11 @@ primeResponseToKE(struct ub_packed_rrset_key* dnskey_rrset, errinf_ede(qstate, reason, reason_bogus); kkey = key_entry_create_bad(qstate->region, ta->name, ta->namelen, ta->dclass, BOGUS_KEY_TTL, + reason_bogus, reason, *qstate->env->now); } else kkey = key_entry_create_null(qstate->region, ta->name, ta->namelen, ta->dclass, NULL_KEY_TTL, + reason_bogus, reason, *qstate->env->now); if(!kkey) { log_err("out of memory: allocate null prime key"); @@ -2458,8 +2472,9 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* errors here pretty much break validation */ verbose(VERB_DETAIL, "DS response was error, thus bogus"); errinf(qstate, rc); - errinf_ede(qstate, "no DS", LDNS_EDE_NETWORK_ERROR); - + reason = "no DS"; + reason_bogus = LDNS_EDE_NETWORK_ERROR; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } @@ -2473,7 +2488,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, if(!ds) { log_warn("internal error: POSITIVE DS response was " "missing DS."); - errinf_ede(qstate, "no DS record", LDNS_EDE_DNSSEC_BOGUS); + reason = "no DS record"; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } /* Verify only returns BOGUS or SECURE. If the rrset is @@ -2492,13 +2508,11 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, if(!val_dsset_isusable(ds)) { /* If they aren't usable, then we treat it like * there was no DS. */ - - /* TODO add EDE Unsupported DS Digest Type; this needs - * EDE to be added on non SERVFAIL answers. */ - - *ke = key_entry_create_null(qstate->region, - qinfo->qname, qinfo->qname_len, qinfo->qclass, - ub_packed_rrset_ttl(ds), *qstate->env->now); + *ke = key_entry_create_null(qstate->region, + qinfo->qname, qinfo->qname_len, qinfo->qclass, + ub_packed_rrset_ttl(ds), + LDNS_EDE_UNSUPPORTED_DS_DIGEST, NULL, + *qstate->env->now); return (*ke) != NULL; } @@ -2506,7 +2520,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, log_query_info(VERB_DETAIL, "validated DS", qinfo); *ke = key_entry_create_rrset(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, ds, - NULL, *qstate->env->now); + NULL, LDNS_EDE_NONE, NULL, *qstate->env->now); return (*ke) != NULL; } else if(subtype == VAL_CLASS_NODATA || subtype == VAL_CLASS_NAMEERROR) { @@ -2518,7 +2532,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* make sure there are NSECs or NSEC3s with signatures */ if(!val_has_signed_nsecs(msg->rep, &reason)) { verbose(VERB_ALGO, "no NSECs: %s", reason); - errinf_ede(qstate, reason, LDNS_EDE_NSEC_MISSING); + reason_bogus = LDNS_EDE_NSEC_MISSING; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } @@ -2530,7 +2545,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, /* Try to prove absence of the DS with NSEC */ sec = val_nsec_prove_nodata_dsreply( qstate->env, ve, qinfo, msg->rep, vq->key_entry, - &proof_ttl, &reason, qstate); + &proof_ttl, &reason, &reason_bogus, qstate); switch(sec) { case sec_status_secure: verbose(VERB_DETAIL, "NSEC RRset for the " @@ -2538,6 +2553,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, *ke = key_entry_create_null(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, proof_ttl, + LDNS_EDE_NONE, NULL, *qstate->env->now); return (*ke) != NULL; case sec_status_insecure: @@ -2571,6 +2587,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, *ke = key_entry_create_null(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, proof_ttl, + LDNS_EDE_NONE, NULL, *qstate->env->now); return (*ke) != NULL; case sec_status_indeterminate: @@ -2593,7 +2610,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, * this is BOGUS. */ verbose(VERB_DETAIL, "DS %s ran out of options, so return " "bogus", val_classification_to_string(subtype)); - errinf(qstate, "no DS but also no proof of that"); + reason = "no DS but also no proof of that"; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } else if(subtype == VAL_CLASS_CNAME || subtype == VAL_CLASS_CNAMENOANSWER) { @@ -2605,22 +2623,25 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, cname = reply_find_rrset_section_an(msg->rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_CNAME, qinfo->qclass); if(!cname) { - errinf(qstate, "validator classified CNAME but no " - "CNAME of the queried name for DS"); + reason = "validator classified CNAME but no " + "CNAME of the queried name for DS"; + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } if(((struct packed_rrset_data*)cname->entry.data)->rrsig_count == 0) { if(msg->rep->an_numrrsets != 0 && ntohs(msg->rep-> rrsets[0]->rk.type)==LDNS_RR_TYPE_DNAME) { - errinf(qstate, "DS got DNAME answer"); + reason = "DS got DNAME answer"; } else { - errinf(qstate, "DS got unsigned CNAME answer"); + reason = "DS got unsigned CNAME answer"; } + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } - sec = val_verify_rrset_entry(qstate->env, ve, cname, - vq->key_entry, &reason, NULL, LDNS_SECTION_ANSWER, qstate); + sec = val_verify_rrset_entry(qstate->env, ve, cname, + vq->key_entry, &reason, &reason_bogus, + LDNS_SECTION_ANSWER, qstate); if(sec == sec_status_secure) { verbose(VERB_ALGO, "CNAME validated, " "proof that DS does not exist"); @@ -2629,12 +2650,13 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, return 1; } errinf(qstate, "CNAME in DS response was not secure."); - errinf(qstate, reason); + errinf_ede(qstate, reason, reason_bogus); goto return_bogus; } else { verbose(VERB_QUERY, "Encountered an unhandled type of " "DS response, thus bogus."); errinf(qstate, "no DS and"); + reason = "no DS"; if(FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NOERROR) { char rc[16]; rc[0]=0; @@ -2647,8 +2669,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, } return_bogus: *ke = key_entry_create_bad(qstate->region, qinfo->qname, - qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, *qstate->env->now); + qinfo->qname_len, qinfo->qclass, BOGUS_KEY_TTL, + reason_bogus, reason, *qstate->env->now); return (*ke) != NULL; } @@ -2768,14 +2790,17 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, vq->restart_count++; return; } - vq->key_entry = key_entry_create_bad(qstate->region, + reason = "No DNSKEY record"; + reason_bogus = LDNS_EDE_DNSKEY_MISSING; + vq->key_entry = key_entry_create_bad(qstate->region, qinfo->qname, qinfo->qname_len, qinfo->qclass, - BOGUS_KEY_TTL, *qstate->env->now); + BOGUS_KEY_TTL, reason_bogus, reason, + *qstate->env->now); if(!vq->key_entry) { log_err("alloc failure in missing dnskey response"); /* key_entry is NULL for failure in Validate */ } - errinf_ede(qstate, "No DNSKEY record", LDNS_EDE_DNSKEY_MISSING); + errinf_ede(qstate, reason, reason_bogus); errinf_origin(qstate, origin); errinf_dname(qstate, "for key", qinfo->qname); vq->state = VAL_VALIDATE_STATE; @@ -2822,7 +2847,8 @@ process_dnskey_response(struct module_qstate* qstate, struct val_qstate* vq, qstate->errinf = NULL; /* The DNSKEY validated, so cache it as a trusted key rrset. */ - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); /* If good, we stay in the FINDKEY state. */ log_query_info(VERB_DETAIL, "validated DNSKEY", qinfo); @@ -2890,7 +2916,8 @@ process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, errinf_origin(qstate, origin); errinf_dname(qstate, "for trust anchor", ta->name); /* store the freshly primed entry in the cache */ - key_cache_insert(ve->kcache, vq->key_entry, qstate); + key_cache_insert(ve->kcache, vq->key_entry, + qstate->env->cfg->val_log_level >= 2); } /* If the result of the prime is a null key, skip the FINDKEY state.*/ |