diff -Nru unbound-1.5.8/acx_nlnetlabs.m4 unbound-1.6.0/acx_nlnetlabs.m4 --- unbound-1.5.8/acx_nlnetlabs.m4 2016-01-04 09:52:48.000000000 +0000 +++ unbound-1.6.0/acx_nlnetlabs.m4 2016-03-21 10:22:40.000000000 +0000 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 32 +# Version 34 +# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. +# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 # 2015-12-11 FLTO check for new OSX, clang. # 2015-11-18 spelling check fix. @@ -671,16 +673,16 @@ ACX_RUNTIME_PATH_ADD([$ssldir/lib]) fi - AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto]) + AC_MSG_CHECKING([for HMAC_Update in -lcrypto]) LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" AC_TRY_LINK(, [ - int HMAC_CTX_init(void); - (void)HMAC_CTX_init(); + int HMAC_Update(void); + (void)HMAC_Update(); ], [ AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_HMAC_CTX_INIT], 1, - [If you have HMAC_CTX_init]) + AC_DEFINE([HAVE_HMAC_UPDATE], 1, + [If you have HMAC_Update]) ], [ AC_MSG_RESULT(no) # check if -lwsock32 or -lgdi32 are needed. @@ -690,11 +692,11 @@ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) AC_TRY_LINK([], [ - int HMAC_CTX_init(void); - (void)HMAC_CTX_init(); + int HMAC_Update(void); + (void)HMAC_Update(); ],[ - AC_DEFINE([HAVE_HMAC_CTX_INIT], 1, - [If you have HMAC_CTX_init]) + AC_DEFINE([HAVE_HMAC_UPDATE], 1, + [If you have HMAC_Update]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -704,15 +706,30 @@ LIBSSL_LIBS="$LIBSSL_LIBS -ldl" AC_MSG_CHECKING([if -lcrypto needs -ldl]) AC_TRY_LINK([], [ - int HMAC_CTX_init(void); - (void)HMAC_CTX_init(); + int HMAC_Update(void); + (void)HMAC_Update(); ],[ - AC_DEFINE([HAVE_HMAC_CTX_INIT], 1, - [If you have HMAC_CTX_init]) + AC_DEFINE([HAVE_HMAC_UPDATE], 1, + [If you have HMAC_Update]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) - AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) + AC_TRY_LINK([], [ + int HMAC_Update(void); + (void)HMAC_Update(); + ],[ + AC_DEFINE([HAVE_HMAC_UPDATE], 1, + [If you have HMAC_Update]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + ]) ]) ]) ]) diff -Nru unbound-1.5.8/acx_python.m4 unbound-1.6.0/acx_python.m4 --- unbound-1.5.8/acx_python.m4 2014-09-19 09:57:20.000000000 +0000 +++ unbound-1.6.0/acx_python.m4 2016-06-07 08:18:20.000000000 +0000 @@ -54,7 +54,7 @@ AC_MSG_CHECKING([for Python library path]) if test -z "$PYTHON_LDFLAGS"; then PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ - print(get_config_var('BLDLIBRARY'));"` + print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` fi AC_MSG_RESULT([$PYTHON_LDFLAGS]) AC_SUBST([PYTHON_LDFLAGS]) diff -Nru unbound-1.5.8/cachedb/cachedb.c unbound-1.6.0/cachedb/cachedb.c --- unbound-1.5.8/cachedb/cachedb.c 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/cachedb/cachedb.c 2016-12-06 13:42:51.000000000 +0000 @@ -0,0 +1,712 @@ +/* + * cachedb/cachedb.c - cache from a database external to the program module + * + * Copyright (c) 2016, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains a module that uses an external database to cache + * dns responses. + */ + +#include "config.h" +#ifdef USE_CACHEDB +#include "cachedb/cachedb.h" +#include "util/regional.h" +#include "util/net_help.h" +#include "util/config_file.h" +#include "util/data/msgreply.h" +#include "util/data/msgencode.h" +#include "services/cache/dns.h" +#include "validator/val_neg.h" +#include "validator/val_secalgo.h" +#include "iterator/iter_utils.h" +#include "sldns/parseutil.h" +#include "sldns/wire2str.h" +#include "sldns/sbuffer.h" + +#define CACHEDB_HASHSIZE 256 /* bit hash */ + +/** the unit test testframe for cachedb, its module state contains + * a cache for a couple queries (in memory). */ +struct testframe_moddata { + /** key for single stored data element, NULL if none */ + char* stored_key; + /** data for single stored data element, NULL if none */ + uint8_t* stored_data; + /** length of stored data */ + size_t stored_datalen; +}; + +static int +testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) +{ + (void)env; + verbose(VERB_ALGO, "testframe_init"); + cachedb_env->backend_data = (void*)calloc(1, + sizeof(struct testframe_moddata)); + if(!cachedb_env->backend_data) { + log_err("out of memory"); + return 0; + } + return 1; +} + +static void +testframe_deinit(struct module_env* env, struct cachedb_env* cachedb_env) +{ + struct testframe_moddata* d = (struct testframe_moddata*) + cachedb_env->backend_data; + (void)env; + verbose(VERB_ALGO, "testframe_deinit"); + if(!d) + return; + free(d->stored_key); + free(d->stored_data); + free(d); +} + +static int +testframe_lookup(struct module_env* env, struct cachedb_env* cachedb_env, + char* key, struct sldns_buffer* result_buffer) +{ + struct testframe_moddata* d = (struct testframe_moddata*) + cachedb_env->backend_data; + (void)env; + verbose(VERB_ALGO, "testframe_lookup of %s", key); + if(d->stored_key && strcmp(d->stored_key, key) == 0) { + if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) + return 0; /* too large */ + verbose(VERB_ALGO, "testframe_lookup found %d bytes", + (int)d->stored_datalen); + sldns_buffer_clear(result_buffer); + sldns_buffer_write(result_buffer, d->stored_data, + d->stored_datalen); + sldns_buffer_flip(result_buffer); + return 1; + } + return 0; +} + +static void +testframe_store(struct module_env* env, struct cachedb_env* cachedb_env, + char* key, uint8_t* data, size_t data_len) +{ + struct testframe_moddata* d = (struct testframe_moddata*) + cachedb_env->backend_data; + (void)env; + verbose(VERB_ALGO, "testframe_store %s (%d bytes)", key, (int)data_len); + + /* free old data element (if any) */ + free(d->stored_key); + d->stored_key = NULL; + free(d->stored_data); + d->stored_data = NULL; + d->stored_datalen = 0; + + d->stored_data = memdup(data, data_len); + if(!d->stored_data) { + log_err("out of memory"); + return; + } + d->stored_datalen = data_len; + d->stored_key = strdup(key); + if(!d->stored_key) { + free(d->stored_data); + d->stored_data = NULL; + d->stored_datalen = 0; + return; + } + /* (key,data) successfully stored */ +} + +/** The testframe backend is for unit tests */ +static struct cachedb_backend testframe_backend = { "testframe", + testframe_init, testframe_deinit, testframe_lookup, testframe_store +}; + +/** find a particular backend from possible backends */ +static struct cachedb_backend* +cachedb_find_backend(const char* str) +{ + if(strcmp(str, testframe_backend.name) == 0) + return &testframe_backend; + /* TODO add more backends here */ + return NULL; +} + +/** apply configuration to cachedb module 'global' state */ +static int +cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) +{ + const char* backend_str = "testframe"; /* TODO get from cfg */ + if(backend_str && backend_str[0]) { + cachedb_env->backend = cachedb_find_backend(backend_str); + if(!cachedb_env->backend) { + log_err("cachedb: cannot find backend name '%s", + backend_str); + return NULL; + } + } + /* TODO see if more configuration needs to be applied or not */ + return 1; +} + +int +cachedb_init(struct module_env* env, int id) +{ + struct cachedb_env* cachedb_env = (struct cachedb_env*)calloc(1, + sizeof(struct cachedb_env)); + if(!cachedb_env) { + log_err("malloc failure"); + return 0; + } + env->modinfo[id] = (void*)cachedb_env; + if(!cachedb_apply_cfg(cachedb_env, env->cfg)) { + log_err("cachedb: could not apply configuration settings."); + return 0; + } + /* see if a backend is selected */ + if(!cachedb_env->backend || !cachedb_env->backend->name) + return 1; + if(!(*cachedb_env->backend->init)(env, cachedb_env)) { + log_err("cachedb: could not init %s backend", + cachedb_env->backend->name); + return 0; + } + cachedb_env->enabled = 1; + return 1; +} + +void +cachedb_deinit(struct module_env* env, int id) +{ + struct cachedb_env* cachedb_env; + if(!env || !env->modinfo[id]) + return; + cachedb_env = (struct cachedb_env*)env->modinfo[id]; + /* free contents */ + /* TODO */ + if(cachedb_env->enabled) { + (*cachedb_env->backend->deinit)(env, cachedb_env); + } + + free(cachedb_env); + env->modinfo[id] = NULL; +} + +/** new query for cachedb */ +static int +cachedb_new(struct module_qstate* qstate, int id) +{ + struct cachedb_qstate* iq = (struct cachedb_qstate*)regional_alloc( + qstate->region, sizeof(struct cachedb_qstate)); + qstate->minfo[id] = iq; + if(!iq) + return 0; + memset(iq, 0, sizeof(*iq)); + /* initialise it */ + /* TODO */ + + return 1; +} + +/** + * Return an error + * @param qstate: our query state + * @param id: module id + * @param rcode: error code (DNS errcode). + * @return: 0 for use by caller, to make notation easy, like: + * return error_response(..). + */ +static int +error_response(struct module_qstate* qstate, int id, int rcode) +{ + verbose(VERB_QUERY, "return error response %s", + sldns_lookup_by_id(sldns_rcodes, rcode)? + sldns_lookup_by_id(sldns_rcodes, rcode)->name:"??"); + qstate->return_rcode = rcode; + qstate->return_msg = NULL; + qstate->ext_state[id] = module_finished; + return 0; +} + +/** + * Hash the query name, type, class and dbacess-secret into lookup buffer. + * @param qstate: query state with query info + * and env->cfg with secret. + * @param buf: returned buffer with hash to lookup + * @param len: length of the buffer. + */ +static void +calc_hash(struct module_qstate* qstate, char* buf, size_t len) +{ + uint8_t clear[1024]; + size_t clen = 0; + uint8_t hash[CACHEDB_HASHSIZE/8]; + const char* hex = "0123456789ABCDEF"; + const char* secret = "default"; /* TODO: from qstate->env->cfg */ + size_t i; + + /* copy the hash info into the clear buffer */ + if(clen + qstate->qinfo.qname_len < sizeof(clear)) { + memmove(clear+clen, qstate->qinfo.qname, + qstate->qinfo.qname_len); + clen += qstate->qinfo.qname_len; + } + if(clen + 4 < sizeof(clear)) { + uint16_t t = htons(qstate->qinfo.qtype); + uint16_t c = htons(qstate->qinfo.qclass); + memmove(clear+clen, &t, 2); + memmove(clear+clen+2, &c, 2); + clen += 4; + } + if(secret && secret[0] && clen + strlen(secret) < sizeof(clear)) { + memmove(clear+clen, secret, strlen(secret)); + clen += strlen(secret); + } + + /* hash the buffer */ + secalgo_hash_sha256(clear, clen, hash); + memset(clear, 0, clen); + + /* hex encode output for portability (some online dbs need + * no nulls, no control characters, and so on) */ + log_assert(len >= sizeof(hash)*2 + 1); + (void)len; + for(i=0; i>4]; + buf[i*2+1] = hex[hash[i]&0x0f]; + } + buf[sizeof(hash)*2] = 0; +} + +/** convert data from return_msg into the data buffer */ +static int +prep_data(struct module_qstate* qstate, struct sldns_buffer* buf) +{ + uint64_t timestamp, expiry; + size_t oldlim; + struct edns_data edns; + memset(&edns, 0, sizeof(edns)); + edns.edns_present = 1; + edns.bits = EDNS_DO; + edns.ext_rcode = 0; + edns.edns_version = EDNS_ADVERTISED_VERSION; + edns.udp_size = EDNS_ADVERTISED_SIZE; + + if(!qstate->return_msg || !qstate->return_msg->rep) + return 0; + if(verbosity >= VERB_ALGO) + log_dns_msg("cachedb encoding", &qstate->return_msg->qinfo, + qstate->return_msg->rep); + if(!reply_info_answer_encode(&qstate->return_msg->qinfo, + qstate->return_msg->rep, 0, qstate->query_flags, + buf, 0, 1, qstate->env->scratch, 65535, &edns, 1, 0)) + return 0; + + /* TTLs in the return_msg are relative to time(0) so we have to + * store that, we also store the smallest ttl in the packet+time(0) + * as the packet expiry time */ + /* qstate->return_msg->rep->ttl contains that relative shortest ttl */ + timestamp = (uint64_t)*qstate->env->now; + expiry = timestamp + (uint64_t)qstate->return_msg->rep->ttl; + timestamp = htobe64(timestamp); + expiry = htobe64(expiry); + oldlim = sldns_buffer_limit(buf); + if(oldlim + sizeof(timestamp)+sizeof(expiry) >= + sldns_buffer_capacity(buf)) + return 0; /* doesn't fit. */ + sldns_buffer_set_limit(buf, oldlim + sizeof(timestamp)+sizeof(expiry)); + sldns_buffer_write_at(buf, oldlim, ×tamp, sizeof(timestamp)); + sldns_buffer_write_at(buf, oldlim+sizeof(timestamp), &expiry, + sizeof(expiry)); + + return 1; +} + +/** check expiry, return true if matches OK */ +static int +good_expiry_and_qinfo(struct module_qstate* qstate, struct sldns_buffer* buf) +{ + uint64_t expiry; + /* the expiry time is the last bytes of the buffer */ + if(sldns_buffer_limit(buf) < sizeof(expiry)) + return 0; + sldns_buffer_read_at(buf, sldns_buffer_limit(buf)-sizeof(expiry), + &expiry, sizeof(expiry)); + expiry = be64toh(expiry); + + if((time_t)expiry < *qstate->env->now) + return 0; + + return 1; +} + +/** convert dns message in buffer to return_msg */ +static int +parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) +{ + struct msg_parse* prs; + struct edns_data edns; + uint64_t timestamp, expiry; + time_t adjust; + size_t lim = sldns_buffer_limit(buf); + if(lim < LDNS_HEADER_SIZE+sizeof(timestamp)+sizeof(expiry)) + return 0; /* too short */ + + /* remove timestamp and expiry from end */ + sldns_buffer_read_at(buf, lim-sizeof(expiry), &expiry, sizeof(expiry)); + sldns_buffer_read_at(buf, lim-sizeof(expiry)-sizeof(timestamp), + ×tamp, sizeof(timestamp)); + expiry = be64toh(expiry); + timestamp = be64toh(timestamp); + + /* parse DNS packet */ + regional_free_all(qstate->env->scratch); + prs = (struct msg_parse*)regional_alloc(qstate->env->scratch, + sizeof(struct msg_parse)); + if(!prs) + return 0; /* out of memory */ + memset(prs, 0, sizeof(*prs)); + memset(&edns, 0, sizeof(edns)); + sldns_buffer_set_limit(buf, lim - sizeof(expiry)-sizeof(timestamp)); + if(parse_packet(buf, prs, qstate->env->scratch) != LDNS_RCODE_NOERROR) { + sldns_buffer_set_limit(buf, lim); + return 0; + } + if(parse_extract_edns(prs, &edns, qstate->env->scratch) != + LDNS_RCODE_NOERROR) { + sldns_buffer_set_limit(buf, lim); + return 0; + } + + qstate->return_msg = dns_alloc_msg(buf, prs, qstate->region); + sldns_buffer_set_limit(buf, lim); + if(!qstate->return_msg) + return 0; + + qstate->return_rcode = LDNS_RCODE_NOERROR; + + /* see how much of the TTL expired, and remove it */ + adjust = *qstate->env->now - (time_t)timestamp; + verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust); + /*adjust_msg(qstate->return_msg, adjust);*/ + /* TODO: + msg->rep->ttl = r->ttl - adjust; + msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); + for(i=0; icount + d->rrsig_count; i++) { + if(d->rr_ttl[i] < adjust) + d->rr_ttl[i] = 0; + else d->rr_ttl[i] -= adjust; + } + if(d->ttl < adjust) + d->ttl = 0; + else d->ttl -= adjust; + */ + /* TODO */ + + return 0; +} + +/** + * Lookup the qstate.qinfo in extcache, store in qstate.return_msg. + * return true if lookup was successful. + */ +static int +cachedb_extcache_lookup(struct module_qstate* qstate, struct cachedb_env* ie) +{ + char key[(CACHEDB_HASHSIZE/8)*2+1]; + calc_hash(qstate, key, sizeof(key)); + + /* call backend to fetch data for key into scratch buffer */ + if( !(*ie->backend->lookup)(qstate->env, ie, key, + qstate->env->scratch_buffer)) { + return 0; + } + + /* check expiry date and check if query-data matches */ + if( !good_expiry_and_qinfo(qstate, qstate->env->scratch_buffer) ) { + return 0; + } + + /* parse dns message into return_msg */ + if( !parse_data(qstate, qstate->env->scratch_buffer) ) { + return 0; + } + return 1; +} + +/** + * Store the qstate.return_msg in extcache for key qstate.info + */ +static void +cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) +{ + char key[(CACHEDB_HASHSIZE/8)*2+1]; + calc_hash(qstate, key, sizeof(key)); + + /* prepare data in scratch buffer */ + if(!prep_data(qstate, qstate->env->scratch_buffer)) + return; + + /* call backend */ + (*ie->backend->store)(qstate->env, ie, key, + sldns_buffer_begin(qstate->env->scratch_buffer), + sldns_buffer_limit(qstate->env->scratch_buffer)); +} + +/** + * See if unbound's internal cache can answer the query + */ +static int +cachedb_intcache_lookup(struct module_qstate* qstate) +{ + struct dns_msg* msg; + msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname, + qstate->qinfo.qname_len, qstate->qinfo.qtype, + qstate->qinfo.qclass, qstate->query_flags, + qstate->region, qstate->env->scratch); + if(!msg && qstate->env->neg_cache) { + /* lookup in negative cache; may result in + * NOERROR/NODATA or NXDOMAIN answers that need validation */ + msg = val_neg_getmsg(qstate->env->neg_cache, &qstate->qinfo, + qstate->region, qstate->env->rrset_cache, + qstate->env->scratch_buffer, + *qstate->env->now, 1/*add SOA*/, NULL); + } + if(!msg) + return 0; + /* this is the returned msg */ + qstate->return_rcode = LDNS_RCODE_NOERROR; + qstate->return_msg = msg; + return 1; +} + +/** + * Store query into the internal cache of unbound. + */ +static void +cachedb_intcache_store(struct module_qstate* qstate) +{ + if(!qstate->return_msg) + return; + (void)dns_cache_store(qstate->env, &qstate->qinfo, + qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0, + qstate->region, qstate->query_flags); +} + +/** + * Handle a cachedb module event with a query + * @param qstate: query state (from the mesh), passed between modules. + * contains qstate->env module environment with global caches and so on. + * @param iq: query state specific for this module. per-query. + * @param ie: environment specific for this module. global. + * @param id: module id. + */ +static void +cachedb_handle_query(struct module_qstate* qstate, + struct cachedb_qstate* ATTR_UNUSED(iq), + struct cachedb_env* ie, int id) +{ + /* check if we are enabled, and skip if so */ + if(!ie->enabled) { + /* pass request to next module */ + qstate->ext_state[id] = module_wait_module; + return; + } + + if(qstate->blacklist || qstate->no_cache_lookup) { + /* cache is blacklisted or we are instructed from edns to not look */ + /* pass request to next module */ + qstate->ext_state[id] = module_wait_module; + return; + } + + /* lookup inside unbound's internal cache */ + if(cachedb_intcache_lookup(qstate)) { + if(verbosity >= VERB_ALGO) { + if(qstate->return_msg->rep) + log_dns_msg("cachedb internal cache lookup", + &qstate->return_msg->qinfo, + qstate->return_msg->rep); + else log_info("cachedb internal cache lookup: rcode %s", + sldns_lookup_by_id(sldns_rcodes, qstate->return_rcode)? + sldns_lookup_by_id(sldns_rcodes, qstate->return_rcode)->name:"??"); + } + /* we are done with the query */ + qstate->ext_state[id] = module_finished; + return; + } + + /* ask backend cache to see if we have data */ + if(cachedb_extcache_lookup(qstate, ie)) { + if(verbosity >= VERB_ALGO) + log_dns_msg(ie->backend->name, + &qstate->return_msg->qinfo, + qstate->return_msg->rep); + /* store this result in internal cache */ + cachedb_intcache_store(qstate); + /* we are done with the query */ + qstate->ext_state[id] = module_finished; + return; + } + + /* no cache fetches */ + /* pass request to next module */ + qstate->ext_state[id] = module_wait_module; +} + +/** + * Handle a cachedb module event with a response from the iterator. + * @param qstate: query state (from the mesh), passed between modules. + * contains qstate->env module environment with global caches and so on. + * @param iq: query state specific for this module. per-query. + * @param ie: environment specific for this module. global. + * @param id: module id. + */ +static void +cachedb_handle_response(struct module_qstate* qstate, + struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) +{ + /* check if we are not enabled or instructed to not cache, and skip */ + if(!ie->enabled || qstate->no_cache_store) { + /* we are done with the query */ + qstate->ext_state[id] = module_finished; + return; + } + + /* store the item into the backend cache */ + cachedb_extcache_store(qstate, ie); + + /* we are done with the query */ + qstate->ext_state[id] = module_finished; +} + +void +cachedb_operate(struct module_qstate* qstate, enum module_ev event, int id, + struct outbound_entry* outbound) +{ + struct cachedb_env* ie = (struct cachedb_env*)qstate->env->modinfo[id]; + struct cachedb_qstate* iq = (struct cachedb_qstate*)qstate->minfo[id]; + verbose(VERB_QUERY, "cachedb[module %d] operate: extstate:%s event:%s", + id, strextstate(qstate->ext_state[id]), strmodulevent(event)); + if(iq) log_query_info(VERB_QUERY, "cachedb operate: query", + &qstate->qinfo); + + /* perform cachedb state machine */ + if((event == module_event_new || event == module_event_pass) && + iq == NULL) { + if(!cachedb_new(qstate, id)) { + (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return; + } + iq = (struct cachedb_qstate*)qstate->minfo[id]; + } + if(iq && (event == module_event_pass || event == module_event_new)) { + cachedb_handle_query(qstate, iq, ie, id); + return; + } + if(iq && (event == module_event_moddone)) { + cachedb_handle_response(qstate, iq, ie, id); + return; + } + if(iq && outbound) { + /* cachedb does not need to process responses at this time + * ignore it. + cachedb_process_response(qstate, iq, ie, id, outbound, event); + */ + return; + } + if(event == module_event_error) { + verbose(VERB_ALGO, "got called with event error, giving up"); + (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); + return; + } + if(!iq && (event == module_event_moddone)) { + /* during priming, module done but we never started */ + qstate->ext_state[id] = module_finished; + return; + } + + log_err("bad event for cachedb"); + (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); +} + +void +cachedb_inform_super(struct module_qstate* ATTR_UNUSED(qstate), + int ATTR_UNUSED(id), struct module_qstate* ATTR_UNUSED(super)) +{ + /* cachedb does not use subordinate requests at this time */ + verbose(VERB_ALGO, "cachedb inform_super was called"); +} + +void +cachedb_clear(struct module_qstate* qstate, int id) +{ + struct cachedb_qstate* iq; + if(!qstate) + return; + iq = (struct cachedb_qstate*)qstate->minfo[id]; + if(iq) { + /* free contents of iq */ + /* TODO */ + } + qstate->minfo[id] = NULL; +} + +size_t +cachedb_get_mem(struct module_env* env, int id) +{ + struct cachedb_env* ie = (struct cachedb_env*)env->modinfo[id]; + if(!ie) + return 0; + return sizeof(*ie); /* TODO - more mem */ +} + +/** + * The cachedb function block + */ +static struct module_func_block cachedb_block = { + "cachedb", + &cachedb_init, &cachedb_deinit, &cachedb_operate, + &cachedb_inform_super, &cachedb_clear, &cachedb_get_mem +}; + +struct module_func_block* +cachedb_get_funcblock(void) +{ + return &cachedb_block; +} +#endif /* USE_CACHEDB */ diff -Nru unbound-1.5.8/cachedb/cachedb.h unbound-1.6.0/cachedb/cachedb.h --- unbound-1.5.8/cachedb/cachedb.h 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/cachedb/cachedb.h 2016-04-15 14:19:00.000000000 +0000 @@ -0,0 +1,110 @@ +/* + * cachedb/cachedb.h - cache from a database external to the program module + * + * Copyright (c) 2016, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains a module that uses an external database to cache + * dns responses. + */ +#include "util/module.h" +struct cachedb_backend; + +/** + * The global variable environment contents for the cachedb + * Shared between threads, this represents long term information. + * Like database connections. + */ +struct cachedb_env { + /** true is cachedb is enabled, the backend is turned on */ + int enabled; + + /** the backend routines */ + struct cachedb_backend* backend; + + /** backend specific data here */ + void* backend_data; +}; + +/** + * Per query state for the cachedb module. + */ +struct cachedb_qstate { + int todo; +}; + +/** + * Backend call routines + */ +struct cachedb_backend { + /** backend name */ + const char* name; + + /** Init(env, cachedb_env): false on setup failure */ + int (*init)(struct module_env*, struct cachedb_env*); + + /** Deinit - close db for program exit */ + void (*deinit)(struct module_env*, struct cachedb_env*); + + /** Lookup (env, cachedb_env, key, result_buffer): true if found */ + int (*lookup)(struct module_env*, struct cachedb_env*, char*, + struct sldns_buffer*); + + /** Store (env, cachedb_env, key, data, data_len) */ + void (*store)(struct module_env*, struct cachedb_env*, char*, + uint8_t*, size_t); +}; + +/** Init the cachedb module */ +int cachedb_init(struct module_env* env, int id); +/** Deinit the cachedb module */ +void cachedb_deinit(struct module_env* env, int id); +/** Operate on an event on a query (in qstate). */ +void cachedb_operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* outbound); +/** Subordinate query done, inform this super request of its conclusion */ +void cachedb_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super); +/** clear the cachedb query-specific contents out of qstate */ +void cachedb_clear(struct module_qstate* qstate, int id); +/** return memory estimate for cachedb module */ +size_t cachedb_get_mem(struct module_env* env, int id); + +/** + * Get the function block with pointers to the cachedb functions + * @return the function block for "cachedb". + */ +struct module_func_block* cachedb_get_funcblock(void); + diff -Nru unbound-1.5.8/compat/arc4random.c unbound-1.6.0/compat/arc4random.c --- unbound-1.5.8/compat/arc4random.c 2015-10-27 10:39:18.000000000 +0000 +++ unbound-1.6.0/compat/arc4random.c 2016-06-14 10:27:34.000000000 +0000 @@ -48,6 +48,9 @@ #else /* !__GNUC__ */ #define inline #endif /* !__GNUC__ */ +#ifndef MAP_ANON +#define MAP_ANON MAP_ANONYMOUS +#endif #define KEYSZ 32 #define IVSZ 8 diff -Nru unbound-1.5.8/compat/explicit_bzero.c unbound-1.6.0/compat/explicit_bzero.c --- unbound-1.5.8/compat/explicit_bzero.c 2014-07-11 14:46:46.000000000 +0000 +++ unbound-1.6.0/compat/explicit_bzero.c 2016-03-03 15:59:25.000000000 +0000 @@ -6,7 +6,11 @@ #include "config.h" #include +#ifdef HAVE_ATTR_WEAK __attribute__((weak)) void +#else +void +#endif __explicit_bzero_hook(void *ATTR_UNUSED(buf), size_t ATTR_UNUSED(len)) { } diff -Nru unbound-1.5.8/compat/getentropy_linux.c unbound-1.6.0/compat/getentropy_linux.c --- unbound-1.5.8/compat/getentropy_linux.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/compat/getentropy_linux.c 2016-06-14 10:27:34.000000000 +0000 @@ -60,6 +60,9 @@ #include #endif #include +#ifndef MAP_ANON +#define MAP_ANON MAP_ANONYMOUS +#endif #define REPEAT 5 #define min(a, b) (((a) < (b)) ? (a) : (b)) @@ -94,7 +97,7 @@ extern int main(int, char *argv[]); #endif static int gotdata(char *buf, size_t len); -#ifdef SYS_getrandom +#if defined(SYS_getrandom) && defined(__NR_getrandom) static int getentropy_getrandom(void *buf, size_t len); #endif static int getentropy_urandom(void *buf, size_t len); @@ -113,7 +116,7 @@ return -1; } -#ifdef SYS_getrandom +#if defined(SYS_getrandom) && defined(__NR_getrandom) /* * Try descriptor-less getrandom() */ @@ -209,7 +212,7 @@ return 0; } -#ifdef SYS_getrandom +#if defined(SYS_getrandom) && defined(__NR_getrandom) static int getentropy_getrandom(void *buf, size_t len) { diff -Nru unbound-1.5.8/compat/strsep.c unbound-1.6.0/compat/strsep.c --- unbound-1.5.8/compat/strsep.c 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/compat/strsep.c 2016-05-31 12:37:42.000000000 +0000 @@ -0,0 +1,65 @@ +/** + * strsep implementation for compatibility. + * + * LICENSE + * Copyright (c) 2016, NLnet Labs + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of NLnetLabs nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + **/ + +#include "config.h" + +/** see if character is in the delimiter array */ +static int +in_delim(char c, const char* delim) +{ + const char* p; + if(!delim) + return 0; + for(p=delim; *p; p++) { + if(*p == c) + return 1; + } + return 0; +} + +char *strsep(char **stringp, const char *delim) +{ + char* s; + char* orig; + if(stringp == NULL || *stringp == NULL) + return NULL; + orig = *stringp; + s = *stringp; + while(*s && !in_delim(*s, delim)) + s++; + if(*s) { + *s = 0; + *stringp = s+1; + } else { + *stringp = NULL; + } + return orig; +} diff -Nru unbound-1.5.8/config.h.in unbound-1.6.0/config.h.in --- unbound-1.5.8/config.h.in 2016-01-07 10:34:46.000000000 +0000 +++ unbound-1.6.0/config.h.in 2016-12-07 13:04:46.000000000 +0000 @@ -42,12 +42,18 @@ /* Whether the C compiler accepts the "unused" attribute */ #undef HAVE_ATTR_UNUSED +/* Whether the C compiler accepts the "weak" attribute */ +#undef HAVE_ATTR_WEAK + /* Define to 1 if you have the `chown' function. */ #undef HAVE_CHOWN /* Define to 1 if you have the `chroot' function. */ #undef HAVE_CHROOT +/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ +#undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + /* Define to 1 if you have the `ctime_r' function. */ #undef HAVE_CTIME_R @@ -101,15 +107,27 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H +/* Define to 1 if you have the `DSA_SIG_set0' function. */ +#undef HAVE_DSA_SIG_SET0 + /* Define to 1 if you have the header file. */ #undef HAVE_ENDIAN_H /* Define to 1 if you have the `endprotoent' function. */ #undef HAVE_ENDPROTOENT +/* Define to 1 if you have the `endpwent' function. */ +#undef HAVE_ENDPWENT + /* Define to 1 if you have the `endservent' function. */ #undef HAVE_ENDSERVENT +/* Define to 1 if you have the `ERR_free_strings' function. */ +#undef HAVE_ERR_FREE_STRINGS + +/* Define to 1 if you have the `ERR_load_crypto_strings' function. */ +#undef HAVE_ERR_LOAD_CRYPTO_STRINGS + /* Define to 1 if you have the `event_base_free' function. */ #undef HAVE_EVENT_BASE_FREE @@ -125,6 +143,15 @@ /* Define to 1 if you have the header file. */ #undef HAVE_EVENT_H +/* Define to 1 if you have the `EVP_cleanup' function. */ +#undef HAVE_EVP_CLEANUP + +/* Define to 1 if you have the `EVP_dss1' function. */ +#undef HAVE_EVP_DSS1 + +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#undef HAVE_EVP_MD_CTX_NEW + /* Define to 1 if you have the `EVP_sha1' function. */ #undef HAVE_EVP_SHA1 @@ -188,8 +215,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_GRP_H -/* If you have HMAC_CTX_init */ -#undef HAVE_HMAC_CTX_INIT +/* If you have HMAC_Update */ +#undef HAVE_HMAC_UPDATE /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON @@ -248,24 +275,48 @@ /* Use libnettle for crypto */ #undef HAVE_NETTLE +/* Define to 1 if you have the header file. */ +#undef HAVE_NETTLE_DSA_COMPAT_H + /* Use libnss for crypto */ #undef HAVE_NSS +/* Define to 1 if you have the `OpenSSL_add_all_digests' function. */ +#undef HAVE_OPENSSL_ADD_ALL_DIGESTS + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_BN_H + /* Define to 1 if you have the `OPENSSL_config' function. */ #undef HAVE_OPENSSL_CONFIG /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_CONF_H +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_DH_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_DSA_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_ENGINE_H /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_ERR_H +/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ +#undef HAVE_OPENSSL_INIT_CRYPTO + +/* Define to 1 if you have the `OPENSSL_init_ssl' function. */ +#undef HAVE_OPENSSL_INIT_SSL + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_RAND_H +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_RSA_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_SSL_H @@ -290,15 +341,15 @@ /* Define to 1 if you have the `random' function. */ #undef HAVE_RANDOM +/* Define to 1 if you have the `RAND_cleanup' function. */ +#undef HAVE_RAND_CLEANUP + /* Define to 1 if you have the `reallocarray' function. */ #undef HAVE_REALLOCARRAY /* Define to 1 if you have the `recvmsg' function. */ #undef HAVE_RECVMSG -/* define if you have the sbrk() call */ -#undef HAVE_SBRK - /* Define to 1 if you have the `sendmsg' function. */ #undef HAVE_SENDMSG @@ -347,6 +398,9 @@ /* Define if you have the SSL libraries installed. */ #undef HAVE_SSL +/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ +#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL + /* Define to 1 if you have the header file. */ #undef HAVE_STDARG_H @@ -377,6 +431,9 @@ /* Define to 1 if you have the `strptime' function. */ #undef HAVE_STRPTIME +/* Define to 1 if you have the `strsep' function. */ +#undef HAVE_STRSEP + /* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */ #undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST @@ -580,9 +637,15 @@ /* define this to enable debug checks. */ #undef UNBOUND_DEBUG +/* Define to 1 to use cachedb support */ +#undef USE_CACHEDB + /* Define to 1 to enable dnstap support */ #undef USE_DNSTAP +/* Define this to enable DSA support. */ +#undef USE_DSA + /* Define this to enable ECDSA support. */ #undef USE_ECDSA @@ -595,6 +658,12 @@ /* Define if you want to use internal select based events */ #undef USE_MINI_EVENT +/* Define this to enable client TCP Fast Open. */ +#undef USE_MSG_FASTOPEN + +/* Define this to enable client TCP Fast Open. */ +#undef USE_OSX_MSG_FASTOPEN + /* Define this to enable SHA256 and SHA512 support. */ #undef USE_SHA2 @@ -620,6 +689,9 @@ #endif +/* Define this to enable server TCP Fast Open. */ +#undef USE_TCP_FASTOPEN + /* Whether the windows socket API is used */ #undef USE_WINSOCK @@ -979,6 +1051,11 @@ char *ctime_r(const time_t *timep, char *buf); #endif +#ifndef HAVE_STRSEP +#define strsep unbound_strsep +char *strsep(char **stringp, const char *delim); +#endif + #ifndef HAVE_ISBLANK #define isblank unbound_isblank int isblank(int c); diff -Nru unbound-1.5.8/configure unbound-1.6.0/configure --- unbound-1.5.8/configure 2016-03-02 07:52:37.000000000 +0000 +++ unbound-1.6.0/configure 2016-12-15 08:20:09.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.8. +# Generated by GNU Autoconf 2.69 for unbound 1.6.0. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.8' -PACKAGE_STRING='unbound 1.5.8' +PACKAGE_VERSION='1.6.0' +PACKAGE_STRING='unbound 1.6.0' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -659,6 +659,7 @@ WINDRES CHECKLOCK_OBJ staticexe +PC_LIBEVENT_DEPENDENCY UNBOUND_EVENT_UNINSTALL UNBOUND_EVENT_INSTALL SSLLIB @@ -678,6 +679,7 @@ swig SWIG_LIB SWIG +PC_PY_DEPENDENCY PY_MAJOR_VERSION PYTHON_SITE_PKG PYTHON_LDFLAGS @@ -832,7 +834,10 @@ enable_sha2 enable_gost enable_ecdsa +enable_dsa enable_event_api +enable_tfo_client +enable_tfo_server with_libevent with_libexpat enable_static_exe @@ -842,6 +847,7 @@ with_dnstap_socket_path with_protobuf_c with_libfstrm +enable_cachedb with_libunbound_only ' ac_precious_vars='build_alias @@ -1397,7 +1403,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.5.8 to adapt to many kinds of systems. +\`configure' configures unbound 1.6.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1462,7 +1468,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.5.8:";; + short | recursive ) echo "Configuration of unbound 1.6.0:";; esac cat <<\_ACEOF @@ -1495,8 +1501,11 @@ --disable-sha2 Disable SHA256 and SHA512 RRSIG support --disable-gost Disable GOST support --disable-ecdsa Disable ECDSA support - --enable-event-api Enable (experimental) libevent-based libunbound API - installed to unbound-event.h + --disable-dsa Disable DSA support + --enable-event-api Enable (experimental) pluggable event base + libunbound API installed to unbound-event.h + --enable-tfo-client Enable TCP Fast Open for client mode + --enable-tfo-server Enable TCP Fast Open for server mode --enable-static-exe enable to compile executables statically against (event) libs, for debug purposes --enable-lock-checks enable to check lock and unlock calls, for debug @@ -1505,6 +1514,8 @@ to it, smaller install size but libunbound export table is polluted by internal symbols --enable-dnstap Enable dnstap support (requires fstrm, protobuf-c) + --enable-cachedb enable cachedb module that can use external cache + storage Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1647,7 +1658,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.5.8 +unbound configure 1.6.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2356,7 +2367,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.8, which was +It was created by unbound $as_me 1.6.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2706,13 +2717,13 @@ UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=5 +UNBOUND_VERSION_MINOR=6 -UNBOUND_VERSION_MICRO=8 +UNBOUND_VERSION_MICRO=0 LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=0 +LIBUNBOUND_REVISION=3 LIBUNBOUND_AGE=4 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2760,6 +2771,9 @@ # 1.5.6 had 5:9:3 # 1.5.7 had 5:10:3 # 1.5.8 had 6:0:4 # adds ub_ctx_set_stub +# 1.5.9 had 6:1:4 +# 1.5.10 had 6:2:4 +# 1.6.0 had 6:3:4 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -4048,7 +4062,7 @@ # are we on MinGW? if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" else - if echo $target | grep mingw32 >/dev/null; then on_mingw="yes" + if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -4058,7 +4072,7 @@ if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" fi # Check whether --with-conf_file was given. @@ -4189,7 +4203,7 @@ if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" fi fi @@ -4211,7 +4225,7 @@ if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" fi fi @@ -6117,6 +6131,48 @@ fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"weak\" attribute" >&5 +$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"weak\" attribute... " >&6; } +if ${ac_cv_c_weak_attribute+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_weak_attribute=no +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +__attribute__((weak)) void f(int x) { printf("%d", x); } + +int +main () +{ + + f(1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_weak_attribute="yes" +else + ac_cv_c_weak_attribute="no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_weak_attribute" >&5 +$as_echo "$ac_cv_c_weak_attribute" >&6; } +if test $ac_cv_c_weak_attribute = yes; then + +$as_echo "#define HAVE_ATTR_WEAK 1" >>confdefs.h + +fi + + if test "$srcdir" != "."; then CPPFLAGS="$CPPFLAGS -I$srcdir" fi @@ -16666,7 +16722,7 @@ $as_echo_n "checking for Python library path... " >&6; } if test -z "$PYTHON_LDFLAGS"; then PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ - print(get_config_var('BLDLIBRARY'));"` + print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5 $as_echo "$PYTHON_LDFLAGS" >&6; } @@ -16770,6 +16826,8 @@ LIBS="$PYTHON_LDFLAGS $LIBS" CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" ub_have_python=yes + PC_PY_DEPENDENCY="python" + # Check for SWIG ub_have_swig=no @@ -16985,6 +17043,19 @@ $as_echo "#define HAVE_NETTLE 1" >>confdefs.h + for ac_header in nettle/dsa-compat.h +do : + ac_fn_c_check_header_compile "$LINENO" "nettle/dsa-compat.h" "ac_cv_header_nettle_dsa_compat_h" "$ac_includes_default +" +if test "x$ac_cv_header_nettle_dsa_compat_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_DSA_COMPAT_H 1 +_ACEOF + +fi + +done + if test "$withval" != "" -a "$withval" != "yes"; then CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" LDFLAGS="$LDFLAGS -L$withval/lib" @@ -17064,8 +17135,8 @@ fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_CTX_init in -lcrypto" >&5 -$as_echo_n "checking for HMAC_CTX_init in -lcrypto... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Update in -lcrypto" >&5 +$as_echo_n "checking for HMAC_Update in -lcrypto... " >&6; } LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -17075,8 +17146,8 @@ main () { - int HMAC_CTX_init(void); - (void)HMAC_CTX_init(); + int HMAC_Update(void); + (void)HMAC_Update(); ; return 0; @@ -17087,7 +17158,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -$as_echo "#define HAVE_HMAC_CTX_INIT 1" >>confdefs.h +$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h else @@ -17108,8 +17179,8 @@ main () { - int HMAC_CTX_init(void); - (void)HMAC_CTX_init(); + int HMAC_Update(void); + (void)HMAC_Update(); ; return 0; @@ -17118,7 +17189,7 @@ if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_CTX_INIT 1" >>confdefs.h +$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -17140,8 +17211,8 @@ main () { - int HMAC_CTX_init(void); - (void)HMAC_CTX_init(); + int HMAC_Update(void); + (void)HMAC_Update(); ; return 0; @@ -17150,7 +17221,7 @@ if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_CTX_INIT 1" >>confdefs.h +$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -17159,7 +17230,43 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 +$as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + int HMAC_Update(void); + (void)HMAC_Update(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext \ @@ -17313,6 +17420,47 @@ rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext SSLLIB="-lssl" + +# check if -lcrypt32 is needed because CAPIENG needs that. (on windows) +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libssl needs -lcrypt32" >&5 +$as_echo_n "checking if libssl needs -lcrypt32... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char HMAC_Update (); +int +main () +{ +return HMAC_Update (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$BAKLIBS" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LIBS="$BAKLIBS" + LIBS="$LIBS -lcrypt32" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5 $as_echo_n "checking for LibreSSL... " >&6; } if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then @@ -17378,33 +17526,37 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -for ac_header in openssl/conf.h +for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h do : - ac_fn_c_check_header_compile "$LINENO" "openssl/conf.h" "ac_cv_header_openssl_conf_h" "$ac_includes_default + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " -if test "x$ac_cv_header_openssl_conf_h" = xyes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_CONF_H 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done -for ac_header in openssl/engine.h +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 do : - ac_fn_c_check_header_compile "$LINENO" "openssl/engine.h" "ac_cv_header_openssl_engine_h" "$ac_includes_default -" -if test "x$ac_cv_header_openssl_engine_h" = xyes; then : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_ENGINE_H 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi - done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode + +# these check_funcs need -lssl +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -17416,6 +17568,8 @@ fi done +LIBS="$BAKLIBS" + ac_fn_c_check_decl "$LINENO" "SSL_COMP_get_compression_methods" "ac_cv_have_decl_SSL_COMP_get_compression_methods" " $ac_includes_default #ifdef HAVE_OPENSSL_ERR_H @@ -17771,20 +17925,127 @@ ;; esac +# Check whether --enable-dsa was given. +if test "${enable_dsa+set}" = set; then : + enableval=$enable_dsa; +fi + +use_dsa="no" +case "$enable_dsa" in + no) + ;; + *) + # detect if DSA is supported, and turn it off if not. + ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" +if test "x$ac_cv_func_DSA_SIG_new" = xyes; then : + + +cat >>confdefs.h <<_ACEOF +#define USE_DSA 1 +_ACEOF + + +else + if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5 + fi +fi + + ;; +esac + + # Check whether --enable-event-api was given. if test "${enable_event_api+set}" = set; then : enableval=$enable_event_api; fi -use_unbound_event="no" case "$enable_event_api" in yes) - use_unbound_event="yes" + UNBOUND_EVENT_INSTALL=unbound-event-install + + UNBOUND_EVENT_UNINSTALL=unbound-event-uninstall + ;; *) ;; esac +# Check whether --enable-tfo-client was given. +if test "${enable_tfo_client+set}" = set; then : + enableval=$enable_tfo_client; +fi + +case "$enable_tfo_client" in + yes) + case `uname` in + Linux) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default +#include + +" +if test "x$ac_cv_have_decl_MSG_FASTOPEN" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5 +$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;} +else + as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define USE_MSG_FASTOPEN 1 +_ACEOF + + ;; + Darwin) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default +#include + +" +if test "x$ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5 +$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;} +else + as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define USE_OSX_MSG_FASTOPEN 1 +_ACEOF + + ;; + esac + ;; + no|*) + ;; +esac + +# Check whether --enable-tfo-server was given. +if test "${enable_tfo_server+set}" = set; then : + enableval=$enable_tfo_server; +fi + +case "$enable_tfo_server" in + yes) + ac_fn_c_check_decl "$LINENO" "TCP_FASTOPEN" "ac_cv_have_decl_TCP_FASTOPEN" "$ac_includes_default +#include + +" +if test "x$ac_cv_have_decl_TCP_FASTOPEN" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&5 +$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&2;} +else + as_fn_error $? "TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server" "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define USE_TCP_FASTOPEN 1 +_ACEOF + + ;; + no|*) + ;; +esac + # check for libevent # Check whether --with-libevent was given. @@ -18123,15 +18384,11 @@ fi done # only in libev. (tested on 4.00) + PC_LIBEVENT_DEPENDENCY="libevent" + if test -n "$BAK_LDFLAGS_SET"; then LDFLAGS="$BAK_LDFLAGS" fi - if test "$use_unbound_event" = "yes"; then - UNBOUND_EVENT_INSTALL=unbound-event-install - - UNBOUND_EVENT_UNINSTALL=unbound-event-uninstall - - fi else $as_echo "#define USE_MINI_EVENT 1" >>confdefs.h @@ -18205,10 +18462,8 @@ staticexe="-static" if test "$on_mingw" = yes; then staticexe="-all-static" - # for static crosscompile, include gdi32 and zlib here. - if test "`uname`" = "Linux"; then - LIBS="$LIBS -lgdi32 -lz" - fi + # for static compile, include gdi32 and zlib here. + LIBS="$LIBS -lgdi32 -lz" fi fi @@ -18653,7 +18908,7 @@ fi -for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync +for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18712,33 +18967,6 @@ done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sbrk" >&5 -$as_echo_n "checking for sbrk... " >&6; } -# catch the warning of deprecated sbrk -old_cflags="$CFLAGS" -CFLAGS="$CFLAGS -Werror" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default - -int main(void) { void* cur = sbrk(0); printf("%u\n", (unsigned)(size_t)((char*)cur - (char*)sbrk(0))); return 0; } - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_SBRK 1" >>confdefs.h - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -CFLAGS="$old_cflags" - # check if setreuid en setregid fail, on MacOSX10.4(darwin8). if echo $build_os | grep darwin8 > /dev/null; then @@ -19237,6 +19465,20 @@ fi +ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" +if test "x$ac_cv_func_strsep" = xyes; then : + $as_echo "#define HAVE_STRSEP 1" >>confdefs.h + +else + case " $LIBOBJS " in + *" strsep.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS strsep.$ac_objext" + ;; +esac + +fi + + # Check whether --enable-allsymbols was given. if test "${enable_allsymbols+set}" = set; then : @@ -19520,6 +19762,23 @@ fi +# check for cachedb if requested +# Check whether --enable-cachedb was given. +if test "${enable_cachedb+set}" = set; then : + enableval=$enable_cachedb; +fi + +case "$enable_cachedb" in + yes) + +$as_echo "#define USE_CACHEDB 1" >>confdefs.h + + ;; + no|*) + # nothing + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5 $as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; } # on openBSD, the implicit rule make $< work. @@ -19661,12 +19920,12 @@ -version=1.5.8 +version=1.6.0 date=`date +'%b %e, %Y'` -ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h" +ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc" ac_config_headers="$ac_config_headers config.h" @@ -20176,7 +20435,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.5.8, which was +This file was extended by unbound $as_me 1.6.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20242,7 +20501,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.5.8 +unbound config.status 1.6.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -20664,6 +20923,7 @@ "doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;; "smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;; "dnstap/dnstap_config.h") CONFIG_FILES="$CONFIG_FILES dnstap/dnstap_config.h" ;; + "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; diff -Nru unbound-1.5.8/configure.ac unbound-1.6.0/configure.ac --- unbound-1.5.8/configure.ac 2016-02-23 10:43:10.000000000 +0000 +++ unbound-1.6.0/configure.ac 2016-12-07 12:58:47.000000000 +0000 @@ -9,15 +9,15 @@ # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[8]) +m4_define([VERSION_MINOR],[6]) +m4_define([VERSION_MICRO],[0]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=0 +LIBUNBOUND_REVISION=3 LIBUNBOUND_AGE=4 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -65,6 +65,9 @@ # 1.5.6 had 5:9:3 # 1.5.7 had 5:10:3 # 1.5.8 had 6:0:4 # adds ub_ctx_set_stub +# 1.5.9 had 6:1:4 +# 1.5.10 had 6:2:4 +# 1.6.0 had 6:3:4 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -106,7 +109,7 @@ # are we on MinGW? if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" else - if echo $target | grep mingw32 >/dev/null; then on_mingw="yes" + if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -116,7 +119,7 @@ if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" fi AC_ARG_WITH([conf_file], AC_HELP_STRING([--with-conf-file=path], @@ -186,7 +189,7 @@ if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" fi ) AC_SUBST(UNBOUND_ROOTKEY_FILE) @@ -200,7 +203,7 @@ if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" fi ) AC_SUBST(UNBOUND_ROOTCERT_FILE) @@ -257,6 +260,29 @@ ACX_CHECK_FORMAT_ATTRIBUTE ACX_CHECK_UNUSED_ATTRIBUTE +AC_DEFUN([CHECK_WEAK_ATTRIBUTE], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "weak" attribute) +AC_CACHE_VAL(ac_cv_c_weak_attribute, +[ac_cv_c_weak_attribute=no +AC_TRY_COMPILE( +[ #include +__attribute__((weak)) void f(int x) { printf("%d", x); } +], [ + f(1); +], +[ac_cv_c_weak_attribute="yes"], +[ac_cv_c_weak_attribute="no"]) +]) + +AC_MSG_RESULT($ac_cv_c_weak_attribute) +if test $ac_cv_c_weak_attribute = yes; then + AC_DEFINE(HAVE_ATTR_WEAK, 1, [Whether the C compiler accepts the "weak" attribute]) +fi +])dnl End of CHECK_WEAK_ATTRIBUTE + +CHECK_WEAK_ATTRIBUTE + if test "$srcdir" != "."; then CPPFLAGS="$CPPFLAGS -I$srcdir" fi @@ -518,6 +544,8 @@ LIBS="$PYTHON_LDFLAGS $LIBS" CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" ub_have_python=yes + PC_PY_DEPENDENCY="python" + AC_SUBST(PC_PY_DEPENDENCY) # Check for SWIG ub_have_swig=no @@ -605,6 +633,7 @@ [ USE_NETTLE="yes" AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto]) + AC_CHECK_HEADERS([nettle/dsa-compat.h],,, [AC_INCLUDES_DEFAULT]) if test "$withval" != "" -a "$withval" != "yes"; then CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" LDFLAGS="$LDFLAGS -L$withval/lib" @@ -622,6 +651,20 @@ ACX_WITH_SSL ACX_LIB_SSL SSLLIB="-lssl" + +# check if -lcrypt32 is needed because CAPIENG needs that. (on windows) +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +AC_MSG_CHECKING([if libssl needs -lcrypt32]) +AC_TRY_LINK_FUNC([HMAC_Update], [ + AC_MSG_RESULT([no]) + LIBS="$BAKLIBS" +], [ + AC_MSG_RESULT([yes]) + LIBS="$BAKLIBS" + LIBS="$LIBS -lcrypt32" +]) + AC_MSG_CHECKING([for LibreSSL]) if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then AC_MSG_RESULT([yes]) @@ -632,9 +675,15 @@ else AC_MSG_RESULT([no]) fi -AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode]) +AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1]) + +# these check_funcs need -lssl +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level]) +LIBS="$BAKLIBS" + AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_OPENSSL_ERR_H @@ -816,16 +865,67 @@ ;; esac -AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) libevent-based libunbound API installed to unbound-event.h])) -use_unbound_event="no" +AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) +use_dsa="no" +case "$enable_dsa" in + no) + ;; + *) + # detect if DSA is supported, and turn it off if not. + AC_CHECK_FUNC(DSA_SIG_new, [ + AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) + ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) + fi ]) + ;; +esac + + +AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) case "$enable_event_api" in yes) - use_unbound_event="yes" + AC_SUBST(UNBOUND_EVENT_INSTALL, [unbound-event-install]) + AC_SUBST(UNBOUND_EVENT_UNINSTALL, [unbound-event-uninstall]) ;; *) ;; esac +AC_ARG_ENABLE(tfo-client, AC_HELP_STRING([--enable-tfo-client], [Enable TCP Fast Open for client mode])) +case "$enable_tfo_client" in + yes) + case `uname` in + Linux) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], + [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], + [AC_INCLUDES_DEFAULT +#include +]) + AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) + ;; + Darwin) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], + [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], + [AC_INCLUDES_DEFAULT +#include +]) + AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) + ;; + esac + ;; + no|*) + ;; +esac + +AC_ARG_ENABLE(tfo-server, AC_HELP_STRING([--enable-tfo-server], [Enable TCP Fast Open for server mode])) +case "$enable_tfo_server" in + yes) + AC_CHECK_DECL([TCP_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO])], [AC_MSG_ERROR([TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server])], [AC_INCLUDES_DEFAULT +#include + ]) + AC_DEFINE_UNQUOTED([USE_TCP_FASTOPEN], [1], [Define this to enable server TCP Fast Open.]) + ;; + no|*) + ;; +esac + # check for libevent AC_ARG_WITH(libevent, AC_HELP_STRING([--with-libevent=pathname], [use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), @@ -903,13 +1003,11 @@ AC_CHECK_FUNCS([event_base_get_method]) # only in libevent 1.4.3 and later AC_CHECK_FUNCS([ev_loop]) # only in libev. (tested on 3.51) AC_CHECK_FUNCS([ev_default_loop]) # only in libev. (tested on 4.00) + PC_LIBEVENT_DEPENDENCY="libevent" + AC_SUBST(PC_LIBEVENT_DEPENDENCY) if test -n "$BAK_LDFLAGS_SET"; then LDFLAGS="$BAK_LDFLAGS" fi - if test "$use_unbound_event" = "yes"; then - AC_SUBST(UNBOUND_EVENT_INSTALL, [unbound-event-install]) - AC_SUBST(UNBOUND_EVENT_UNINSTALL, [unbound-event-uninstall]) - fi else AC_DEFINE(USE_MINI_EVENT, 1, [Define if you want to use internal select based events]) fi @@ -950,10 +1048,8 @@ staticexe="-static" if test "$on_mingw" = yes; then staticexe="-all-static" - # for static crosscompile, include gdi32 and zlib here. - if test "`uname`" = "Linux"; then - LIBS="$LIBS -lgdi32 -lz" - fi + # for static compile, include gdi32 and zlib here. + LIBS="$LIBS -lgdi32 -lz" fi fi @@ -1047,23 +1143,10 @@ #endif ]) AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) -AC_MSG_CHECKING([for sbrk]) -# catch the warning of deprecated sbrk -old_cflags="$CFLAGS" -CFLAGS="$CFLAGS -Werror" -AC_COMPILE_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT -[[ -int main(void) { void* cur = sbrk(0); printf("%u\n", (unsigned)(size_t)((char*)cur - (char*)sbrk(0))); return 0; } -]])], [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_SBRK, 1, [define if you have the sbrk() call]) - ], [AC_MSG_RESULT(no)]) -CFLAGS="$old_cflags" - # check if setreuid en setregid fail, on MacOSX10.4(darwin8). if echo $build_os | grep darwin8 > /dev/null; then AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work]) @@ -1140,6 +1223,7 @@ LIBOBJ_WITHOUT_CTIME="$LIBOBJS" AC_SUBST(LIBOBJ_WITHOUT_CTIME) AC_REPLACE_FUNCS(ctime_r) +AC_REPLACE_FUNCS(strsep) AC_ARG_ENABLE(allsymbols, AC_HELP_STRING([--enable-allsymbols], [export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols])) case "$enable_allsymbols" in @@ -1192,6 +1276,17 @@ ] ) +# check for cachedb if requested +AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage])) +case "$enable_cachedb" in + yes) + AC_DEFINE([USE_CACHEDB], [1], [Define to 1 to use cachedb support]) + ;; + no|*) + # nothing + ;; +esac + AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). @@ -1358,6 +1453,11 @@ char *ctime_r(const time_t *timep, char *buf); #endif +#ifndef HAVE_STRSEP +#define strsep unbound_strsep +char *strsep(char **stringp, const char *delim); +#endif + #ifndef HAVE_ISBLANK #define isblank unbound_isblank int isblank(int c); @@ -1471,6 +1571,6 @@ AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) AC_SUBST(date, [`date +'%b %e, %Y'`]) -AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h]) +AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc]) AC_CONFIG_HEADER([config.h]) AC_OUTPUT diff -Nru unbound-1.5.8/contrib/libunbound.pc.in unbound-1.6.0/contrib/libunbound.pc.in --- unbound-1.5.8/contrib/libunbound.pc.in 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/contrib/libunbound.pc.in 2016-10-18 13:56:42.000000000 +0000 @@ -0,0 +1,13 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: unbound +Description: Library with validating, recursive, and caching DNS resolver +URL: http://www.unbound.net +Version: @PACKAGE_VERSION@ +Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ @PC_PY_DEPENDENCY@ +Libs: -L${libdir} -lunbound +Libs.private: @SSLLIB@ @LIBS@ +Cflags: -I${includedir} diff -Nru unbound-1.5.8/contrib/unbound_munin_ unbound-1.6.0/contrib/unbound_munin_ --- unbound-1.5.8/contrib/unbound_munin_ 2015-01-05 14:47:52.000000000 +0000 +++ unbound-1.6.0/contrib/unbound_munin_ 2016-11-22 15:50:07.000000000 +0000 @@ -150,7 +150,7 @@ fi done # try to get it - echo $$ >$lock + if echo $$ >$lock ; then : ; else break; fi done # do not refetch if the file exists and only LEE seconds old if test -f $state; then @@ -266,7 +266,6 @@ echo "graph_args --base 1024 -l 0" echo "graph_vlabel memory used in bytes" echo "graph_category DNS" - p_config "mem.total.sbrk" "Total memory" "GAUGE" p_config "mem.cache.rrset" "RRset cache memory" "GAUGE" p_config "mem.cache.message" "Message cache memory" "GAUGE" p_config "mem.mod.iterator" "Iterator module memory" "GAUGE" @@ -458,20 +457,6 @@ done ;; memory) - mn=`echo mem.total.sbrk | sed $ABBREV | tr . _` - get_value 'mem.total.sbrk' - if test $value -eq 0; then - chk=`echo $ctrl | sed -e 's/-control$/-checkconf/'` - pidf=`$chk -o pidfile $conf 2>&1` - pid=`cat $pidf 2>&1` - value=`ps -p "$pid" -o rss= 2>&1` - if test "`expr $value + 1 - 1 2>&1`" -eq "$value" 2>&1; then - value=`expr $value \* 1024` - else - value=0 - fi - fi - echo "$mn.value" $value for x in mem.cache.rrset mem.cache.message mem.mod.iterator \ mem.mod.validator msg.cache.count rrset.cache.count \ infra.cache.count key.cache.count; do diff -Nru unbound-1.5.8/daemon/acl_list.c unbound-1.6.0/daemon/acl_list.c --- unbound-1.5.8/daemon/acl_list.c 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/daemon/acl_list.c 2016-10-18 13:20:42.000000000 +0000 @@ -45,6 +45,8 @@ #include "util/log.h" #include "util/config_file.h" #include "util/net_help.h" +#include "services/localzone.h" +#include "sldns/str2wire.h" struct acl_list* acl_list_create(void) @@ -71,21 +73,21 @@ } /** insert new address into acl_list structure */ -static int +static struct acl_addr* acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr, socklen_t addrlen, int net, enum acl_access control, int complain_duplicates) { - struct acl_addr* node = regional_alloc(acl->region, + struct acl_addr* node = regional_alloc_zero(acl->region, sizeof(struct acl_addr)); if(!node) - return 0; + return NULL; node->control = control; if(!addr_tree_insert(&acl->tree, &node->node, addr, addrlen, net)) { if(complain_duplicates) verbose(VERB_QUERY, "duplicate acl address ignored."); } - return 1; + return node; } /** apply acl_list string */ @@ -125,6 +127,205 @@ return 1; } +/** find or create node (NULL on parse or error) */ +static struct acl_addr* +acl_find_or_create(struct acl_list* acl, const char* str) +{ + struct acl_addr* node; + struct sockaddr_storage addr; + int net; + socklen_t addrlen; + if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { + log_err("cannot parse netblock: %s", str); + return NULL; + } + /* find or create node */ + if(!(node=(struct acl_addr*)addr_tree_find(&acl->tree, &addr, + addrlen, net))) { + /* create node, type 'allow' since otherwise tags are + * pointless, can override with specific access-control: cfg */ + if(!(node=(struct acl_addr*)acl_list_insert(acl, &addr, + addrlen, net, acl_allow, 1))) { + log_err("out of memory"); + return NULL; + } + } + return node; +} + +/** apply acl_tag string */ +static int +acl_list_tags_cfg(struct acl_list* acl, const char* str, uint8_t* bitmap, + size_t bitmaplen) +{ + struct acl_addr* node; + if(!(node=acl_find_or_create(acl, str))) + return 0; + node->taglen = bitmaplen; + node->taglist = regional_alloc_init(acl->region, bitmap, bitmaplen); + if(!node->taglist) { + log_err("out of memory"); + return 0; + } + return 1; +} + +/** apply acl_view string */ +static int +acl_list_view_cfg(struct acl_list* acl, const char* str, const char* str2, + struct views* vs) +{ + struct acl_addr* node; + if(!(node=acl_find_or_create(acl, str))) + return 0; + node->view = views_find_view(vs, str2, 0 /* get read lock*/); + if(!node->view) { + log_err("no view with name: %s", str2); + return 0; + } + lock_rw_unlock(&node->view->lock); + return 1; +} + +/** apply acl_tag_action string */ +static int +acl_list_tag_action_cfg(struct acl_list* acl, struct config_file* cfg, + const char* str, const char* tag, const char* action) +{ + struct acl_addr* node; + int tagid; + enum localzone_type t; + if(!(node=acl_find_or_create(acl, str))) + return 0; + /* allocate array if not yet */ + if(!node->tag_actions) { + node->tag_actions = (uint8_t*)regional_alloc_zero(acl->region, + sizeof(*node->tag_actions)*cfg->num_tags); + if(!node->tag_actions) { + log_err("out of memory"); + return 0; + } + node->tag_actions_size = (size_t)cfg->num_tags; + } + /* parse tag */ + if((tagid=find_tag_id(cfg, tag)) == -1) { + log_err("cannot parse tag (define-tag it): %s %s", str, tag); + return 0; + } + if((size_t)tagid >= node->tag_actions_size) { + log_err("tagid too large for array %s %s", str, tag); + return 0; + } + if(!local_zone_str2type(action, &t)) { + log_err("cannot parse access control action type: %s %s %s", + str, tag, action); + return 0; + } + node->tag_actions[tagid] = (uint8_t)t; + return 1; +} + +/** check wire data parse */ +static int +check_data(const char* data, const struct config_strlist* head) +{ + char buf[65536]; + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t len = sizeof(rr); + int res; + /* '.' is sufficient for validation, and it makes the call to + * sldns_wirerr_get_type() simpler below. */ + snprintf(buf, sizeof(buf), "%s %s", ".", data); + res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, NULL, 0, + NULL, 0); + + /* Reject it if we would end up having CNAME and other data (including + * another CNAME) for the same tag. */ + if(res == 0 && head) { + const char* err_data = NULL; + + if(sldns_wirerr_get_type(rr, len, 1) == LDNS_RR_TYPE_CNAME) { + /* adding CNAME while other data already exists. */ + err_data = data; + } else { + snprintf(buf, sizeof(buf), "%s %s", ".", head->str); + len = sizeof(rr); + res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, + NULL, 0, NULL, 0); + if(res != 0) { + /* This should be impossible here as head->str + * has been validated, but we check it just in + * case. */ + return 0; + } + if(sldns_wirerr_get_type(rr, len, 1) == + LDNS_RR_TYPE_CNAME) /* already have CNAME */ + err_data = head->str; + } + if(err_data) { + log_err("redirect tag data '%s' must not coexist with " + "other data.", err_data); + return 0; + } + } + if(res == 0) + return 1; + log_err("rr data [char %d] parse error %s", + (int)LDNS_WIREPARSE_OFFSET(res)-13, + sldns_get_errorstr_parse(res)); + return 0; +} + +/** apply acl_tag_data string */ +static int +acl_list_tag_data_cfg(struct acl_list* acl, struct config_file* cfg, + const char* str, const char* tag, const char* data) +{ + struct acl_addr* node; + int tagid; + char* dupdata; + if(!(node=acl_find_or_create(acl, str))) + return 0; + /* allocate array if not yet */ + if(!node->tag_datas) { + node->tag_datas = (struct config_strlist**)regional_alloc_zero( + acl->region, sizeof(*node->tag_datas)*cfg->num_tags); + if(!node->tag_datas) { + log_err("out of memory"); + return 0; + } + node->tag_datas_size = (size_t)cfg->num_tags; + } + /* parse tag */ + if((tagid=find_tag_id(cfg, tag)) == -1) { + log_err("cannot parse tag (define-tag it): %s %s", str, tag); + return 0; + } + if((size_t)tagid >= node->tag_datas_size) { + log_err("tagid too large for array %s %s", str, tag); + return 0; + } + + /* check data? */ + if(!check_data(data, node->tag_datas[tagid])) { + log_err("cannot parse access-control-tag data: %s %s '%s'", + str, tag, data); + return 0; + } + + dupdata = regional_strdup(acl->region, data); + if(!dupdata) { + log_err("out of memory"); + return 0; + } + if(!cfg_region_strlist_insert(acl->region, + &(node->tag_datas[tagid]), dupdata)) { + log_err("out of memory"); + return 0; + } + return 1; +} + /** read acl_list config */ static int read_acl_list(struct acl_list* acl, struct config_file* cfg) @@ -138,13 +339,114 @@ return 1; } +/** read acl tags config */ +static int +read_acl_tags(struct acl_list* acl, struct config_file* cfg) +{ + struct config_strbytelist* np, *p = cfg->acl_tags; + cfg->acl_tags = NULL; + while(p) { + log_assert(p->str && p->str2); + if(!acl_list_tags_cfg(acl, p->str, p->str2, p->str2len)) { + config_del_strbytelist(p); + return 0; + } + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p); + p = np; + } + return 1; +} + +/** read acl view config */ +static int +read_acl_view(struct acl_list* acl, struct config_file* cfg, struct views* v) +{ + struct config_str2list* np, *p = cfg->acl_view; + cfg->acl_view = NULL; + while(p) { + log_assert(p->str && p->str2); + if(!acl_list_view_cfg(acl, p->str, p->str2, v)) { + return 0; + } + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p); + p = np; + } + return 1; +} + +/** read acl tag actions config */ +static int +read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg) +{ + struct config_str3list* p, *np; + p = cfg->acl_tag_actions; + cfg->acl_tag_actions = NULL; + while(p) { + log_assert(p->str && p->str2 && p->str3); + if(!acl_list_tag_action_cfg(acl, cfg, p->str, p->str2, + p->str3)) { + config_deltrplstrlist(p); + return 0; + } + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p->str3); + free(p); + p = np; + } + return 1; +} + +/** read acl tag datas config */ +static int +read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg) +{ + struct config_str3list* p, *np; + p = cfg->acl_tag_datas; + cfg->acl_tag_datas = NULL; + while(p) { + log_assert(p->str && p->str2 && p->str3); + if(!acl_list_tag_data_cfg(acl, cfg, p->str, p->str2, p->str3)) { + config_deltrplstrlist(p); + return 0; + } + /* free the items as we go to free up memory */ + np = p->next; + free(p->str); + free(p->str2); + free(p->str3); + free(p); + p = np; + } + return 1; +} + int -acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg) +acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg, + struct views* v) { regional_free_all(acl->region); addr_tree_init(&acl->tree); if(!read_acl_list(acl, cfg)) return 0; + if(!read_acl_view(acl, cfg, v)) + return 0; + if(!read_acl_tags(acl, cfg)) + return 0; + if(!read_acl_tag_actions(acl, cfg)) + return 0; + if(!read_acl_tag_datas(acl, cfg)) + return 0; /* insert defaults, with '0' to ignore them if they are duplicates */ if(!acl_list_str_cfg(acl, "0.0.0.0/0", "refuse", 0)) return 0; @@ -163,13 +465,18 @@ } enum acl_access -acl_list_lookup(struct acl_list* acl, struct sockaddr_storage* addr, +acl_get_control(struct acl_addr* acl) +{ + if(acl) return acl->control; + return acl_deny; +} + +struct acl_addr* +acl_addr_lookup(struct acl_list* acl, struct sockaddr_storage* addr, socklen_t addrlen) { - struct acl_addr* r = (struct acl_addr*)addr_tree_lookup(&acl->tree, + return (struct acl_addr*)addr_tree_lookup(&acl->tree, addr, addrlen); - if(r) return r->control; - return acl_deny; } size_t diff -Nru unbound-1.5.8/daemon/acl_list.h unbound-1.6.0/daemon/acl_list.h --- unbound-1.5.8/daemon/acl_list.h 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/daemon/acl_list.h 2016-10-05 09:36:25.000000000 +0000 @@ -43,6 +43,7 @@ #ifndef DAEMON_ACL_LIST_H #define DAEMON_ACL_LIST_H #include "util/storage/dnstree.h" +#include "services/view.h" struct config_file; struct regional; @@ -87,6 +88,21 @@ struct addr_tree_node node; /** access control on this netblock */ enum acl_access control; + /** tag bitlist */ + uint8_t* taglist; + /** length of the taglist (in bytes) */ + size_t taglen; + /** array per tagnumber of localzonetype(in one byte). NULL if none. */ + uint8_t* tag_actions; + /** size of the tag_actions_array */ + size_t tag_actions_size; + /** array per tagnumber, with per tag a list of rdata strings. + * NULL if none. strings are like 'A 127.0.0.1' 'AAAA ::1' */ + struct config_strlist** tag_datas; + /** size of the tag_datas array */ + size_t tag_datas_size; + /* view element, NULL if none */ + struct view* view; }; /** @@ -105,19 +121,29 @@ * Process access control config. * @param acl: where to store. * @param cfg: config options. + * @param v: views structure * @return 0 on error. */ -int acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg); +int acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg, + struct views* v); /** - * Lookup address to see its access control status. + * Lookup access control status for acl structure. + * @param acl: structure for acl storage. + * @return: what to do with message from this address. + */ +enum acl_access acl_get_control(struct acl_addr* acl); + +/** + * Lookup address to see its acl structure * @param acl: structure for address storage. * @param addr: address to check * @param addrlen: length of addr. - * @return: what to do with message from this address. + * @return: acl structure from this address. */ -enum acl_access acl_list_lookup(struct acl_list* acl, - struct sockaddr_storage* addr, socklen_t addrlen); +struct acl_addr* +acl_addr_lookup(struct acl_list* acl, struct sockaddr_storage* addr, + socklen_t addrlen); /** * Get memory used by acl structure. diff -Nru unbound-1.5.8/daemon/cachedump.c unbound-1.6.0/daemon/cachedump.c --- unbound-1.5.8/daemon/cachedump.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/daemon/cachedump.c 2016-10-20 15:05:30.000000000 +0000 @@ -563,6 +563,7 @@ qinfo->qclass = sldns_wirerr_get_class(rr, rr_len, dname_len); qinfo->qname_len = dname_len; qinfo->qname = (uint8_t*)regional_alloc_init(region, rr, dname_len); + qinfo->local_alias = NULL; if(!qinfo->qname) { log_warn("error out of memory"); return NULL; @@ -826,6 +827,7 @@ qinfo.qname_len = nmlen; qinfo.qtype = LDNS_RR_TYPE_A; qinfo.qclass = LDNS_RR_CLASS_IN; + qinfo.local_alias = NULL; dname_str(nm, b); if(!ssl_printf(ssl, "The following name servers are used for lookup " diff -Nru unbound-1.5.8/daemon/daemon.c unbound-1.6.0/daemon/daemon.c --- unbound-1.5.8/daemon/daemon.c 2015-07-24 11:49:35.000000000 +0000 +++ unbound-1.6.0/daemon/daemon.c 2016-12-06 13:42:51.000000000 +0000 @@ -79,6 +79,7 @@ #include "services/cache/rrset.h" #include "services/cache/infra.h" #include "services/localzone.h" +#include "services/view.h" #include "services/modstack.h" #include "util/module.h" #include "util/random.h" @@ -204,20 +205,29 @@ signal_handling_record(); checklock_start(); #ifdef HAVE_SSL +# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); - ERR_load_SSL_strings(); -# ifdef HAVE_OPENSSL_CONFIG - OPENSSL_config("unbound"); # endif + ERR_load_SSL_strings(); # ifdef USE_GOST (void)sldns_key_EVP_load_gost_id(); # endif +# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); +# else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +# endif # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS /* grab the COMP method ptr because openssl leaks it */ comp_meth = (void*)SSL_COMP_get_compression_methods(); # endif +# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); +# else + (void)OPENSSL_init_ssl(0, NULL); +# endif # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) if(!ub_openssl_lock_init()) fatal_exit("could not init openssl locks"); @@ -239,9 +249,16 @@ free(daemon); return NULL; } + /* init edns_known_options */ + if(!edns_known_options_init(daemon->env)) { + free(daemon->env); + free(daemon); + return NULL; + } alloc_init(&daemon->superalloc, NULL, 0); daemon->acl = acl_list_create(); if(!daemon->acl) { + edns_known_options_delete(daemon->env); free(daemon->env); free(daemon); return NULL; @@ -338,6 +355,7 @@ daemon->env)) { fatal_exit("failed to setup modules"); } + log_edns_known_options(VERB_ALGO, daemon->env); } /** @@ -407,6 +425,8 @@ } daemon->workers = (struct worker**)calloc((size_t)daemon->num, sizeof(struct worker*)); + if(!daemon->workers) + fatal_exit("out of memory during daemon init"); if(daemon->cfg->dnstap) { #ifdef USE_DNSTAP daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path, @@ -531,8 +551,15 @@ daemon_fork(struct daemon* daemon) { log_assert(daemon); - if(!acl_list_apply_cfg(daemon->acl, daemon->cfg)) + if(!(daemon->views = views_create())) + fatal_exit("Could not create views: out of memory"); + /* create individual views and their localzone/data trees */ + if(!views_apply_cfg(daemon->views, daemon->cfg)) + fatal_exit("Could not set up views"); + + if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) fatal_exit("Could not setup access control list"); + /* create global local_zones */ if(!(daemon->local_zones = local_zones_create())) fatal_exit("Could not create local zones: out of memory"); if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) @@ -589,13 +616,14 @@ log_thread_set(NULL); /* clean up caches because * a) RRset IDs will be recycled after a reload, causing collisions - * b) validation config can change, thus rrset, msg, keycache clear - * The infra cache is kept, the timing and edns info is still valid */ + * b) validation config can change, thus rrset, msg, keycache clear */ slabhash_clear(&daemon->env->rrset_cache->table); slabhash_clear(daemon->env->msg_cache); local_zones_delete(daemon->local_zones); daemon->local_zones = NULL; - /* key cache is cleared by module desetup during next daemon_init() */ + views_delete(daemon->views); + daemon->views = NULL; + /* key cache is cleared by module desetup during next daemon_fork() */ daemon_remote_clear(daemon->rc); for(i=0; inum; i++) worker_delete(daemon->workers[i]); @@ -624,6 +652,8 @@ slabhash_delete(daemon->env->msg_cache); rrset_cache_delete(daemon->env->rrset_cache); infra_delete(daemon->env->infra_cache); + edns_known_options_delete(daemon->env); + inplace_cb_lists_delete(daemon->env); } ub_randfree(daemon->rand); alloc_clear(&daemon->superalloc); @@ -647,18 +677,27 @@ # endif # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE # ifndef S_SPLINT_S +# if OPENSSL_VERSION_NUMBER < 0x10100000 sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free); +# endif # endif # endif # ifdef HAVE_OPENSSL_CONFIG EVP_cleanup(); +# if OPENSSL_VERSION_NUMBER < 0x10100000 ENGINE_cleanup(); +# endif CONF_modules_free(); # endif +# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */ - ERR_remove_state(0); +# endif +# ifdef HAVE_ERR_FREE_STRINGS ERR_free_strings(); +# endif +# if OPENSSL_VERSION_NUMBER < 0x10100000 RAND_cleanup(); +# endif # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) ub_openssl_lock_delete(); # endif diff -Nru unbound-1.5.8/daemon/daemon.h unbound-1.6.0/daemon/daemon.h --- unbound-1.5.8/daemon/daemon.h 2014-08-05 07:57:52.000000000 +0000 +++ unbound-1.6.0/daemon/daemon.h 2016-10-05 09:36:25.000000000 +0000 @@ -45,9 +45,6 @@ #include "util/locks.h" #include "util/alloc.h" #include "services/modstack.h" -#ifdef UB_ON_WINDOWS -# include "util/winsock_event.h" -#endif struct config_file; struct worker; struct listen_port; @@ -56,6 +53,7 @@ struct rrset_cache; struct acl_list; struct local_zones; +struct views; struct ub_randstate; struct daemon_remote; @@ -114,6 +112,8 @@ struct timeval time_last_stat; /** time when daemon started */ struct timeval time_boot; + /** views structure containing view tree */ + struct views* views; #ifdef USE_DNSTAP /** the dnstap environment master value, copied and changed by threads*/ struct dt_env* dtenv; diff -Nru unbound-1.5.8/daemon/remote.c unbound-1.6.0/daemon/remote.c --- unbound-1.5.8/daemon/remote.c 2016-01-05 10:03:59.000000000 +0000 +++ unbound-1.6.0/daemon/remote.c 2016-12-07 14:13:01.000000000 +0000 @@ -46,9 +46,12 @@ #ifdef HAVE_OPENSSL_ERR_H #include #endif -#ifndef HEADER_DH_H +#ifdef HAVE_OPENSSL_DH_H #include #endif +#ifdef HAVE_OPENSSL_BN_H +#include +#endif #include #include "daemon/remote.h" @@ -140,49 +143,68 @@ /* * The following function was generated using the openssl utility, using - * the command : "openssl dhparam -dsaparam -C 1024" + * the command : "openssl dhparam -C 2048" * (some openssl versions reject DH that is 'too small', eg. 512). */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S -DH *get_dh1024() +static DH *get_dh2048(void) { - static unsigned char dh1024_p[]={ - 0xB3,0x67,0x2E,0x3B,0x68,0xC5,0xDA,0x58,0x46,0xD6,0x2B,0xD3, - 0x41,0x78,0x97,0xE4,0xE1,0x61,0x71,0x68,0xE6,0x0F,0x1D,0x78, - 0x05,0xAA,0xF0,0xFF,0x30,0xDF,0xAC,0x49,0x7F,0xE0,0x90,0xFE, - 0xB9,0x56,0x4E,0x3F,0xE2,0x98,0x8A,0xED,0xF5,0x28,0x39,0xEF, - 0x2E,0xA6,0xB7,0x67,0xB2,0x43,0xE4,0x53,0xF8,0xEB,0x2C,0x1F, - 0x06,0x77,0x3A,0x6F,0x62,0x98,0xC1,0x3B,0xF7,0xBA,0x4D,0x93, - 0xF7,0xEB,0x5A,0xAD,0xC5,0x5F,0xF0,0xB7,0x24,0x35,0x81,0xF7, - 0x7F,0x1F,0x24,0xC0,0xDF,0xD3,0xD8,0x40,0x72,0x7E,0xF3,0x19, - 0x2B,0x26,0x27,0xF4,0xB6,0xB3,0xD4,0x7D,0x08,0x23,0xBE,0x68, - 0x2B,0xCA,0xB4,0x46,0xA8,0x9E,0xDD,0x6C,0x3D,0x75,0xA6,0x48, - 0xF7,0x44,0x43,0xBF,0x91,0xC2,0xB4,0x49, + static unsigned char dh2048_p[]={ + 0xE7,0x36,0x28,0x3B,0xE4,0xC3,0x32,0x1C,0x01,0xC3,0x67,0xD6, + 0xF5,0xF3,0xDA,0xDC,0x71,0xC0,0x42,0x8B,0xE6,0xEB,0x8D,0x80, + 0x35,0x7F,0x09,0x45,0x30,0xE5,0xB2,0x92,0x81,0x3F,0x08,0xCD, + 0x36,0x5E,0x19,0x83,0x62,0xCC,0xAE,0x9B,0x81,0x66,0x24,0xEE, + 0x16,0x6F,0xA9,0x9E,0xF4,0x82,0x1B,0xDD,0x46,0xC7,0x33,0x5D, + 0xF4,0xCA,0xE6,0x8F,0xFC,0xD4,0xD8,0x58,0x94,0x24,0x5D,0xFF, + 0x0A,0xE8,0xEF,0x3D,0xCE,0xBB,0x50,0x94,0xE0,0x5F,0xE8,0x41, + 0xC3,0x35,0x30,0x37,0xD5,0xCB,0x8F,0x3D,0x95,0x15,0x1A,0x77, + 0x42,0xB2,0x06,0x86,0xF6,0x09,0x66,0x0E,0x9A,0x25,0x94,0x3E, + 0xD2,0x04,0x25,0x25,0x1D,0x23,0xEB,0xDC,0x4D,0x0C,0x83,0x28, + 0x2E,0x15,0x81,0x2D,0xC1,0xAF,0x8D,0x36,0x64,0xE3,0x9A,0x83, + 0x78,0xC2,0x8D,0xC0,0x9D,0xD9,0x3A,0x1C,0xC5,0x2B,0x50,0x68, + 0x07,0xA9,0x4B,0x8C,0x07,0x57,0xD6,0x15,0x03,0x4E,0x9E,0x01, + 0xF2,0x6F,0x35,0xAC,0x26,0x9C,0x92,0x68,0x61,0x13,0xFB,0x01, + 0xBA,0x22,0x36,0x01,0x55,0xB6,0x62,0xD9,0xB2,0x98,0xCE,0x5D, + 0x4B,0xA5,0x41,0xD6,0xE5,0x70,0x78,0x12,0x1F,0x64,0xB6,0x6F, + 0xB0,0x91,0x51,0x91,0x92,0xC0,0x94,0x3A,0xD1,0x28,0x4D,0x30, + 0x84,0x3E,0xE4,0xE4,0x7F,0x47,0x89,0xB1,0xB6,0x8C,0x8E,0x0E, + 0x26,0xDB,0xCD,0x17,0x07,0x2A,0x21,0x7A,0xCC,0x68,0xE8,0x57, + 0x94,0x9E,0x59,0x61,0xEC,0x20,0x34,0x26,0x0D,0x66,0x44,0xEB, + 0x6F,0x02,0x58,0xE2,0xED,0xF6,0xF3,0x1B,0xBF,0x9E,0x45,0x52, + 0x5A,0x49,0xA1,0x5B, }; - static unsigned char dh1024_g[]={ - 0x5F,0x37,0xB5,0x80,0x4D,0xB4,0xC4,0xB2,0x37,0x12,0xD5,0x2F, - 0x56,0x81,0xB0,0xDF,0x3D,0x27,0xA2,0x54,0xE7,0x14,0x65,0x2D, - 0x72,0xA8,0x97,0xE0,0xA9,0x4A,0x09,0x5E,0x89,0xBE,0x34,0x9A, - 0x90,0x98,0xC1,0xE8,0xBB,0x01,0x2B,0xC2,0x74,0x74,0x90,0x59, - 0x0B,0x72,0x62,0x5C,0xFD,0x49,0x63,0x4B,0x38,0x91,0xF1,0x7F, - 0x13,0x25,0xEB,0x52,0x50,0x47,0xA2,0x8C,0x32,0x28,0x42,0xAC, - 0xBD,0x7A,0xCC,0x58,0xBE,0x36,0xDA,0x6A,0x24,0x06,0xC7,0xF1, - 0xDA,0x8D,0x8A,0x3B,0x03,0xFA,0x6F,0x25,0xE5,0x20,0xA7,0xD6, - 0x6F,0x74,0x61,0x53,0x14,0x81,0x29,0x04,0xB5,0x61,0x12,0x53, - 0xA3,0xD6,0x09,0x98,0x0C,0x8F,0x1C,0xBB,0xD7,0x1C,0x2C,0xEE, - 0x56,0x4B,0x74,0x8F,0x4A,0xF8,0xA9,0xD5, + static unsigned char dh2048_g[]={ + 0x02, }; - DH *dh; + DH *dh = NULL; + BIGNUM *p = NULL, *g = NULL; - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - dh->length = 160; - return(dh); + dh = DH_new(); + p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if (!dh || !p || !g) + goto err; + +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) + dh->p = p; + dh->g = g; +#else + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; +#endif + return dh; +err: + if (p) + BN_free(p); + if (g) + BN_free(g); + if (dh) + DH_free(dh); + return NULL; } #endif /* SPLINT */ +#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ struct daemon_remote* daemon_remote_create(struct config_file* cfg) @@ -223,18 +245,27 @@ if (cfg->remote_control_use_cert == 0) { /* No certificates are requested */ - if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) { +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + SSL_CTX_set_security_level(rc->ctx, 0); +#endif + if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL, eNULL")) { log_crypto_err("Failed to set aNULL cipher list"); + daemon_remote_delete(rc); return NULL; } + /* in openssl 1.1, the securitylevel 0 allows eNULL, that + * does not need the DH */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) /* Since we have no certificates and hence no source of * DH params, let's generate and set them */ - if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh1024())) { + if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh2048())) { log_crypto_err("Wanted to set DH param, but failed"); + daemon_remote_delete(rc); return NULL; } +#endif return rc; } rc->use_cert = 1; @@ -359,8 +390,12 @@ if(fd != -1) { #ifdef HAVE_CHOWN if (cfg->username && cfg->username[0] && - cfg_uid != (uid_t)-1) - chown(ip, cfg_uid, cfg_gid); + cfg_uid != (uid_t)-1) { + if(chown(ip, cfg_uid, cfg_gid) == -1) + log_err("cannot chown %u.%u %s: %s", + (unsigned)cfg_uid, (unsigned)cfg_gid, + ip, strerror(errno)); + } chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)); #else (void)cfg; @@ -389,7 +424,7 @@ /* open fd */ fd = create_tcp_accept_sock(res, 1, &noproto, 0, - cfg->ip_transparent, 0); + cfg->ip_transparent, 0, cfg->ip_freebind); freeaddrinfo(res); } @@ -734,6 +769,8 @@ (unsigned long)s->svr.num_queries_missed_cache)) return 0; if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm, (unsigned long)s->svr.num_queries_prefetch)) return 0; + if(!ssl_printf(ssl, "%s.num.zero_ttl"SQ"%lu\n", nm, + (unsigned long)s->svr.zero_ttl_responses)) return 0; if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, (unsigned long)s->mesh_replies_sent)) return 0; if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm, @@ -792,12 +829,6 @@ { int m; size_t msg, rrset, val, iter; -#ifdef HAVE_SBRK - extern void* unbound_start_brk; - void* cur = sbrk(0); - if(!print_longnum(ssl, "mem.total.sbrk"SQ, - (size_t)((char*)cur - (char*)unbound_start_brk))) return 0; -#endif /* HAVE_SBRK */ msg = slabhash_get_mem(daemon->env->msg_cache); rrset = slabhash_get_mem(&daemon->env->rrset_cache->table); val=0; @@ -1097,8 +1128,8 @@ } /** Add a new zone */ -static void -do_zone_add(SSL* ssl, struct worker* worker, char* arg) +static int +perform_zone_add(SSL* ssl, struct local_zones* zones, char* arg) { uint8_t* nm; int nmlabs; @@ -1107,83 +1138,266 @@ enum localzone_type t; struct local_zone* z; if(!find_arg2(ssl, arg, &arg2)) - return; + return 0; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; + return 0; if(!local_zone_str2type(arg2, &t)) { ssl_printf(ssl, "error not a zone type. %s\n", arg2); free(nm); - return; + return 0; } - lock_rw_wrlock(&worker->daemon->local_zones->lock); - if((z=local_zones_find(worker->daemon->local_zones, nm, nmlen, + lock_rw_wrlock(&zones->lock); + if((z=local_zones_find(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN))) { /* already present in tree */ lock_rw_wrlock(&z->lock); z->type = t; /* update type anyway */ lock_rw_unlock(&z->lock); free(nm); - lock_rw_unlock(&worker->daemon->local_zones->lock); - send_ok(ssl); - return; + lock_rw_unlock(&zones->lock); + return 1; } - if(!local_zones_add_zone(worker->daemon->local_zones, nm, nmlen, + if(!local_zones_add_zone(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN, t)) { - lock_rw_unlock(&worker->daemon->local_zones->lock); + lock_rw_unlock(&zones->lock); ssl_printf(ssl, "error out of memory\n"); - return; + return 0; } - lock_rw_unlock(&worker->daemon->local_zones->lock); + lock_rw_unlock(&zones->lock); + return 1; +} + +/** Do the local_zone command */ +static void +do_zone_add(SSL* ssl, struct local_zones* zones, char* arg) +{ + if(!perform_zone_add(ssl, zones, arg)) + return; send_ok(ssl); } -/** Remove a zone */ +/** Do the local_zones command */ static void -do_zone_remove(SSL* ssl, struct worker* worker, char* arg) +do_zones_add(SSL* ssl, struct local_zones* zones) +{ + char buf[2048]; + int num = 0; + while(ssl_read_line(ssl, buf, sizeof(buf))) { + if(buf[0] == 0x04 && buf[1] == 0) + break; /* end of transmission */ + if(!perform_zone_add(ssl, zones, buf)) { + if(!ssl_printf(ssl, "error for input line: %s\n", buf)) + return; + } + else + num++; + } + (void)ssl_printf(ssl, "added %d zones\n", num); +} + +/** Remove a zone */ +static int +perform_zone_remove(SSL* ssl, struct local_zones* zones, char* arg) { uint8_t* nm; int nmlabs; size_t nmlen; struct local_zone* z; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - lock_rw_wrlock(&worker->daemon->local_zones->lock); - if((z=local_zones_find(worker->daemon->local_zones, nm, nmlen, + return 0; + lock_rw_wrlock(&zones->lock); + if((z=local_zones_find(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN))) { /* present in tree */ - local_zones_del_zone(worker->daemon->local_zones, z); + local_zones_del_zone(zones, z); } - lock_rw_unlock(&worker->daemon->local_zones->lock); + lock_rw_unlock(&zones->lock); free(nm); + return 1; +} + +/** Do the local_zone_remove command */ +static void +do_zone_remove(SSL* ssl, struct local_zones* zones, char* arg) +{ + if(!perform_zone_remove(ssl, zones, arg)) + return; send_ok(ssl); } -/** Add new RR data */ +/** Do the local_zones_remove command */ static void -do_data_add(SSL* ssl, struct worker* worker, char* arg) +do_zones_remove(SSL* ssl, struct local_zones* zones) { - if(!local_zones_add_RR(worker->daemon->local_zones, arg)) { + char buf[2048]; + int num = 0; + while(ssl_read_line(ssl, buf, sizeof(buf))) { + if(buf[0] == 0x04 && buf[1] == 0) + break; /* end of transmission */ + if(!perform_zone_remove(ssl, zones, buf)) { + if(!ssl_printf(ssl, "error for input line: %s\n", buf)) + return; + } + else + num++; + } + (void)ssl_printf(ssl, "removed %d zones\n", num); +} + +/** Add new RR data */ +static int +perform_data_add(SSL* ssl, struct local_zones* zones, char* arg) +{ + if(!local_zones_add_RR(zones, arg)) { ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg); - return; + return 0; } + return 1; +} + +/** Do the local_data command */ +static void +do_data_add(SSL* ssl, struct local_zones* zones, char* arg) +{ + if(!perform_data_add(ssl, zones, arg)) + return; send_ok(ssl); } -/** Remove RR data */ +/** Do the local_datas command */ static void -do_data_remove(SSL* ssl, struct worker* worker, char* arg) +do_datas_add(SSL* ssl, struct local_zones* zones) +{ + char buf[2048]; + int num = 0; + while(ssl_read_line(ssl, buf, sizeof(buf))) { + if(buf[0] == 0x04 && buf[1] == 0) + break; /* end of transmission */ + if(!perform_data_add(ssl, zones, buf)) { + if(!ssl_printf(ssl, "error for input line: %s\n", buf)) + return; + } + else + num++; + } + (void)ssl_printf(ssl, "added %d datas\n", num); +} + +/** Remove RR data */ +static int +perform_data_remove(SSL* ssl, struct local_zones* zones, char* arg) { uint8_t* nm; int nmlabs; size_t nmlen; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) - return; - local_zones_del_data(worker->daemon->local_zones, nm, + return 0; + local_zones_del_data(zones, nm, nmlen, nmlabs, LDNS_RR_CLASS_IN); free(nm); + return 1; +} + +/** Do the local_data_remove command */ +static void +do_data_remove(SSL* ssl, struct local_zones* zones, char* arg) +{ + if(!perform_data_remove(ssl, zones, arg)) + return; send_ok(ssl); } +/** Do the local_datas_remove command */ +static void +do_datas_remove(SSL* ssl, struct local_zones* zones) +{ + char buf[2048]; + int num = 0; + while(ssl_read_line(ssl, buf, sizeof(buf))) { + if(buf[0] == 0x04 && buf[1] == 0) + break; /* end of transmission */ + if(!perform_data_remove(ssl, zones, buf)) { + if(!ssl_printf(ssl, "error for input line: %s\n", buf)) + return; + } + else + num++; + } + (void)ssl_printf(ssl, "removed %d datas\n", num); +} + +/** Add a new zone to view */ +static void +do_view_zone_add(SSL* ssl, struct worker* worker, char* arg) +{ + char* arg2; + struct view* v; + if(!find_arg2(ssl, arg, &arg2)) + return; + v = views_find_view(worker->daemon->views, + arg, 1 /* get write lock*/); + if(!v) { + ssl_printf(ssl,"no view with name: %s\n", arg); + return; + } + do_zone_add(ssl, v->local_zones, arg2); + lock_rw_unlock(&v->lock); +} + +/** Remove a zone from view */ +static void +do_view_zone_remove(SSL* ssl, struct worker* worker, char* arg) +{ + char* arg2; + struct view* v; + if(!find_arg2(ssl, arg, &arg2)) + return; + v = views_find_view(worker->daemon->views, + arg, 1 /* get write lock*/); + if(!v) { + ssl_printf(ssl,"no view with name: %s\n", arg); + return; + } + do_zone_remove(ssl, v->local_zones, arg2); + lock_rw_unlock(&v->lock); +} + +/** Add new RR data to view */ +static void +do_view_data_add(SSL* ssl, struct worker* worker, char* arg) +{ + char* arg2; + struct view* v; + if(!find_arg2(ssl, arg, &arg2)) + return; + v = views_find_view(worker->daemon->views, + arg, 1 /* get write lock*/); + if(!v) { + ssl_printf(ssl,"no view with name: %s\n", arg); + return; + } + do_data_add(ssl, v->local_zones, arg2); + lock_rw_unlock(&v->lock); +} + +/** Remove RR data from view */ +static void +do_view_data_remove(SSL* ssl, struct worker* worker, char* arg) +{ + char* arg2; + struct view* v; + if(!find_arg2(ssl, arg, &arg2)) + return; + v = views_find_view(worker->daemon->views, + arg, 1 /* get write lock*/); + if(!v) { + ssl_printf(ssl,"no view with name: %s\n", arg); + return; + } + do_data_remove(ssl, v->local_zones, arg2); + lock_rw_unlock(&v->lock); +} + /** cache lookup of nameservers */ static void do_lookup(SSL* ssl, struct worker* worker, char* arg) @@ -1212,6 +1426,7 @@ k.qname_len = nmlen; k.qtype = t; k.qclass = c; + k.local_alias = NULL; h = query_info_hash(&k, 0); slabhash_remove(worker->env.msg_cache, h, &k); if(t == LDNS_RR_TYPE_AAAA) { @@ -2157,6 +2372,14 @@ (void)ssl_printf(ssl, "error setting option\n"); return; } + /* effectuate some arguments */ + if(strcmp(arg, "val-override-date:") == 0) { + int m = modstack_find(&worker->env.mesh->mods, "validator"); + struct val_env* val_env = NULL; + if(m != -1) val_env = (struct val_env*)worker->env.modinfo[m]; + if(val_env) + val_env->date_override = worker->env.cfg->val_date_override; + } send_ok(ssl); } @@ -2237,9 +2460,8 @@ /** do the list_local_zones command */ static void -do_list_local_zones(SSL* ssl, struct worker* worker) +do_list_local_zones(SSL* ssl, struct local_zones* zones) { - struct local_zones* zones = worker->daemon->local_zones; struct local_zone* z; char buf[257]; lock_rw_rdlock(&zones->lock); @@ -2260,9 +2482,8 @@ /** do the list_local_data command */ static void -do_list_local_data(SSL* ssl, struct worker* worker) +do_list_local_data(SSL* ssl, struct worker* worker, struct local_zones* zones) { - struct local_zones* zones = worker->daemon->local_zones; struct local_zone* z; struct local_data* d; struct local_rrset* p; @@ -2298,6 +2519,34 @@ lock_rw_unlock(&zones->lock); } +/** do the view_list_local_zones command */ +static void +do_view_list_local_zones(SSL* ssl, struct worker* worker, char* arg) +{ + struct view* v = views_find_view(worker->daemon->views, + arg, 0 /* get read lock*/); + if(!v) { + ssl_printf(ssl,"no view with name: %s\n", arg); + return; + } + do_list_local_zones(ssl, v->local_zones); + lock_rw_unlock(&v->lock); +} + +/** do the view_list_local_data command */ +static void +do_view_list_local_data(SSL* ssl, struct worker* worker, char* arg) +{ + struct view* v = views_find_view(worker->daemon->views, + arg, 0 /* get read lock*/); + if(!v) { + ssl_printf(ssl,"no view with name: %s\n", arg); + return; + } + do_list_local_data(ssl, worker, v->local_zones); + lock_rw_unlock(&v->lock); +} + /** struct for user arg ratelimit list */ struct ratelimit_list_arg { /** the infra cache */ @@ -2410,10 +2659,16 @@ do_insecure_list(ssl, worker); return; } else if(cmdcmp(p, "list_local_zones", 16)) { - do_list_local_zones(ssl, worker); + do_list_local_zones(ssl, worker->daemon->local_zones); return; } else if(cmdcmp(p, "list_local_data", 15)) { - do_list_local_data(ssl, worker); + do_list_local_data(ssl, worker, worker->daemon->local_zones); + return; + } else if(cmdcmp(p, "view_list_local_zones", 21)) { + do_view_list_local_zones(ssl, worker, skipwhite(p+21)); + return; + } else if(cmdcmp(p, "view_list_local_data", 20)) { + do_view_list_local_data(ssl, worker, skipwhite(p+20)); return; } else if(cmdcmp(p, "ratelimit_list", 14)) { do_ratelimit_list(ssl, worker, p+14); @@ -2479,13 +2734,29 @@ if(cmdcmp(p, "verbosity", 9)) { do_verbosity(ssl, skipwhite(p+9)); } else if(cmdcmp(p, "local_zone_remove", 17)) { - do_zone_remove(ssl, worker, skipwhite(p+17)); + do_zone_remove(ssl, worker->daemon->local_zones, skipwhite(p+17)); + } else if(cmdcmp(p, "local_zones_remove", 18)) { + do_zones_remove(ssl, worker->daemon->local_zones); } else if(cmdcmp(p, "local_zone", 10)) { - do_zone_add(ssl, worker, skipwhite(p+10)); + do_zone_add(ssl, worker->daemon->local_zones, skipwhite(p+10)); + } else if(cmdcmp(p, "local_zones", 11)) { + do_zones_add(ssl, worker->daemon->local_zones); } else if(cmdcmp(p, "local_data_remove", 17)) { - do_data_remove(ssl, worker, skipwhite(p+17)); + do_data_remove(ssl, worker->daemon->local_zones, skipwhite(p+17)); + } else if(cmdcmp(p, "local_datas_remove", 18)) { + do_datas_remove(ssl, worker->daemon->local_zones); } else if(cmdcmp(p, "local_data", 10)) { - do_data_add(ssl, worker, skipwhite(p+10)); + do_data_add(ssl, worker->daemon->local_zones, skipwhite(p+10)); + } else if(cmdcmp(p, "local_datas", 11)) { + do_datas_add(ssl, worker->daemon->local_zones); + } else if(cmdcmp(p, "view_local_zone_remove", 22)) { + do_view_zone_remove(ssl, worker, skipwhite(p+22)); + } else if(cmdcmp(p, "view_local_zone", 15)) { + do_view_zone_add(ssl, worker, skipwhite(p+15)); + } else if(cmdcmp(p, "view_local_data_remove", 22)) { + do_view_data_remove(ssl, worker, skipwhite(p+22)); + } else if(cmdcmp(p, "view_local_data", 15)) { + do_view_data_add(ssl, worker, skipwhite(p+15)); } else if(cmdcmp(p, "flush_zone", 10)) { do_flush_zone(ssl, worker, skipwhite(p+10)); } else if(cmdcmp(p, "flush_type", 10)) { diff -Nru unbound-1.5.8/daemon/remote.h unbound-1.6.0/daemon/remote.h --- unbound-1.5.8/daemon/remote.h 2015-01-06 14:12:59.000000000 +0000 +++ unbound-1.6.0/daemon/remote.h 2016-06-15 14:23:43.000000000 +0000 @@ -56,8 +56,8 @@ struct comm_point; struct daemon_remote; -/** number of seconds timeout on incoming remote control handshake */ -#define REMOTE_CONTROL_TCP_TIMEOUT 120 +/** number of milliseconds timeout on incoming remote control handshake */ +#define REMOTE_CONTROL_TCP_TIMEOUT 120000 /** * a busy control command connection, SSL state diff -Nru unbound-1.5.8/daemon/stats.c unbound-1.6.0/daemon/stats.c --- unbound-1.5.8/daemon/stats.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/daemon/stats.c 2016-10-28 15:08:32.000000000 +0000 @@ -251,6 +251,7 @@ total->svr.qEDNS += a->svr.qEDNS; total->svr.qEDNS_DO += a->svr.qEDNS_DO; total->svr.ans_rcode_nodata += a->svr.ans_rcode_nodata; + total->svr.zero_ttl_responses += a->svr.zero_ttl_responses; total->svr.ans_secure += a->svr.ans_secure; total->svr.ans_bogus += a->svr.ans_bogus; total->svr.rrset_bogus += a->svr.rrset_bogus; diff -Nru unbound-1.5.8/daemon/stats.h unbound-1.6.0/daemon/stats.h --- unbound-1.5.8/daemon/stats.h 2015-03-05 15:23:14.000000000 +0000 +++ unbound-1.6.0/daemon/stats.h 2016-10-28 15:08:32.000000000 +0000 @@ -131,7 +131,8 @@ size_t unwanted_queries; /** usage of tcp accept list */ size_t tcp_accept_usage; - + /** answers served from expired cache */ + size_t zero_ttl_responses; /** histogram data exported to array * if the array is the same size, no data is lost, and * if all histograms are same size (is so by default) then diff -Nru unbound-1.5.8/daemon/unbound.c unbound-1.6.0/daemon/unbound.c --- unbound-1.5.8/daemon/unbound.c 2016-02-08 08:17:00.000000000 +0000 +++ unbound-1.6.0/daemon/unbound.c 2016-11-29 15:49:37.000000000 +0000 @@ -57,6 +57,7 @@ #include "util/data/msgreply.h" #include "util/module.h" #include "util/net_help.h" +#include "util/ub_event.h" #include #include #include @@ -77,22 +78,6 @@ #include #endif -#ifdef USE_MINI_EVENT -# ifdef USE_WINSOCK -# include "util/winsock_event.h" -# else -# include "util/mini_event.h" -# endif -#else -# ifdef HAVE_EVENT_H -# include -# else -# include "event2/event.h" -# include "event2/event_struct.h" -# include "event2/event_compat.h" -# endif -#endif - #ifdef UB_ON_WINDOWS # include "winrc/win_svc.h" #endif @@ -102,64 +87,14 @@ # include "nss.h" #endif -#ifdef HAVE_SBRK -/** global debug value to keep track of heap memory allocation */ -void* unbound_start_brk = 0; -#endif - -#if !defined(HAVE_EVENT_BASE_GET_METHOD) && (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) -static const char* ev_backend2str(int b) -{ - switch(b) { - case EVBACKEND_SELECT: return "select"; - case EVBACKEND_POLL: return "poll"; - case EVBACKEND_EPOLL: return "epoll"; - case EVBACKEND_KQUEUE: return "kqueue"; - case EVBACKEND_DEVPOLL: return "devpoll"; - case EVBACKEND_PORT: return "evport"; - } - return "unknown"; -} -#endif - -/** get the event system in use */ -static void get_event_sys(const char** n, const char** s, const char** m) -{ -#ifdef USE_WINSOCK - *n = "event"; - *s = "winsock"; - *m = "WSAWaitForMultipleEvents"; -#elif defined(USE_MINI_EVENT) - *n = "mini-event"; - *s = "internal"; - *m = "select"; -#else - struct event_base* b; - *s = event_get_version(); -# ifdef HAVE_EVENT_BASE_GET_METHOD - *n = "libevent"; - b = event_base_new(); - *m = event_base_get_method(b); -# elif defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - *n = "libev"; - b = (struct event_base*)ev_default_loop(EVFLAG_AUTO); - *m = ev_backend2str(ev_backend((struct ev_loop*)b)); -# else - *n = "unknown"; - *m = "not obtainable"; - b = NULL; -# endif -# ifdef HAVE_EVENT_BASE_FREE - event_base_free(b); -# endif -#endif -} - /** print usage. */ -static void usage() +static void usage(void) { const char** m; const char *evnm="event", *evsys="", *evmethod=""; + time_t t; + struct timeval now; + struct ub_event_base* base; printf("usage: unbound [options]\n"); printf(" start unbound daemon DNS resolver.\n"); printf("-h this help\n"); @@ -173,11 +108,16 @@ printf(" service - used to start from services control panel\n"); #endif printf("Version %s\n", PACKAGE_VERSION); - get_event_sys(&evnm, &evsys, &evmethod); + base = ub_default_event_base(0,&t,&now); + ub_get_event_sys(base, &evnm, &evsys, &evmethod); printf("linked libs: %s %s (it uses %s), %s\n", evnm, evsys, evmethod, #ifdef HAVE_SSL +# ifdef SSLEAY_VERSION SSLeay_version(SSLEAY_VERSION) +# else + OpenSSL_version(OPENSSL_VERSION) +# endif #elif defined(HAVE_NSS) NSS_GetVersion() #elif defined(HAVE_NETTLE) @@ -190,6 +130,7 @@ printf("\n"); printf("BSD licensed, see LICENSE in source package for details.\n"); printf("Report bugs to %s\n", PACKAGE_BUGREPORT); + ub_event_base_free(base); } #ifndef unbound_testbound @@ -230,7 +171,7 @@ struct rlimit rlim; if(total > 1024 && - strncmp(event_get_version(), "mini-event", 10) == 0) { + strncmp(ub_event_get_version(), "mini-event", 10) == 0) { log_warn("too many file descriptors requested. The builtin" "mini-event cannot handle more than 1024. Config " "for less fds or compile with libevent"); @@ -244,7 +185,7 @@ total = 1024; } if(perthread > 64 && - strncmp(event_get_version(), "winsock-event", 13) == 0) { + strncmp(ub_event_get_version(), "winsock-event", 13) == 0) { log_err("too many file descriptors requested. The winsock" " event handler cannot handle more than 64 per " " thread. Config for less fds"); @@ -298,19 +239,32 @@ #endif /* S_SPLINT_S */ } +/** set default logfile identity based on value from argv[0] at startup **/ +static void +log_ident_set_fromdefault(struct config_file* cfg, + const char *log_default_identity) +{ + if(cfg->log_identity == NULL || cfg->log_identity[0] == 0) + log_ident_set(log_default_identity); + else + log_ident_set(cfg->log_identity); +} + /** set verbosity, check rlimits, cache settings */ static void apply_settings(struct daemon* daemon, struct config_file* cfg, - int cmdline_verbose, int debug_mode) + int cmdline_verbose, int debug_mode, const char* log_default_identity) { /* apply if they have changed */ verbosity = cmdline_verbose + cfg->verbosity; if (debug_mode > 1) { cfg->use_syslog = 0; + free(cfg->logfile); cfg->logfile = NULL; } daemon_apply_cfg(daemon, cfg); checkrlimits(cfg); + log_ident_set_fromdefault(cfg, log_default_identity); } #ifdef HAVE_KILL @@ -602,7 +556,9 @@ log_warn("unable to initgroups %s: %s", cfg->username, strerror(errno)); # endif /* HAVE_INITGROUPS */ +# ifdef HAVE_ENDPWENT endpwent(); +# endif #ifdef HAVE_SETRESGID if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0) @@ -638,9 +594,10 @@ * @param cmdline_verbose: verbosity resulting from commandline -v. * These increase verbosity as specified in the config file. * @param debug_mode: if set, do not daemonize. + * @param log_default_identity: Default identity to report in logs */ static void -run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode) +run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode, const char* log_default_identity) { struct config_file* cfg = NULL; struct daemon* daemon = NULL; @@ -662,7 +619,7 @@ cfgfile); log_warn("Continuing with default config settings"); } - apply_settings(daemon, cfg, cmdline_verbose, debug_mode); + apply_settings(daemon, cfg, cmdline_verbose, debug_mode, log_default_identity); if(!done_setup) config_lookup_uid(cfg); @@ -670,7 +627,7 @@ if(!daemon_open_shared_ports(daemon)) fatal_exit("could not open ports"); if(!done_setup) { - perform_setup(daemon, cfg, debug_mode, &cfgfile); + perform_setup(daemon, cfg, debug_mode, &cfgfile); done_setup = 1; } else { /* reopen log after HUP to facilitate log rotation */ @@ -717,19 +674,16 @@ int c; const char* cfgfile = CONFIGFILE; const char* winopt = NULL; + const char* log_ident_default; int cmdline_verbose = 0; int debug_mode = 0; #ifdef UB_ON_WINDOWS int cmdline_cfg = 0; #endif -#ifdef HAVE_SBRK - /* take debug snapshot of heap */ - unbound_start_brk = sbrk(0); -#endif - log_init(NULL, 0, NULL); - log_ident_set(strrchr(argv[0],'/')?strrchr(argv[0],'/')+1:argv[0]); + log_ident_default = strrchr(argv[0],'/')?strrchr(argv[0],'/')+1:argv[0]; + log_ident_set(log_ident_default); /* parse the options */ while( (c=getopt(argc, argv, "c:dhvw:")) != -1) { switch(c) { @@ -773,7 +727,7 @@ return 1; } - run_daemon(cfgfile, cmdline_verbose, debug_mode); + run_daemon(cfgfile, cmdline_verbose, debug_mode, log_ident_default); log_init(NULL, 0, NULL); /* close logfile */ return 0; } diff -Nru unbound-1.5.8/daemon/worker.c unbound-1.6.0/daemon/worker.c --- unbound-1.5.8/daemon/worker.c 2016-01-05 10:03:59.000000000 +0000 +++ unbound-1.6.0/daemon/worker.c 2016-12-06 14:41:14.000000000 +0000 @@ -101,57 +101,14 @@ */ #define PREFETCH_EXPIRY_ADD 60 -#ifdef UNBOUND_ALLOC_STATS -/** measure memory leakage */ -static void -debug_memleak(size_t accounted, size_t heap, - size_t total_alloc, size_t total_free) -{ - static int init = 0; - static size_t base_heap, base_accounted, base_alloc, base_free; - size_t base_af, cur_af, grow_af, grow_acc; - if(!init) { - init = 1; - base_heap = heap; - base_accounted = accounted; - base_alloc = total_alloc; - base_free = total_free; - } - base_af = base_alloc - base_free; - cur_af = total_alloc - total_free; - grow_af = cur_af - base_af; - grow_acc = accounted - base_accounted; - log_info("Leakage: %d leaked. growth: %u use, %u acc, %u heap", - (int)(grow_af - grow_acc), (unsigned)grow_af, - (unsigned)grow_acc, (unsigned)(heap - base_heap)); -} - -/** give debug heap size indication */ -static void -debug_total_mem(size_t calctotal) -{ -#ifdef HAVE_SBRK - extern void* unbound_start_brk; - extern size_t unbound_mem_alloc, unbound_mem_freed; - void* cur = sbrk(0); - int total = cur-unbound_start_brk; - log_info("Total heap memory estimate: %u total-alloc: %u " - "total-free: %u", (unsigned)total, - (unsigned)unbound_mem_alloc, (unsigned)unbound_mem_freed); - debug_memleak(calctotal, (size_t)total, - unbound_mem_alloc, unbound_mem_freed); -#else - (void)calctotal; -#endif /* HAVE_SBRK */ -} -#endif /* UNBOUND_ALLOC_STATS */ - /** Report on memory usage by this thread and global */ static void worker_mem_report(struct worker* ATTR_UNUSED(worker), struct serviced_query* ATTR_UNUSED(cur_serv)) { #ifdef UNBOUND_ALLOC_STATS + /* measure memory leakage */ + extern size_t unbound_mem_alloc, unbound_mem_freed; /* debug func in validator module */ size_t total, front, back, mesh, msg, rrset, infra, ac, superac; size_t me, iter, val, anch; @@ -199,7 +156,9 @@ (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)anch, (unsigned)ac, (unsigned)superac, (unsigned)me); - debug_total_mem(total); + log_info("Total heap memory estimate: %u total-alloc: %u " + "total-free: %u", (unsigned)total, + (unsigned)unbound_mem_alloc, (unsigned)unbound_mem_freed); #else /* no UNBOUND_ALLOC_STATS */ size_t val = 0; int i; @@ -483,15 +442,17 @@ qinfo->qname_len, qinfo->qtype, qinfo->qclass, worker->scratchpad, &msg, timenow); if(!dp) { /* no delegation, need to reprime */ - regional_free_all(worker->scratchpad); return 0; } + /* In case we have a local alias, copy it into the delegation message. + * Shallow copy should be fine, as we'll be done with msg in this + * function. */ + msg->qinfo.local_alias = qinfo->local_alias; if(must_validate) { switch(check_delegation_secure(msg->rep)) { case sec_status_unchecked: /* some rrsets have not been verified yet, go and * let validator do that */ - regional_free_all(worker->scratchpad); return 0; case sec_status_bogus: /* some rrsets are bogus, reply servfail */ @@ -499,9 +460,11 @@ edns->udp_size = EDNS_ADVERTISED_SIZE; edns->ext_rcode = 0; edns->bits &= EDNS_DO; + if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, + msg->rep, LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) + return 0; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); - regional_free_all(worker->scratchpad); if(worker->stats.extended) { worker->stats.ans_bogus++; worker->stats.ans_rcode[LDNS_RCODE_SERVFAIL]++; @@ -527,14 +490,19 @@ edns->udp_size = EDNS_ADVERTISED_SIZE; edns->ext_rcode = 0; edns->bits &= EDNS_DO; + if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, msg->rep, + (int)(flags&LDNS_RCODE_MASK), edns, worker->scratchpad)) + return 0; msg->rep->flags |= BIT_QR|BIT_RA; if(!reply_info_answer_encode(&msg->qinfo, msg->rep, id, flags, repinfo->c->buffer, 0, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { + if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, + LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) + edns->opt_list = NULL; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); } - regional_free_all(worker->scratchpad); if(worker->stats.extended) { if(secure) worker->stats.ans_secure++; server_stats_insrcode(&worker->stats, repinfo->c->buffer); @@ -553,17 +521,29 @@ int secure; int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd) && worker->env.need_to_validate; - /* see if it is possible */ - if(rep->ttl < timenow) { - /* the rrsets may have been updated in the meantime. - * we will refetch the message format from the - * authoritative server - */ - return 0; + if(worker->env.cfg->serve_expired) { + /* always lock rrsets, rep->ttl is ignored */ + if(!rrset_array_lock(rep->ref, rep->rrset_count, 0)) + return 0; + /* below, rrsets with ttl before timenow become TTL 0 in + * the response */ + /* This response was served with zero TTL */ + if (timenow >= rep->ttl) { + worker->stats.zero_ttl_responses++; + } + } else { + /* see if it is possible */ + if(rep->ttl < timenow) { + /* the rrsets may have been updated in the meantime. + * we will refetch the message format from the + * authoritative server + */ + return 0; + } + if(!rrset_array_lock(rep->ref, rep->rrset_count, timenow)) + return 0; + /* locked and ids and ttls are OK. */ } - if(!rrset_array_lock(rep->ref, rep->rrset_count, timenow)) - return 0; - /* locked and ids and ttls are OK. */ /* check CNAME chain (if any) */ if(rep->an_numrrsets > 0 && (rep->rrsets[0]->rk.type == htons(LDNS_RR_TYPE_CNAME) || rep->rrsets[0]->rk.type == @@ -574,7 +554,6 @@ bail_out: rrset_array_unlock_touch(worker->env.rrset_cache, worker->scratchpad, rep->ref, rep->rrset_count); - regional_free_all(worker->scratchpad); return 0; } } @@ -585,11 +564,13 @@ edns->udp_size = EDNS_ADVERTISED_SIZE; edns->ext_rcode = 0; edns->bits &= EDNS_DO; + if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep, + LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) + return 0; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); rrset_array_unlock_touch(worker->env.rrset_cache, worker->scratchpad, rep->ref, rep->rrset_count); - regional_free_all(worker->scratchpad); if(worker->stats.extended) { worker->stats.ans_bogus ++; worker->stats.ans_rcode[LDNS_RCODE_SERVFAIL] ++; @@ -616,9 +597,15 @@ edns->udp_size = EDNS_ADVERTISED_SIZE; edns->ext_rcode = 0; edns->bits &= EDNS_DO; + if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep, + (int)(flags&LDNS_RCODE_MASK), edns, worker->scratchpad)) + return 0; if(!reply_info_answer_encode(qinfo, rep, id, flags, repinfo->c->buffer, timenow, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { + if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, + LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) + edns->opt_list = NULL; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); } @@ -626,7 +613,6 @@ * is bad while holding locks. */ rrset_array_unlock_touch(worker->env.rrset_cache, worker->scratchpad, rep->ref, rep->rrset_count); - regional_free_all(worker->scratchpad); if(worker->stats.extended) { if(secure) worker->stats.ans_secure++; server_stats_insrcode(&worker->stats, repinfo->c->buffer); @@ -658,9 +644,11 @@ * @param pkt: buffer * @param str: string to put into text record (<255). * @param edns: edns reply information. + * @param worker: worker with scratch region. */ static void -chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns) +chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns, + struct worker* worker) { size_t len = strlen(str); unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt)); @@ -689,6 +677,9 @@ edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; edns->bits &= EDNS_DO; + if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL, + LDNS_RCODE_NOERROR, edns, worker->scratchpad)) + edns->opt_list = NULL; attach_edns_record(pkt, edns); } @@ -718,13 +709,13 @@ char buf[MAXHOSTNAMELEN+1]; if (gethostname(buf, MAXHOSTNAMELEN) == 0) { buf[MAXHOSTNAMELEN] = 0; - chaos_replystr(pkt, buf, edns); + chaos_replystr(pkt, buf, edns, w); } else { log_err("gethostname: %s", strerror(errno)); - chaos_replystr(pkt, "no hostname", edns); + chaos_replystr(pkt, "no hostname", edns, w); } } - else chaos_replystr(pkt, cfg->identity, edns); + else chaos_replystr(pkt, cfg->identity, edns, w); return 1; } if(query_dname_compare(qinfo->qname, @@ -735,8 +726,8 @@ if(cfg->hide_version) return 0; if(cfg->version==NULL || cfg->version[0]==0) - chaos_replystr(pkt, PACKAGE_STRING, edns); - else chaos_replystr(pkt, cfg->version, edns); + chaos_replystr(pkt, PACKAGE_STRING, edns, w); + else chaos_replystr(pkt, cfg->version, edns, w); return 1; } return 0; @@ -768,6 +759,8 @@ LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); + sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); + sldns_buffer_flip(c->buffer); return 1; } @@ -799,6 +792,7 @@ struct query_info qinfo; struct edns_data edns; enum acl_access acl; + struct acl_addr* acladdr; int rc = 0; if(error != NETEVENT_NOERROR) { @@ -811,8 +805,9 @@ dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type, c->buffer); #endif - acl = acl_list_lookup(worker->daemon->acl, &repinfo->addr, + acladdr = acl_addr_lookup(worker->daemon->acl, &repinfo->addr, repinfo->addrlen); + acl = acl_get_control(acladdr); if((ret=deny_refuse_all(c, acl, worker, repinfo)) != -1) { if(ret == 1) @@ -865,7 +860,7 @@ } goto send_reply; } - if((ret=parse_edns_from_pkt(c->buffer, &edns)) != 0) { + if((ret=parse_edns_from_pkt(c->buffer, &edns, worker->scratchpad)) != 0) { struct edns_data reply_edns; verbose(VERB_ALGO, "worker parse edns: formerror."); log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); @@ -876,6 +871,7 @@ error_encode(c->buffer, ret, &qinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns); + regional_free_all(worker->scratchpad); server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } @@ -884,12 +880,14 @@ edns.edns_version = EDNS_ADVERTISED_VERSION; edns.udp_size = EDNS_ADVERTISED_SIZE; edns.bits &= EDNS_DO; + edns.opt_list = NULL; verbose(VERB_ALGO, "query with bad edns version."); log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), NULL); attach_edns_record(c->buffer, &edns); + regional_free_all(worker->scratchpad); goto send_reply; } if(edns.edns_present && edns.udp_size < NORMAL_UDP_SIZE && @@ -918,6 +916,7 @@ sldns_buffer_write_at(c->buffer, 4, (uint8_t*)"\0\0\0\0\0\0\0\0", 8); sldns_buffer_flip(c->buffer); + regional_free_all(worker->scratchpad); goto send_reply; } if(worker->stats.extended) @@ -928,10 +927,15 @@ if(qinfo.qclass == LDNS_RR_CLASS_CH && answer_chaos(worker, &qinfo, &edns, c->buffer)) { server_stats_insrcode(&worker->stats, c->buffer); + regional_free_all(worker->scratchpad); goto send_reply; } - if(local_zones_answer(worker->daemon->local_zones, &qinfo, &edns, - c->buffer, worker->scratchpad, repinfo)) { + if(local_zones_answer(worker->daemon->local_zones, &worker->env, &qinfo, + &edns, c->buffer, worker->scratchpad, repinfo, acladdr->taglist, + acladdr->taglen, acladdr->tag_actions, + acladdr->tag_actions_size, acladdr->tag_datas, + acladdr->tag_datas_size, worker->daemon->cfg->tagname, + worker->daemon->cfg->num_tags, acladdr->view)) { regional_free_all(worker->scratchpad); if(sldns_buffer_limit(c->buffer) == 0) { comm_point_drop_reply(repinfo); @@ -945,6 +949,7 @@ * might need to bail out based on ACLs now. */ if((ret=deny_refuse_non_local(c, acl, worker, repinfo)) != -1) { + regional_free_all(worker->scratchpad); if(ret == 1) goto send_reply; return ret; @@ -961,46 +966,76 @@ LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); sldns_buffer_flip(c->buffer); + regional_free_all(worker->scratchpad); server_stats_insrcode(&worker->stats, c->buffer); log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; } - h = query_info_hash(&qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); - if((e=slabhash_lookup(worker->env.msg_cache, h, &qinfo, 0))) { - /* answer from cache - we have acquired a readlock on it */ - if(answer_from_cache(worker, &qinfo, - (struct reply_info*)e->data, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { - /* prefetch it if the prefetch TTL expired */ - if(worker->env.cfg->prefetch && *worker->env.now >= - ((struct reply_info*)e->data)->prefetch_ttl) { - time_t leeway = ((struct reply_info*)e-> - data)->ttl - *worker->env.now; + + /* If we've found a local alias, replace the qname with the alias + * target before resolving it. */ + if(qinfo.local_alias) { + struct ub_packed_rrset_key* rrset = qinfo.local_alias->rrset; + struct packed_rrset_data* d = rrset->entry.data; + + /* Sanity check: our current implementation only supports + * a single CNAME RRset as a local alias. */ + if(qinfo.local_alias->next || + rrset->rk.type != htons(LDNS_RR_TYPE_CNAME) || + d->count != 1) { + log_err("assumption failure: unexpected local alias"); + regional_free_all(worker->scratchpad); + return 0; /* drop it */ + } + qinfo.qname = d->rr_data[0] + 2; + qinfo.qname_len = d->rr_len[0] - 2; + } + + if(!edns_bypass_cache_stage(edns.opt_list, &worker->env)) { + h = query_info_hash(&qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); + if((e=slabhash_lookup(worker->env.msg_cache, h, &qinfo, 0))) { + /* answer from cache - we have acquired a readlock on it */ + if(answer_from_cache(worker, &qinfo, + (struct reply_info*)e->data, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, + &edns)) { + /* prefetch it if the prefetch TTL expired */ + if((worker->env.cfg->prefetch || worker->env.cfg->serve_expired) + && *worker->env.now >= + ((struct reply_info*)e->data)->prefetch_ttl) { + time_t leeway = ((struct reply_info*)e-> + data)->ttl - *worker->env.now; + if(((struct reply_info*)e->data)->ttl + < *worker->env.now) + leeway = 0; + lock_rw_unlock(&e->lock); + reply_and_prefetch(worker, &qinfo, + sldns_buffer_read_u16_at(c->buffer, 2), + repinfo, leeway); + rc = 0; + regional_free_all(worker->scratchpad); + goto send_reply_rc; + } lock_rw_unlock(&e->lock); - reply_and_prefetch(worker, &qinfo, - sldns_buffer_read_u16_at(c->buffer, 2), - repinfo, leeway); - rc = 0; - goto send_reply_rc; + regional_free_all(worker->scratchpad); + goto send_reply; } + verbose(VERB_ALGO, "answer from the cache failed"); lock_rw_unlock(&e->lock); - goto send_reply; } - verbose(VERB_ALGO, "answer from the cache failed"); - lock_rw_unlock(&e->lock); - } - if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { - if(answer_norec_from_cache(worker, &qinfo, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { - goto send_reply; + if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { + if(answer_norec_from_cache(worker, &qinfo, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, + &edns)) { + regional_free_all(worker->scratchpad); + goto send_reply; + } + verbose(VERB_ALGO, "answer norec from cache -- " + "need to validate or not primed"); } - verbose(VERB_ALGO, "answer norec from cache -- " - "need to validate or not primed"); } sldns_buffer_rewind(c->buffer); server_stats_querymiss(&worker->stats, worker); @@ -1017,6 +1052,7 @@ mesh_new_client(worker->env.mesh, &qinfo, sldns_buffer_read_u16_at(c->buffer, 2), &edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer)); + regional_free_all(worker->scratchpad); worker_mem_report(worker, NULL); return 0; @@ -1353,10 +1389,10 @@ } struct outbound_entry* -worker_send_query(uint8_t* qname, size_t qnamelen, uint16_t qtype, - uint16_t qclass, uint16_t flags, int dnssec, int want_dnssec, - int nocaps, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, struct module_qstate* q) +worker_send_query(struct query_info* qinfo, uint16_t flags, int dnssec, + int want_dnssec, int nocaps, struct sockaddr_storage* addr, + socklen_t addrlen, uint8_t* zone, size_t zonelen, int ssl_upstream, + struct module_qstate* q) { struct worker* worker = q->env->worker; struct outbound_entry* e = (struct outbound_entry*)regional_alloc( @@ -1364,11 +1400,10 @@ if(!e) return NULL; e->qstate = q; - e->qsent = outnet_serviced_query(worker->back, qname, - qnamelen, qtype, qclass, flags, dnssec, want_dnssec, nocaps, - q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr, - addrlen, zone, zonelen, worker_handle_service_reply, e, - worker->back->udp_buff); + e->qsent = outnet_serviced_query(worker->back, qinfo, flags, dnssec, + want_dnssec, nocaps, q->env->cfg->tcp_upstream, + ssl_upstream, addr, addrlen, zone, zonelen, q, + worker_handle_service_reply, e, worker->back->udp_buff, q->env); if(!e->qsent) { return NULL; } @@ -1408,13 +1443,13 @@ } /* --- fake callbacks for fptr_wlist to work --- */ -struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname), - size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), - uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), - int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), - socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q)) +struct outbound_entry* libworker_send_query( + struct query_info* ATTR_UNUSED(qinfo), + uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec), + int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps), + struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), + uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), + int ATTR_UNUSED(ssl_upstream), struct module_qstate* ATTR_UNUSED(q)) { log_assert(0); return 0; diff -Nru unbound-1.5.8/daemon/worker.h unbound-1.6.0/daemon/worker.h --- unbound-1.5.8/daemon/worker.h 2015-05-29 09:27:42.000000000 +0000 +++ unbound-1.6.0/daemon/worker.h 2016-12-06 13:42:51.000000000 +0000 @@ -61,6 +61,7 @@ struct regional; struct tube; struct daemon_remote; +struct query_info; /** worker commands */ enum worker_commands { diff -Nru unbound-1.5.8/debian/apparmor-profile unbound-1.6.0/debian/apparmor-profile --- unbound-1.5.8/debian/apparmor-profile 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/debian/apparmor-profile 2018-02-28 22:00:51.000000000 +0000 @@ -0,0 +1,45 @@ +# Author: Simon Deziel +# vim:syntax=apparmor +#include + +/usr/sbin/unbound { + #include + #include + #include + + # needlessly chown'ing the PID + deny capability chown, + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + capability sys_resource, + + # root trust anchor + owner /var/lib/unbound/root.key* rw, + + # root hints from dns-data-root + /usr/share/dns/root.* r, + + # non-chrooted paths + /etc/unbound/** r, + owner /etc/unbound/*.key* rw, + audit deny /etc/unbound/unbound_control.{key,pem} rw, + audit deny /etc/unbound/unbound_server.key w, + + # chrooted paths + /var/lib/unbound/** r, + owner /var/lib/unbound/**/*.key* rw, + audit deny /var/lib/unbound/**/unbound_control.{key,pem} rw, + audit deny /var/lib/unbound/**/unbound_server.key w, + + /usr/sbin/unbound mr, + + /{,var/}run/{unbound/,}unbound.pid rw, + + # Unix control socket + /{,var/}run/unbound.ctl rw, + + #include +} diff -Nru unbound-1.5.8/debian/changelog unbound-1.6.0/debian/changelog --- unbound-1.5.8/debian/changelog 2016-04-11 17:23:27.000000000 +0000 +++ unbound-1.6.0/debian/changelog 2019-02-14 09:16:55.000000000 +0000 @@ -1,12 +1,103 @@ -unbound (1.5.8-1ubuntu1) xenial; urgency=medium +unbound (1.6.0-3+deb9u2) xenial; urgency=emergency - * Merge from Debian (LP: #1556308): - - Revert dnstap support (dependencies not in main) - * Drop: - - Fix build failure with swig -Wdate-time. - [ Fixed in Debian 1.5.7-2 ] + * Cherry-pick upstream commit svn r4441, "patch for CVE-2017-15105: + vulnerability in the processing of wildcard synthesized NSEC records." + * Cherry-pick upstream commit svn r4528, "Added tests with wildcard + expanded NSEC records (CVE-2017-15105 test)". - -- Nishanth Aravamudan Mon, 11 Apr 2016 09:44:52 -0700 + -- tanyuliang Wed, 28 Feb 2018 17:00:51 -0500 + +unbound (1.6.0-3+deb9u1) stretch; urgency=high + + * Cherry-pick upstream commit svn r4301, "Fix install of trust anchor + when two anchors are present, makes both valid. Checks hash of DS but + not signature of new key. This fixes installs between sep11 and oct11 + 2017." + * debian/control: unbound: Add versioned dependency on dns-root-data (>= + 2017072601~) for KSK-2017 in RFC 5011 state VALID. + + -- Robert Edmonds Sun, 27 Aug 2017 00:43:42 -0400 + +unbound (1.6.0-3) unstable; urgency=medium + + * Cherry-pick upstream commit svn r4000, "Include root trust anchor id + 20326 in unbound-anchor". (Closes: #855484) + + -- Robert Edmonds Sun, 19 Feb 2017 20:04:34 -0500 + +unbound (1.6.0-2) unstable; urgency=high + + [ Helmut Grohne ] + * Only use fake_dsa when HAVE_SSL is defined (Closes: #848339) + + -- Robert Edmonds Sun, 18 Dec 2016 15:00:12 -0500 + +unbound (1.6.0-1) unstable; urgency=medium + + [ Robert Edmonds ] + * New upstream version 1.6.0 + + [ Helmut Grohne ] + * Add pkg.unbound.libonly build profile. (Closes: #847130) + + -- Robert Edmonds Thu, 15 Dec 2016 15:26:15 -0500 + +unbound (1.5.10-3) unstable; urgency=medium + + [ Helmut Grohne ] + * Fix FTCBFS: (Closes: #845941) + + Convert python Build-Depends to cross-friendly ones. + + Let dh_auto_configure pass --host to ./configure. + + -- Robert Edmonds Sun, 27 Nov 2016 14:41:30 -0500 + +unbound (1.5.10-2) unstable; urgency=medium + + * debian/unbound.install: Install usr/sbin/unbound-checkconf + (Closes: #842797) + + -- Robert Edmonds Tue, 01 Nov 2016 16:37:52 -0400 + +unbound (1.5.10-1) unstable; urgency=medium + + * New upstream version 1.5.10 + - Fixes FTBFS with OpenSSL 1.1.0 (Closes: #828584) + * debian/: Build libunbound against nettle (Closes: #828699) + * debian/: Support Python 3 (Closes: #835972) + * debian/rules: Install libunbound.pc into the libunbound-dev package + * debian/copyright: Update + + -- Robert Edmonds Tue, 04 Oct 2016 03:43:45 -0400 + +unbound (1.5.9-3) unstable; urgency=medium + + [ Nicolas Braud-Santoni ] + * debian/: Ship AppArmor profile (Closes: #518002) + * debian/control: Use HTTPS for Vcs-Git link + * debian/unbound.service: Add documentation to the systemd unit file + * debian/control: Bump Standards-Version to 3.9.8 (no changes) + + -- Robert Edmonds Sat, 06 Aug 2016 14:51:52 -0400 + +unbound (1.5.9-2) unstable; urgency=low + + * debian/unbound.init: Call start-stop-daemon with --retry for 'stop' + action (based on patch from Julien Cristau) + * debian/: Add unbound.service, unbound-resolvconf.service + (Closes: #826241) (Thanks to Michael Biebl) + * debian/rules: Configure with --with-rootkey-file=/var/lib/unbound/root.key + + -- Robert Edmonds Sun, 24 Jul 2016 19:48:56 -0400 + +unbound (1.5.9-1) unstable; urgency=medium + + * Imported Upstream version 1.5.9 + - Updated L-Root IPv6 address (Closes: #818292) + * debian/unbound.init: Add "pidfile" magic comment (Closes: #807132) + * debian/libunbound2.symbols: Add new symbol 'ub_ctx_create_ub_event' + * Enable DNS query name minimisation by default + + -- Robert Edmonds Fri, 10 Jun 2016 23:01:15 -0400 unbound (1.5.8-1) unstable; urgency=medium @@ -51,20 +142,6 @@ -- Robert Edmonds Sun, 21 Feb 2016 16:22:23 -0500 -unbound (1.5.7-1ubuntu2) xenial; urgency=medium - - * Fix build failure with swig -Wdate-time. - - -- Matthias Klose Tue, 05 Apr 2016 18:55:22 +0200 - -unbound (1.5.7-1ubuntu1) xenial; urgency=medium - - * Merge from Debian: - - Drop all existing delta - - Revert dnstap support (dependencies not in main) - - -- Stéphane Graber Thu, 07 Jan 2016 12:23:09 -0500 - unbound (1.5.7-1) unstable; urgency=medium * [3cf7971b] debian/control: Vcs-Browser should point to cgit @@ -127,57 +204,6 @@ -- Robert S. Edmonds Mon, 18 Aug 2014 16:20:28 -0400 -unbound (1.4.22-1ubuntu6) wily; urgency=medium - - * Make some lookups on a dual stacked (IPv4 and IPv6) host work. - - debian/patches/increase-max_sent_count: Increase MAX_SENT_COUNT to 32, - backported from Unbound 1.5.0 (LP: #1472510). - - Can be verified with: - # unbound-host -f /var/lib/unbound/root.key a.root-servers.net - - -- Patrik Lundin Thu, 16 Jul 2015 09:04:58 +0200 - -unbound (1.4.22-1ubuntu5) vivid; urgency=medium - - * SECURITY UPDATE: denial of service via large number of referrals - - debian/patches/CVE-2014-8602.patch: limit number of targets in - iterator/iterator.h, iterator/iterator.c. - - CVE-2014-8602 - - -- Marc Deslauriers Thu, 08 Jan 2015 10:06:14 -0500 - -unbound (1.4.22-1ubuntu4) trusty; urgency=medium - - * debian/rules: Enable full testsuite. - * debian/patches/disable_remote_control_in_tests: Disable remote control in - testbound suite so tests succeed. - - -- Jonathan Davies Mon, 07 Apr 2014 13:45:15 +0000 - -unbound (1.4.22-1ubuntu3) trusty; urgency=low - - * debian/patches/disable_chroot_by_default: Readded disable-chroot-by-default - functionality (LP: #1303088). - * debian/patches/silence_open_files_limit_warning: Readded patch. - - -- Jonathan Davies Mon, 07 Apr 2014 13:02:09 +0000 - -unbound (1.4.22-1ubuntu2) trusty; urgency=medium - - * debian/rules: Set to run unittests. - * debian/patches/debian-changes: Removed lingering changes from 1.4.22-1 - upload. - * debian/patches/disable_sldns_str2wire_rr_buf_tests: Disable test files 3 - and 5 (issue reported upstream #572). - - -- Jonathan Davies Fri, 04 Apr 2014 23:21:00 +0000 - -unbound (1.4.22-1ubuntu1) trusty; urgency=low - - * Bring back dh-autoreconf stuff from upload 1.4.21-1ubuntu1. - - -- Jonathan Davies Fri, 04 Apr 2014 19:37:52 +0000 - unbound (1.4.22-1) unstable; urgency=medium * New upstream release. diff -Nru unbound-1.5.8/debian/control unbound-1.6.0/debian/control --- unbound-1.5.8/debian/control 2016-04-11 17:23:27.000000000 +0000 +++ unbound-1.6.0/debian/control 2018-02-28 22:00:51.000000000 +0000 @@ -1,8 +1,7 @@ Source: unbound Section: net Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Debian DNS Packaging +Maintainer: Debian DNS Packaging Uploaders: Robert Edmonds , Build-Depends: @@ -10,20 +9,30 @@ autotools-dev, bison, debhelper (>= 9~), + dh-apparmor , dh-autoreconf, - dh-python, + dh-python , + dh-systemd , dpkg-dev (>= 1.16.1~), flex, libevent-dev, libexpat1-dev, - libssl-dev, + libfstrm-dev , + libprotobuf-c-dev , + libssl-dev , libtool, - python-all-dev (>= 2.6.6-3~), - swig, -Standards-Version: 3.9.6 + nettle-dev, + pkg-config, + protobuf-c-compiler , + python-all-dev:any (>= 2.6.6-3~) , + libpython-all-dev (>= 2.6.6-3~) , + python3-all-dev:any , + libpython3-all-dev , + swig , +Standards-Version: 3.9.8 Homepage: https://www.unbound.net/ Vcs-Browser: https://anonscm.debian.org/cgit/pkg-dns/unbound.git -Vcs-Git: git://anonscm.debian.org/pkg-dns/unbound.git +Vcs-Git: https://anonscm.debian.org/git/pkg-dns/unbound.git Package: libunbound-dev Section: libdevel @@ -60,6 +69,7 @@ ${misc:Depends}, ${python:Depends}, ${shlibs:Depends}, +Build-Profiles: Description: library implementing DNS resolution and validation (Python bindings) Python extension module for libunbound. . @@ -67,17 +77,34 @@ hostnames to IP addresses and back and obtain other information from the DNS. Cryptographic validation of results is performed with DNSSEC. +Package: python3-unbound +Section: python +Architecture: any +Depends: + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends}, +Build-Profiles: +Description: library implementing DNS resolution and validation (Python3 bindings) + Python3 extension module for libunbound. + . + libunbound performs and validates DNS lookups; it can be used to convert + hostnames to IP addresses and back and obtain other information from the + DNS. Cryptographic validation of results is performed with DNSSEC. + Package: unbound Architecture: any Depends: adduser, - dns-root-data, + dns-root-data (>= 2017072601~), openssl, unbound-anchor, ${misc:Depends}, ${shlibs:Depends}, Enhances: munin-node, +Suggests: apparmor +Build-Profiles: Description: validating, recursive, caching DNS resolver Unbound is a recursive-only caching DNS server which can perform DNSSEC validation of results. It implements only a minimal amount of authoritative @@ -96,6 +123,7 @@ unbound (<< 1.4.13-1), Breaks: unbound (<< 1.4.13-1), +Build-Profiles: Description: utility to securely fetch the root DNS trust anchor unbound-anchor is a utility which securely fetches or updates the root DNS zone trust anchor. A copy of the current root anchor and root update @@ -107,6 +135,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, +Build-Profiles: Description: reimplementation of the 'host' command This package provides the 'unbound-host' program that is bundled with the Unbound domain name server. This version differs from the one provided in the diff -Nru unbound-1.5.8/debian/copyright unbound-1.6.0/debian/copyright --- unbound-1.5.8/debian/copyright 2016-03-07 03:52:42.000000000 +0000 +++ unbound-1.6.0/debian/copyright 2018-02-28 22:00:51.000000000 +0000 @@ -1,57 +1,70 @@ -This package was debianized by Robert S. Edmonds on -Wed, 21 May 2008 14:13:28 -0400. +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -It was downloaded from - http://unbound.net/download.html - -Upstream Author: - Wouter Wijngaards, NLnet Labs - -Copyright: - Copyright (C) 2008 Wouter Wijngaards - Copyright (C) 2008 NLnet Labs - -License: - This software is open source. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - - Neither the name of the NLNET LABS nor the names of its contributors may - be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - -The Debian packaging is: - - Copyright (C) 2008-2011 Robert S. Edmonds +Files: * +Copyright: 2001-2016 NLnet Labs + 2008-2009 W.C.A. Wijngaards + 2008-2009 Wouter Wijngaards +License: BSD-3-NLnetLabs + This software is open source. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + Neither the name of the NLNET LABS nor the names of its contributors may + be used to endorse or promote products derived from this software without + specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Files: debian/* +Copyright: 2008-2016 Robert Edmonds +License: GPL-3 + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the full text of the GNU General Public License + version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. -and is licensed under the GPL version 3, -see `/usr/share/common-licenses/GPL-3'. +Files: compat/arc4random.c + compat/arc4random_uniform.c +Copyright: 1996 David Mazieres + 2008 Damien Miller + 2013 Markus Friedl +License: ISC -Files: compat/fake-rfc2553.c, compat/fake-rfc2553.h -Copyright: 2000-2003 Damien Miller, 1999 WIDE Project -License: BSD-3 +Files: compat/fake-rfc2553.c + compat/fake-rfc2553.h +Copyright: 2000-2003 Damien Miller + 1999 WIDE Project +License: BSD-3-WIDE Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -76,9 +89,18 @@ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +Files: compat/getentropy_linux.c + compat/getentropy_osx.c + compat/getentropy_solaris.c + compat/getentropy_win.c +Copyright: 2014 Theo de Raadt + 2014 Bob Beck +License: ISC + Files: compat/inet_aton.c Copyright: 1983, 1990, 1993 The Regents of the University of California -License: BSD-3 + 1993 Digital Equipment Corporation +License: BSD-3-Regents-DEC Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -102,10 +124,7 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -Files: compat/inet_aton.c -Copyright: 1993 Digital Equipment Corporation -License: other + . Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies, and that @@ -122,25 +141,283 @@ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -Files: compat/inet_ntop.c, compat/inet_pton.c +Files: compat/inet_ntop.c compat/inet_pton.c Copyright: 1996 Internet Software Consortium License: ISC - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. + +Files: compat/reallocarray.c +Copyright: 2008 Otto Moerbeek +License: ISC + +Files: compat/sha512.c +Copyright: 2000-2001 Aaron D. Gifford +License: BSD-3-ADG + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the copyright holder nor the names of contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. . - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - SOFTWARE. + THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +Files: compat/strlcat.c +Copyright: 1998 Todd C. Miller +License: BSD-3-Todd-Miller + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: compat/strlcpy.c Copyright: 1998 Todd C. Miller License: ISC + +Files: compat/strptime.c +Copyright: 2008 NLnet Labs + 2008 Matthijs Mekking +License: BSD-3-NLnetLabs-Mekking + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of NLnetLabs nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +Files: dns64/dns64.c + dns64/dns64.h +Copyright: 2009 Viagénie +License: BSD-3-Viagénie + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + Neither the name of Viagénie nor the names of its contributors may + be used to endorse or promote products derived from this software without + specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +Files: dnstap/dnstap.c + dnstap/dnstap.h +Copyright: 2013-2014 Farsight Security, Inc. +License: BSD-3-Farsight + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + 3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Files: libunbound/python/* + pythonmod/* +Copyright: 2008-2009 Zdenek Vasicek (vasicek AT fit.vutbr.cz) + 2008-2009 Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) +License: BSD-3-VUT + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the organization nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +Files: libunbound/python/examples/* +Copyright: 2008 Zdenek Vasicek (vasicek AT fit.vutbr.cz) + 2008 Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) +License: BSD-2-VUT + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +Files: libunbound/python/file_py3.i +Copyright: 2011 Karel Slany (karel.slany AT nic.cz) +License: BSD-3-CZ.NIC + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the organization nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +Files: util/configparser.c + util/configparser.h +Copyright: 1984-2015 Free Software Foundation, Inc. +License: GPL-3+ with Bison exception + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + . + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. + +Files: util/random.c +Copyright: 1996 David Mazieres + 2008 Damien Miller +License: ISC + +Files: util/storage/lookup3.c +Copyright: 2006 Bob Jenkins +License: public-domain + Public Domain. + +License: ISC Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. @@ -152,61 +429,4 @@ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -Files: acx_pthread.m4 -Copyright: 2006 Steven G. Johnson -License: GPL-2+ | other - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - . - As a special exception, the respective Autoconf Macro's copyright - owner gives unlimited permission to copy, distribute and modify the - configure scripts that are the output of Autoconf when processing - the Macro. You need not follow the terms of the GNU General Public - License when using or distributing such scripts, even though - portions of the text of the Macro appear in them. The GNU General - Public License (GPL) does govern all other use of the material that - constitutes the Autoconf Macro. - . - This special exception to the GPL applies to versions of the - Autoconf Macro released by the Autoconf Macro Archive. When you - make and distribute a modified version of the Autoconf Macro, you - may extend this special exception to the GPL to apply to your - modified version as well. - -Files: util/configparser.h, util/configparser.c -Copyright: (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. -License: GPL-3+ - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ +Comment: This is the pre-2007 version of the ISC license diff -Nru unbound-1.5.8/debian/libunbound2.symbols unbound-1.6.0/debian/libunbound2.symbols --- unbound-1.5.8/debian/libunbound2.symbols 2016-03-07 03:52:42.000000000 +0000 +++ unbound-1.6.0/debian/libunbound2.symbols 2018-02-28 22:00:51.000000000 +0000 @@ -7,6 +7,7 @@ ub_ctx_config@Base 1.4.1 ub_ctx_create@Base 1.4.1 ub_ctx_create_event@Base 1.4.22 + ub_ctx_create_ub_event@Base 1.5.9 ub_ctx_data_add@Base 1.4.1 ub_ctx_data_remove@Base 1.4.1 ub_ctx_debuglevel@Base 1.4.1 diff -Nru unbound-1.5.8/debian/libunbound-dev.install unbound-1.6.0/debian/libunbound-dev.install --- unbound-1.5.8/debian/libunbound-dev.install 2016-03-07 03:52:42.000000000 +0000 +++ unbound-1.6.0/debian/libunbound-dev.install 2018-02-28 22:00:51.000000000 +0000 @@ -1,2 +1,2 @@ -usr/include/unbound.h usr/include -usr/share/man/man3/libunbound.3 usr/share/man/man3 +debian/tmp-lib/usr/include/unbound.h usr/include +debian/tmp-lib/usr/share/man/man3/libunbound.3 usr/share/man/man3 diff -Nru unbound-1.5.8/debian/patches/debian-changes unbound-1.6.0/debian/patches/debian-changes --- unbound-1.5.8/debian/patches/debian-changes 2016-04-11 17:23:40.000000000 +0000 +++ unbound-1.6.0/debian/patches/debian-changes 2019-02-14 09:17:05.000000000 +0000 @@ -5,14 +5,13 @@ information below has been extracted from the changelog. Adjust it or drop it. . - unbound (1.5.8-1) unstable; urgency=medium + unbound (1.6.0-3+deb9u2) stretch; urgency=high . - * Imported Upstream version 1.5.8 - * debian/libunbound2.symbols: Add new symbol 'ub_ctx_set_stub' - * debian/unbound.postinst: Clean up permissions on the resolvconf - forwarder hook on upgrades (Closes: #816425) + * Cherry-pick upstream commit svn r4441, "patch for CVE-2017-15105: + vulnerability in the processing of wildcard synthesized NSEC records." + * Cherry-pick upstream commit svn r4528, "Added tests with wildcard + expanded NSEC records (CVE-2017-15105 test)". Author: Robert Edmonds -Bug-Debian: https://bugs.debian.org/816425 --- The information above should follow the Patch Tagging Guidelines, please @@ -25,17 +24,17 @@ Bug-Ubuntu: https://launchpad.net/bugs/ Forwarded: Reviewed-By: -Last-Update: +Last-Update: 2018-02-28 ---- unbound-1.5.8.orig/acx_python.m4 -+++ unbound-1.5.8/acx_python.m4 +--- unbound-1.6.0.orig/acx_python.m4 ++++ unbound-1.6.0/acx_python.m4 @@ -43,7 +43,12 @@ $ac_distutils_result]) if test -n "${python_path}"; then python_path="-I$python_path" fi - PYTHON_CPPFLAGS=$python_path + python_multiarch_path=`$PYTHON -c "import distutils.sysconfig; \ -+ print distutils.sysconfig.get_python_inc(plat_specific=1);"` ++ print(distutils.sysconfig.get_python_inc(plat_specific=1));"` + if test -n "${python_multiarch_path}"; then + python_multiarch_path="-I$python_multiarch_path" + fi @@ -43,9 +42,9 @@ fi AC_MSG_RESULT([$PYTHON_CPPFLAGS]) AC_SUBST([PYTHON_CPPFLAGS]) ---- unbound-1.5.8.orig/doc/unbound.conf.5.in -+++ unbound-1.5.8/doc/unbound.conf.5.in -@@ -1099,7 +1099,7 @@ section for options. To setup the corre +--- unbound-1.6.0.orig/doc/unbound.conf.5.in ++++ unbound-1.6.0/doc/unbound.conf.5.in +@@ -1205,7 +1205,7 @@ section for options. To setup the corre \fIunbound\-control\-setup\fR(8) utility. .TP 5 .B control\-enable: \fI @@ -54,8 +53,22 @@ If turned off, the server does not listen for control commands. .TP 5 .B control\-interface: \fI ---- unbound-1.5.8.orig/smallapp/unbound-control-setup.sh.in -+++ unbound-1.5.8/smallapp/unbound-control-setup.sh.in +--- unbound-1.6.0.orig/smallapp/unbound-anchor.c ++++ unbound-1.6.0/smallapp/unbound-anchor.c +@@ -241,7 +241,10 @@ static const char* + get_builtin_ds(void) + { + return +-". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"; ++/* anchor 19036 is from 2010 */ ++/* anchor 20326 is from 2017 */ ++". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n" ++". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; + } + + /** print hex data */ +--- unbound-1.6.0.orig/smallapp/unbound-control-setup.sh.in ++++ unbound-1.6.0/smallapp/unbound-control-setup.sh.in @@ -155,6 +155,6 @@ chmod o-rw $SVR_BASE.pem $SVR_BASE.key $ rm -f request.cfg rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl" @@ -64,9 +77,168 @@ +echo "Setup success. Certificates created." exit 0 ---- unbound-1.5.8.orig/util/config_file.c -+++ unbound-1.5.8/util/config_file.c -@@ -148,7 +148,7 @@ config_create(void) +--- unbound-1.6.0.orig/testcode/unitverify.c ++++ unbound-1.6.0/testcode/unitverify.c +@@ -186,7 +186,9 @@ verifytest_rrset(struct module_env* env, + ntohs(rrset->rk.rrset_class)); + } + setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */ +- sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason); ++ /* ok to give null as qstate here, won't be used for answer section. */ ++ sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason, ++ LDNS_SECTION_ANSWER, NULL); + if(vsig) { + printf("verify outcome is: %s %s\n", sec_status_to_string(sec), + reason?reason:""); +--- /dev/null ++++ unbound-1.6.0/testdata/val_nodata_failwc.rpl +@@ -0,0 +1,71 @@ ++; config options ++; The island of trust is at nsecwc.nlnetlabs.nl ++server: ++ trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" ++ val-override-date: "20181202115531" ++ target-fetch-policy: "0 0 0 0 0" ++ fake-sha1: yes ++ trust-anchor-signaling: no ++stub-zone: ++ name: "nsecwc.nlnetlabs.nl" ++ stub-addr: "185.49.140.60" ++ ++CONFIG_END ++ ++SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. ++ ++ ; ns.example.com. ++RANGE_BEGIN 0 100 ++ ADDRESS 185.49.140.60 ++ ++; response to DNSKEY priming query ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++nsecwc.nlnetlabs.nl. IN DNSKEY ++SECTION ANSWER ++nsecwc.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX ++nsecwc.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU= ++ENTRY_END ++ ++; response to query of interest ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA ++SECTION ANSWER ++SECTION AUTHORITY ++nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 ++nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY= ++; NSEC has a label lenght of 3, indication that the original owner name is: ++; *.nsecwc.nlnetlabs.nl. The NSEC therefore does no prove the NODATA answer. ++_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC ++_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw= ++SECTION ADDITIONAL ++ENTRY_END ++RANGE_END ++ ++STEP 1 QUERY ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA ++ENTRY_END ++ ++; recursion happens here. ++STEP 10 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA ++SECTION ANSWER ++SECTION AUTHORITY ++SECTION ADDITIONAL ++ENTRY_END ++ ++SCENARIO_END +--- /dev/null ++++ unbound-1.6.0/testdata/val_nx_failwc.rpl +@@ -0,0 +1,69 @@ ++; config options ++; The island of trust is at nsecwc.nlnetlabs.nl ++server: ++ trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" ++ val-override-date: "20181202115531" ++ target-fetch-policy: "0 0 0 0 0" ++ fake-sha1: yes ++ trust-anchor-signaling: no ++stub-zone: ++ name: "nsecwc.nlnetlabs.nl" ++ stub-addr: "185.49.140.60" ++ ++CONFIG_END ++ ++SCENARIO_BEGIN Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. ++ ++ ; ns.example.com. ++RANGE_BEGIN 0 100 ++ ADDRESS 185.49.140.60 ++ ++; response to DNSKEY priming query ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++nsecwc.nlnetlabs.nl. IN DNSKEY ++SECTION ANSWER ++nsecwc.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX ++nsecwc.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU= ++ENTRY_END ++ ++; response to query of interest ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NXDOMAIN ++SECTION QUESTION ++a.nsecwc.nlnetlabs.nl. IN TXT ++SECTION ANSWER ++SECTION AUTHORITY ++!.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC ++!.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw= ++nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 ++nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY= ++SECTION ADDITIONAL ++ENTRY_END ++RANGE_END ++ ++STEP 1 QUERY ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++a.nsecwc.nlnetlabs.nl. IN TXT ++ENTRY_END ++ ++; recursion happens here. ++STEP 10 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++a.nsecwc.nlnetlabs.nl. IN TXT ++SECTION ANSWER ++SECTION AUTHORITY ++SECTION ADDITIONAL ++ENTRY_END ++ ++SCENARIO_END +--- unbound-1.6.0.orig/util/config_file.c ++++ unbound-1.6.0/util/config_file.c +@@ -149,7 +149,7 @@ config_create(void) init_outgoing_availports(cfg->outgoing_avail_ports, 65536); if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; #ifdef HAVE_CHROOT @@ -75,7 +247,7 @@ #endif if(!(cfg->directory = strdup(RUN_DIR))) goto error_exit; if(!(cfg->logfile = strdup(""))) goto error_exit; -@@ -214,7 +214,7 @@ config_create(void) +@@ -219,7 +219,7 @@ config_create(void) cfg->unblock_lan_zones = 0; cfg->insecure_lan_zones = 0; cfg->python_script = NULL; @@ -84,3 +256,866 @@ cfg->control_ifs = NULL; cfg->control_port = UNBOUND_CONTROL_PORT; cfg->remote_control_use_cert = 1; +--- unbound-1.6.0.orig/util/configparser.y ++++ unbound-1.6.0/util/configparser.y +@@ -1201,9 +1201,16 @@ server_fake_dsa: VAR_FAKE_DSA STRING_ARG + OUTYY(("P(server_fake_dsa:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); +- else fake_dsa = (strcmp($2, "yes")==0); +- if(fake_dsa) +- log_warn("test option fake_dsa is enabled"); ++ else { ++ int fake_dsa_val = strcmp($2, "yes")==0; ++ if(fake_dsa_val) ++#ifdef HAVE_SSL ++ log_warn("test option fake_dsa is enabled"); ++ fake_dsa = fake_dsa_val; ++#else ++ log_warn("test option fake_dsa is ignored"); ++#endif ++ } + free($2); + } + ; +--- unbound-1.6.0.orig/validator/autotrust.c ++++ unbound-1.6.0/validator/autotrust.c +@@ -1227,17 +1227,20 @@ void autr_write_file(struct module_env* + * @param ve: validator environment (with options) for verification. + * @param tp: trust point to verify with + * @param rrset: DNSKEY rrset to verify. ++ * @param qstate: qstate with region. + * @return false on failure, true if verification successful. + */ + static int + verify_dnskey(struct module_env* env, struct val_env* ve, +- struct trust_anchor* tp, struct ub_packed_rrset_key* rrset) ++ struct trust_anchor* tp, struct ub_packed_rrset_key* rrset, ++ struct module_qstate* qstate) + { + char* reason = NULL; + uint8_t sigalg[ALGO_NEEDS_MAX+1]; + int downprot = env->cfg->harden_algo_downgrade; + enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset, +- tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason); ++ tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason, ++ qstate); + /* sigalg is ignored, it returns algorithms signalled to exist, but + * in 5011 there are no other rrsets to check. if downprot is + * enabled, then it checks that the DNSKEY is signed with all +@@ -1276,7 +1279,8 @@ min_expiry(struct module_env* env, struc + /** Is rr self-signed revoked key */ + static int + rr_is_selfsigned_revoked(struct module_env* env, struct val_env* ve, +- struct ub_packed_rrset_key* dnskey_rrset, size_t i) ++ struct ub_packed_rrset_key* dnskey_rrset, size_t i, ++ struct module_qstate* qstate) + { + enum sec_status sec; + char* reason = NULL; +@@ -1285,7 +1289,7 @@ rr_is_selfsigned_revoked(struct module_e + /* no algorithm downgrade protection necessary, if it is selfsigned + * revoked it can be removed. */ + sec = dnskey_verify_rrset(env, ve, dnskey_rrset, dnskey_rrset, i, +- &reason); ++ &reason, LDNS_SECTION_ANSWER, qstate); + return (sec == sec_status_secure); + } + +@@ -1501,7 +1505,7 @@ init_events(struct trust_anchor* tp) + static void + check_contains_revoked(struct module_env* env, struct val_env* ve, + struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset, +- int* changed) ++ int* changed, struct module_qstate* qstate) + { + struct packed_rrset_data* dd = (struct packed_rrset_data*) + dnskey_rrset->entry.data; +@@ -1521,7 +1525,7 @@ check_contains_revoked(struct module_env + } + if(!ta) + continue; /* key not found */ +- if(rr_is_selfsigned_revoked(env, ve, dnskey_rrset, i)) { ++ if(rr_is_selfsigned_revoked(env, ve, dnskey_rrset, i, qstate)) { + /* checked if there is an rrsig signed by this key. */ + /* same keytag, but stored can be revoked already, so + * compare keytags, with +0 or +128(REVOKE flag) */ +@@ -1571,6 +1575,11 @@ key_matches_a_ds(struct module_env* env, + verbose(VERB_ALGO, "DS match attempt failed"); + continue; + } ++ /* match of hash is sufficient for bootstrap of trust point */ ++ (void)reason; ++ (void)ve; ++ return 1; ++ /* no need to check RRSIG, DS hash already matched with source + if(dnskey_verify_rrset(env, ve, dnskey_rrset, + dnskey_rrset, key_idx, &reason) == sec_status_secure) { + return 1; +@@ -1578,6 +1587,7 @@ key_matches_a_ds(struct module_env* env, + verbose(VERB_ALGO, "DS match failed because the key " + "does not verify the keyset: %s", reason); + } ++ */ + } + return 0; + } +@@ -2112,7 +2122,8 @@ autr_tp_remove(struct module_env* env, s + } + + int autr_process_prime(struct module_env* env, struct val_env* ve, +- struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset) ++ struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset, ++ struct module_qstate* qstate) + { + int changed = 0; + log_assert(tp && tp->autr); +@@ -2153,7 +2164,7 @@ int autr_process_prime(struct module_env + return 1; /* trust point exists */ + } + /* check for revoked keys to remove immediately */ +- check_contains_revoked(env, ve, tp, dnskey_rrset, &changed); ++ check_contains_revoked(env, ve, tp, dnskey_rrset, &changed, qstate); + if(changed) { + verbose(VERB_ALGO, "autotrust: revokedkeys, reassemble"); + if(!autr_assemble(tp)) { +@@ -2169,7 +2180,7 @@ int autr_process_prime(struct module_env + } + } + /* verify the dnskey rrset and see if it is valid. */ +- if(!verify_dnskey(env, ve, tp, dnskey_rrset)) { ++ if(!verify_dnskey(env, ve, tp, dnskey_rrset, qstate)) { + verbose(VERB_ALGO, "autotrust: dnskey did not verify."); + /* only increase failure count if this is not the first prime, + * this means there was a previous successful probe */ +--- unbound-1.6.0.orig/validator/autotrust.h ++++ unbound-1.6.0/validator/autotrust.h +@@ -47,6 +47,7 @@ struct val_anchors; + struct trust_anchor; + struct ub_packed_rrset_key; + struct module_env; ++struct module_qstate; + struct val_env; + struct sldns_buffer; + +@@ -188,12 +189,14 @@ void autr_point_delete(struct trust_anch + * @param tp: trust anchor to process. + * @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result). + * allocated in a region. Has not been validated yet. ++ * @param qstate: qstate with region. + * @return false if trust anchor was revoked completely. + * Otherwise logs errors to log, does not change return value. + * On errors, likely the trust point has been unchanged. + */ + int autr_process_prime(struct module_env* env, struct val_env* ve, +- struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset); ++ struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset, ++ struct module_qstate* qstate); + + /** + * Debug printout of rfc5011 tracked anchors +--- unbound-1.6.0.orig/validator/val_nsec.c ++++ unbound-1.6.0/validator/val_nsec.c +@@ -176,7 +176,7 @@ val_nsec_proves_no_ds(struct ub_packed_r + static int + nsec_verify_rrset(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey, +- char** reason) ++ char** reason, struct module_qstate* qstate) + { + struct packed_rrset_data* d = (struct packed_rrset_data*) + nsec->entry.data; +@@ -185,7 +185,8 @@ nsec_verify_rrset(struct module_env* env + rrset_check_sec_status(env->rrset_cache, nsec, *env->now); + if(d->security == sec_status_secure) + return 1; +- d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason); ++ d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason, ++ LDNS_SECTION_AUTHORITY, qstate); + if(d->security == sec_status_secure) { + rrset_update_sec_status(env->rrset_cache, nsec, *env->now); + return 1; +@@ -196,7 +197,8 @@ nsec_verify_rrset(struct module_env* env + enum sec_status + val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, + struct query_info* qinfo, struct reply_info* rep, +- struct key_entry_key* kkey, time_t* proof_ttl, char** reason) ++ struct key_entry_key* kkey, time_t* proof_ttl, char** reason, ++ struct module_qstate* qstate) + { + struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns( + rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_NSEC, +@@ -213,7 +215,7 @@ val_nsec_prove_nodata_dsreply(struct mod + * 1) this is a delegation point and there is no DS + * 2) this is not a delegation point */ + if(nsec) { +- if(!nsec_verify_rrset(env, ve, nsec, kkey, reason)) { ++ if(!nsec_verify_rrset(env, ve, nsec, kkey, reason, qstate)) { + verbose(VERB_ALGO, "NSEC RRset for the " + "referral did not verify."); + return sec_status_bogus; +@@ -242,7 +244,8 @@ val_nsec_prove_nodata_dsreply(struct mod + i++) { + if(rep->rrsets[i]->rk.type != htons(LDNS_RR_TYPE_NSEC)) + continue; +- if(!nsec_verify_rrset(env, ve, rep->rrsets[i], kkey, reason)) { ++ if(!nsec_verify_rrset(env, ve, rep->rrsets[i], kkey, reason, ++ qstate)) { + verbose(VERB_ALGO, "NSEC for empty non-terminal " + "did not verify."); + return sec_status_bogus; +--- unbound-1.6.0.orig/validator/val_nsec.h ++++ unbound-1.6.0/validator/val_nsec.h +@@ -46,6 +46,7 @@ + #include "util/data/packed_rrset.h" + struct val_env; + struct module_env; ++struct module_qstate; + struct ub_packed_rrset_key; + struct reply_info; + struct query_info; +@@ -64,6 +65,7 @@ struct key_entry_key; + * @param kkey: key entry to use for verification of signatures. + * @param proof_ttl: if secure, the TTL of how long this proof lasts. + * @param reason: string explaining why bogus. ++ * @param qstate: qstate with region. + * @return security status. + * SECURE: proved absence of DS. + * INSECURE: proved that this was not a delegation point. +@@ -73,7 +75,7 @@ struct key_entry_key; + enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, + struct val_env* ve, struct query_info* qinfo, + struct reply_info* rep, struct key_entry_key* kkey, +- time_t* proof_ttl, char** reason); ++ time_t* proof_ttl, char** reason, struct module_qstate* qstate); + + /** + * nsec typemap check, takes an NSEC-type bitmap as argument, checks for type. +--- unbound-1.6.0.orig/validator/val_nsec3.c ++++ unbound-1.6.0/validator/val_nsec3.c +@@ -1285,7 +1285,7 @@ nsec3_prove_wildcard(struct module_env* + static int + list_is_secure(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key** list, size_t num, +- struct key_entry_key* kkey, char** reason) ++ struct key_entry_key* kkey, char** reason, struct module_qstate* qstate) + { + struct packed_rrset_data* d; + size_t i; +@@ -1299,7 +1299,7 @@ list_is_secure(struct module_env* env, s + if(d->security == sec_status_secure) + continue; + d->security = val_verify_rrset_entry(env, ve, list[i], kkey, +- reason); ++ reason, LDNS_SECTION_AUTHORITY, qstate); + if(d->security != sec_status_secure) { + verbose(VERB_ALGO, "NSEC3 did not verify"); + return 0; +@@ -1312,7 +1312,8 @@ list_is_secure(struct module_env* env, s + enum sec_status + nsec3_prove_nods(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key** list, size_t num, +- struct query_info* qinfo, struct key_entry_key* kkey, char** reason) ++ struct query_info* qinfo, struct key_entry_key* kkey, char** reason, ++ struct module_qstate* qstate) + { + rbtree_t ct; + struct nsec3_filter flt; +@@ -1325,7 +1326,7 @@ nsec3_prove_nods(struct module_env* env, + *reason = "no valid NSEC3s"; + return sec_status_bogus; /* no valid NSEC3s, bogus */ + } +- if(!list_is_secure(env, ve, list, num, kkey, reason)) ++ if(!list_is_secure(env, ve, list, num, kkey, reason, qstate)) + return sec_status_bogus; /* not all NSEC3 records secure */ + rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */ + filter_init(&flt, list, num, qinfo); /* init RR iterator */ +--- unbound-1.6.0.orig/validator/val_nsec3.h ++++ unbound-1.6.0/validator/val_nsec3.h +@@ -71,6 +71,7 @@ + struct val_env; + struct regional; + struct module_env; ++struct module_qstate; + struct ub_packed_rrset_key; + struct reply_info; + struct query_info; +@@ -185,6 +186,7 @@ nsec3_prove_wildcard(struct module_env* + * @param qinfo: query that is verified for. + * @param kkey: key entry that signed the NSEC3s. + * @param reason: string for bogus result. ++ * @param qstate: qstate with region. + * @return: + * sec_status SECURE of the proposition is proven by the NSEC3 RRs, + * BOGUS if not, INSECURE if all of the NSEC3s could be validly ignored. +@@ -194,7 +196,8 @@ nsec3_prove_wildcard(struct module_env* + enum sec_status + nsec3_prove_nods(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key** list, size_t num, +- struct query_info* qinfo, struct key_entry_key* kkey, char** reason); ++ struct query_info* qinfo, struct key_entry_key* kkey, char** reason, ++ struct module_qstate* qstate); + + /** + * Prove NXDOMAIN or NODATA. +--- unbound-1.6.0.orig/validator/val_sigcrypt.c ++++ unbound-1.6.0/validator/val_sigcrypt.c +@@ -479,7 +479,8 @@ int algo_needs_missing(struct algo_needs + enum sec_status + dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, +- uint8_t* sigalg, char** reason) ++ uint8_t* sigalg, char** reason, sldns_pkt_section section, ++ struct module_qstate* qstate) + { + enum sec_status sec; + size_t i, num; +@@ -506,7 +507,7 @@ dnskeyset_verify_rrset(struct module_env + } + for(i=0; inow, rrset, +- dnskey, i, &sortree, reason); ++ dnskey, i, &sortree, reason, section, qstate); + /* see which algorithm has been fixed up */ + if(sec == sec_status_secure) { + if(!sigalg) +@@ -547,7 +548,8 @@ void algo_needs_reason(struct module_env + enum sec_status + dnskey_verify_rrset(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, +- size_t dnskey_idx, char** reason) ++ size_t dnskey_idx, char** reason, sldns_pkt_section section, ++ struct module_qstate* qstate) + { + enum sec_status sec; + size_t i, num, numchecked = 0; +@@ -571,7 +573,8 @@ dnskey_verify_rrset(struct module_env* e + buf_canon = 0; + sec = dnskey_verify_rrset_sig(env->scratch, + env->scratch_buffer, ve, *env->now, rrset, +- dnskey, dnskey_idx, i, &sortree, &buf_canon, reason); ++ dnskey, dnskey_idx, i, &sortree, &buf_canon, reason, ++ section, qstate); + if(sec == sec_status_secure) + return sec; + numchecked ++; +@@ -585,7 +588,8 @@ enum sec_status + dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, + time_t now, struct ub_packed_rrset_key* rrset, + struct ub_packed_rrset_key* dnskey, size_t sig_idx, +- struct rbtree_t** sortree, char** reason) ++ struct rbtree_t** sortree, char** reason, sldns_pkt_section section, ++ struct module_qstate* qstate) + { + /* find matching keys and check them */ + enum sec_status sec = sec_status_bogus; +@@ -610,7 +614,7 @@ dnskeyset_verify_rrset_sig(struct module + /* see if key verifies */ + sec = dnskey_verify_rrset_sig(env->scratch, + env->scratch_buffer, ve, now, rrset, dnskey, i, +- sig_idx, sortree, &buf_canon, reason); ++ sig_idx, sortree, &buf_canon, reason, section, qstate); + if(sec == sec_status_secure) + return sec; + } +@@ -1115,12 +1119,15 @@ int rrset_canonical_equal(struct regiona + * signer name length. + * @param sortree: if NULL is passed a new sorted rrset tree is built. + * Otherwise it is reused. ++ * @param section: section of packet where this rrset comes from. ++ * @param qstate: qstate with region. + * @return false on alloc error. + */ + static int + rrset_canonical(struct regional* region, sldns_buffer* buf, + struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen, +- struct rbtree_t** sortree) ++ struct rbtree_t** sortree, sldns_pkt_section section, ++ struct module_qstate* qstate) + { + struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; + uint8_t* can_owner = NULL; +@@ -1169,6 +1176,20 @@ rrset_canonical(struct regional* region, + canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]); + } + sldns_buffer_flip(buf); ++ ++ /* Replace RR owner with canonical owner for NSEC records in authority ++ * section, to prevent that a wildcard synthesized NSEC can be used in ++ * the non-existence proves. */ ++ if(ntohs(k->rk.type) == LDNS_RR_TYPE_NSEC && ++ section == LDNS_SECTION_AUTHORITY) { ++ k->rk.dname = regional_alloc_init(qstate->region, can_owner, ++ can_owner_len); ++ if(!k->rk.dname) ++ return 0; ++ k->rk.dname_len = can_owner_len; ++ } ++ ++ + return 1; + } + +@@ -1312,7 +1333,8 @@ dnskey_verify_rrset_sig(struct regional* + struct val_env* ve, time_t now, + struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, + size_t dnskey_idx, size_t sig_idx, +- struct rbtree_t** sortree, int* buf_canon, char** reason) ++ struct rbtree_t** sortree, int* buf_canon, char** reason, ++ sldns_pkt_section section, struct module_qstate* qstate) + { + enum sec_status sec; + uint8_t* sig; /* RRSIG rdata */ +@@ -1411,7 +1433,7 @@ dnskey_verify_rrset_sig(struct regional* + /* create rrset canonical format in buffer, ready for + * signature */ + if(!rrset_canonical(region, buf, rrset, sig+2, +- 18 + signer_len, sortree)) { ++ 18 + signer_len, sortree, section, qstate)) { + log_err("verify: failed due to alloc error"); + return sec_status_unchecked; + } +--- unbound-1.6.0.orig/validator/val_sigcrypt.h ++++ unbound-1.6.0/validator/val_sigcrypt.h +@@ -44,8 +44,10 @@ + #ifndef VALIDATOR_VAL_SIGCRYPT_H + #define VALIDATOR_VAL_SIGCRYPT_H + #include "util/data/packed_rrset.h" ++#include "sldns/pkthdr.h" + struct val_env; + struct module_env; ++struct module_qstate; + struct ub_packed_rrset_key; + struct rbtree_t; + struct regional; +@@ -237,13 +239,16 @@ uint16_t dnskey_get_flags(struct ub_pack + * @param sigalg: if nonNULL provide downgrade protection otherwise one + * algorithm is enough. + * @param reason: if bogus, a string returned, fixed or alloced in scratch. ++ * @param section: section of packet where this rrset comes from. ++ * @param qstate: qstate with region. + * @return SECURE if one key in the set verifies one rrsig. + * UNCHECKED on allocation errors, unsupported algorithms, malformed data, + * and BOGUS on verification failures (no keys match any signatures). + */ + enum sec_status dnskeyset_verify_rrset(struct module_env* env, + struct val_env* ve, struct ub_packed_rrset_key* rrset, +- struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason); ++ struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason, ++ sldns_pkt_section section, struct module_qstate* qstate); + + /** + * verify rrset against one specific dnskey (from rrset) +@@ -253,12 +258,15 @@ enum sec_status dnskeyset_verify_rrset(s + * @param dnskey: DNSKEY rrset, keyset. + * @param dnskey_idx: which key from the rrset to try. + * @param reason: if bogus, a string returned, fixed or alloced in scratch. ++ * @param section: section of packet where this rrset comes from. ++ * @param qstate: qstate with region. + * @return secure if *this* key signs any of the signatures on rrset. + * unchecked on error or and bogus on bad signature. + */ + enum sec_status dnskey_verify_rrset(struct module_env* env, + struct val_env* ve, struct ub_packed_rrset_key* rrset, +- struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, char** reason); ++ struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, char** reason, ++ sldns_pkt_section section, struct module_qstate* qstate); + + /** + * verify rrset, with dnskey rrset, for a specific rrsig in rrset +@@ -271,13 +279,16 @@ enum sec_status dnskey_verify_rrset(stru + * @param sortree: reused sorted order. Stored in region. Pass NULL at start, + * and for a new rrset. + * @param reason: if bogus, a string returned, fixed or alloced in scratch. ++ * @param section: section of packet where this rrset comes from. ++ * @param qstate: qstate with region. + * @return secure if any key signs *this* signature. bogus if no key signs it, + * or unchecked on error. + */ + enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, + struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, + struct ub_packed_rrset_key* dnskey, size_t sig_idx, +- struct rbtree_t** sortree, char** reason); ++ struct rbtree_t** sortree, char** reason, sldns_pkt_section section, ++ struct module_qstate* qstate); + + /** + * verify rrset, with specific dnskey(from set), for a specific rrsig +@@ -295,6 +306,8 @@ enum sec_status dnskeyset_verify_rrset_s + * pass false at start. pass old value only for same rrset and same + * signature (but perhaps different key) for reuse. + * @param reason: if bogus, a string returned, fixed or alloced in scratch. ++ * @param section: section of packet where this rrset comes from. ++ * @param qstate: qstate with region. + * @return secure if this key signs this signature. unchecked on error or + * bogus if it did not validate. + */ +@@ -302,7 +315,8 @@ enum sec_status dnskey_verify_rrset_sig( + struct sldns_buffer* buf, struct val_env* ve, time_t now, + struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, + size_t dnskey_idx, size_t sig_idx, +- struct rbtree_t** sortree, int* buf_canon, char** reason); ++ struct rbtree_t** sortree, int* buf_canon, char** reason, ++ sldns_pkt_section section, struct module_qstate* qstate); + + /** + * canonical compare for two tree entries +--- unbound-1.6.0.orig/validator/val_utils.c ++++ unbound-1.6.0/validator/val_utils.c +@@ -334,7 +334,8 @@ rrset_get_ttl(struct ub_packed_rrset_key + enum sec_status + val_verify_rrset(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys, +- uint8_t* sigalg, char** reason) ++ uint8_t* sigalg, char** reason, sldns_pkt_section section, ++ struct module_qstate* qstate) + { + enum sec_status sec; + struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> +@@ -356,7 +357,8 @@ val_verify_rrset(struct module_env* env, + } + log_nametypeclass(VERB_ALGO, "verify rrset", rrset->rk.dname, + ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class)); +- sec = dnskeyset_verify_rrset(env, ve, rrset, keys, sigalg, reason); ++ sec = dnskeyset_verify_rrset(env, ve, rrset, keys, sigalg, reason, ++ section, qstate); + verbose(VERB_ALGO, "verify result: %s", sec_status_to_string(sec)); + regional_free_all(env->scratch); + +@@ -389,7 +391,7 @@ val_verify_rrset(struct module_env* env, + enum sec_status + val_verify_rrset_entry(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* rrset, struct key_entry_key* kkey, +- char** reason) ++ char** reason, sldns_pkt_section section, struct module_qstate* qstate) + { + /* temporary dnskey rrset-key */ + struct ub_packed_rrset_key dnskey; +@@ -402,7 +404,8 @@ val_verify_rrset_entry(struct module_env + dnskey.rk.dname_len = kkey->namelen; + dnskey.entry.key = &dnskey; + dnskey.entry.data = kd->rrset_data; +- sec = val_verify_rrset(env, ve, rrset, &dnskey, kd->algo, reason); ++ sec = val_verify_rrset(env, ve, rrset, &dnskey, kd->algo, reason, ++ section, qstate); + return sec; + } + +@@ -410,7 +413,8 @@ val_verify_rrset_entry(struct module_env + static enum sec_status + verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* dnskey_rrset, +- struct ub_packed_rrset_key* ds_rrset, size_t ds_idx, char** reason) ++ struct ub_packed_rrset_key* ds_rrset, size_t ds_idx, char** reason, ++ struct module_qstate* qstate) + { + enum sec_status sec = sec_status_bogus; + size_t i, num, numchecked = 0, numhashok = 0; +@@ -441,7 +445,7 @@ verify_dnskeys_with_ds_rr(struct module_ + /* Otherwise, we have a match! Make sure that the DNSKEY + * verifies *with this key* */ + sec = dnskey_verify_rrset(env, ve, dnskey_rrset, +- dnskey_rrset, i, reason); ++ dnskey_rrset, i, reason, LDNS_SECTION_ANSWER, qstate); + if(sec == sec_status_secure) { + return sec; + } +@@ -477,7 +481,8 @@ int val_favorite_ds_algo(struct ub_packe + enum sec_status + val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* dnskey_rrset, +- struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason) ++ struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason, ++ struct module_qstate* qstate) + { + /* as long as this is false, we can consider this DS rrset to be + * equivalent to no DS rrset. */ +@@ -514,7 +519,7 @@ val_verify_DNSKEY_with_DS(struct module_ + has_useful_ds = 1; + + sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, +- ds_rrset, i, reason); ++ ds_rrset, i, reason, qstate); + if(sec == sec_status_secure) { + if(!sigalg || algo_needs_set_secure(&needs, + (uint8_t)ds_get_key_algo(ds_rrset, i))) { +@@ -547,11 +552,12 @@ val_verify_DNSKEY_with_DS(struct module_ + struct key_entry_key* + val_verify_new_DNSKEYs(struct regional* region, struct module_env* env, + struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, +- struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason) ++ struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason, ++ struct module_qstate* qstate) + { + uint8_t sigalg[ALGO_NEEDS_MAX+1]; + enum sec_status sec = val_verify_DNSKEY_with_DS(env, ve, +- dnskey_rrset, ds_rrset, downprot?sigalg:NULL, reason); ++ dnskey_rrset, ds_rrset, downprot?sigalg:NULL, reason, qstate); + + if(sec == sec_status_secure) { + return key_entry_create_rrset(region, +@@ -573,7 +579,8 @@ enum sec_status + val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* dnskey_rrset, + struct ub_packed_rrset_key* ta_ds, +- struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason) ++ struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason, ++ struct module_qstate* qstate) + { + /* as long as this is false, we can consider this anchor to be + * equivalent to no anchor. */ +@@ -624,7 +631,7 @@ val_verify_DNSKEY_with_TA(struct module_ + has_useful_ta = 1; + + sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, +- ta_ds, i, reason); ++ ta_ds, i, reason, qstate); + if(sec == sec_status_secure) { + if(!sigalg || algo_needs_set_secure(&needs, + (uint8_t)ds_get_key_algo(ta_ds, i))) { +@@ -650,7 +657,7 @@ val_verify_DNSKEY_with_TA(struct module_ + has_useful_ta = 1; + + sec = dnskey_verify_rrset(env, ve, dnskey_rrset, +- ta_dnskey, i, reason); ++ ta_dnskey, i, reason, LDNS_SECTION_ANSWER, qstate); + if(sec == sec_status_secure) { + if(!sigalg || algo_needs_set_secure(&needs, + (uint8_t)dnskey_get_algo(ta_dnskey, i))) { +@@ -684,12 +691,12 @@ val_verify_new_DNSKEYs_with_ta(struct re + struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, + struct ub_packed_rrset_key* ta_ds_rrset, + struct ub_packed_rrset_key* ta_dnskey_rrset, int downprot, +- char** reason) ++ char** reason, struct module_qstate* qstate) + { + uint8_t sigalg[ALGO_NEEDS_MAX+1]; + enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, + dnskey_rrset, ta_ds_rrset, ta_dnskey_rrset, +- downprot?sigalg:NULL, reason); ++ downprot?sigalg:NULL, reason, qstate); + + if(sec == sec_status_secure) { + return key_entry_create_rrset(region, +--- unbound-1.6.0.orig/validator/val_utils.h ++++ unbound-1.6.0/validator/val_utils.h +@@ -42,10 +42,12 @@ + #ifndef VALIDATOR_VAL_UTILS_H + #define VALIDATOR_VAL_UTILS_H + #include "util/data/packed_rrset.h" ++#include "sldns/pkthdr.h" + struct query_info; + struct reply_info; + struct val_env; + struct module_env; ++struct module_qstate; + struct ub_packed_rrset_key; + struct key_entry_key; + struct regional; +@@ -120,11 +122,14 @@ void val_find_signer(enum val_classifica + * @param sigalg: if nonNULL provide downgrade protection otherwise one + * algorithm is enough. Algo list is constructed in here. + * @param reason: reason of failure. Fixed string or alloced in scratch. ++ * @param section: section of packet where this rrset comes from. ++ * @param qstate: qstate with region. + * @return security status of verification. + */ + enum sec_status val_verify_rrset(struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys, +- uint8_t* sigalg, char** reason); ++ uint8_t* sigalg, char** reason, sldns_pkt_section section, ++ struct module_qstate* qstate); + + /** + * Verify RRset with keys from a keyset. +@@ -133,11 +138,14 @@ enum sec_status val_verify_rrset(struct + * @param rrset: what to verify + * @param kkey: key_entry to verify with. + * @param reason: reason of failure. Fixed string or alloced in scratch. ++ * @param section: section of packet where this rrset comes from. ++ * @param qstate: qstate with region. + * @return security status of verification. + */ + enum sec_status val_verify_rrset_entry(struct module_env* env, + struct val_env* ve, struct ub_packed_rrset_key* rrset, +- struct key_entry_key* kkey, char** reason); ++ struct key_entry_key* kkey, char** reason, sldns_pkt_section section, ++ struct module_qstate* qstate); + + /** + * Verify DNSKEYs with DS rrset. Like val_verify_new_DNSKEYs but +@@ -150,13 +158,15 @@ enum sec_status val_verify_rrset_entry(s + * algorithm is enough. The list of signalled algorithms is returned, + * must have enough space for ALGO_NEEDS_MAX+1. + * @param reason: reason of failure. Fixed string or alloced in scratch. ++ * @param qstate: qstate with region. + * @return: sec_status_secure if a DS matches. + * sec_status_insecure if end of trust (i.e., unknown algorithms). + * sec_status_bogus if it fails. + */ + enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, + struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, +- struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason); ++ struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason, ++ struct module_qstate* qstate); + + /** + * Verify DNSKEYs with DS and DNSKEY rrset. Like val_verify_DNSKEY_with_DS +@@ -170,6 +180,7 @@ enum sec_status val_verify_DNSKEY_with_D + * algorithm is enough. The list of signalled algorithms is returned, + * must have enough space for ALGO_NEEDS_MAX+1. + * @param reason: reason of failure. Fixed string or alloced in scratch. ++ * @param qstate: qstate with region. + * @return: sec_status_secure if a DS matches. + * sec_status_insecure if end of trust (i.e., unknown algorithms). + * sec_status_bogus if it fails. +@@ -177,7 +188,8 @@ enum sec_status val_verify_DNSKEY_with_D + enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env, + struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, + struct ub_packed_rrset_key* ta_ds, +- struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason); ++ struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason, ++ struct module_qstate* qstate); + + /** + * Verify new DNSKEYs with DS rrset. The DS contains hash values that should +@@ -192,6 +204,7 @@ enum sec_status val_verify_DNSKEY_with_T + * @param downprot: if true provide downgrade protection otherwise one + * algorithm is enough. + * @param reason: reason of failure. Fixed string or alloced in scratch. ++ * @param qstate: qstate with region. + * @return a KeyEntry. This will either contain the now trusted + * dnskey_rrset, a "null" key entry indicating that this DS + * rrset/DNSKEY pair indicate an secure end to the island of trust +@@ -205,7 +218,8 @@ enum sec_status val_verify_DNSKEY_with_T + struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, + struct module_env* env, struct val_env* ve, + struct ub_packed_rrset_key* dnskey_rrset, +- struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason); ++ struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason, ++ struct module_qstate* qstate); + + + /** +@@ -220,6 +234,7 @@ struct key_entry_key* val_verify_new_DNS + * @param downprot: if true provide downgrade protection otherwise one + * algorithm is enough. + * @param reason: reason of failure. Fixed string or alloced in scratch. ++ * @param qstate: qstate with region. + * @return a KeyEntry. This will either contain the now trusted + * dnskey_rrset, a "null" key entry indicating that this DS + * rrset/DNSKEY pair indicate an secure end to the island of trust +@@ -235,7 +250,7 @@ struct key_entry_key* val_verify_new_DNS + struct ub_packed_rrset_key* dnskey_rrset, + struct ub_packed_rrset_key* ta_ds_rrset, + struct ub_packed_rrset_key* ta_dnskey_rrset, +- int downprot, char** reason); ++ int downprot, char** reason, struct module_qstate* qstate); + + /** + * Determine if DS rrset is usable for validator or not. +@@ -252,7 +267,7 @@ int val_dsset_isusable(struct ub_packed_ + * the result of a wildcard expansion. If so, return the name of the + * generating wildcard. + * +- * @param rrset The rrset to chedck. ++ * @param rrset The rrset to check. + * @param wc: the wildcard name, if the rrset was synthesized from a wildcard. + * unchanged if not. The wildcard name, without "*." in front, is + * returned. This is a pointer into the rrset owner name. +--- unbound-1.6.0.orig/validator/validator.c ++++ unbound-1.6.0/validator/validator.c +@@ -490,7 +490,8 @@ validate_msg_signatures(struct module_qs + } + + /* Verify the answer rrset */ +- sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason); ++ sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason, ++ LDNS_SECTION_ANSWER, qstate); + /* If the (answer) rrset failed to validate, then this + * message is BAD. */ + if(sec != sec_status_secure) { +@@ -519,7 +520,8 @@ validate_msg_signatures(struct module_qs + for(i=chase_reply->an_numrrsets; ian_numrrsets+ + chase_reply->ns_numrrsets; i++) { + s = chase_reply->rrsets[i]; +- sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason); ++ sec = val_verify_rrset_entry(env, ve, s, key_entry, &reason, ++ LDNS_SECTION_AUTHORITY, qstate); + /* If anything in the authority section fails to be secure, + * we have a bad message. */ + if(sec != sec_status_secure) { +@@ -545,7 +547,7 @@ validate_msg_signatures(struct module_qs + val_find_rrset_signer(s, &sname, &slen); + if(sname && query_dname_compare(sname, key_entry->name)==0) + (void)val_verify_rrset_entry(env, ve, s, key_entry, +- &reason); ++ &reason, LDNS_SECTION_ADDITIONAL, qstate); + /* the additional section can fail to be secure, + * it is optional, check signature in case we need + * to clean the additional section later. */ +@@ -2389,7 +2391,7 @@ primeResponseToKE(struct ub_packed_rrset + /* attempt to verify with trust anchor DS and DNSKEY */ + kkey = val_verify_new_DNSKEYs_with_ta(qstate->region, qstate->env, ve, + dnskey_rrset, ta->ds_rrset, ta->dnskey_rrset, downprot, +- &reason); ++ &reason, qstate); + if(!kkey) { + log_err("out of memory: verifying prime TA"); + return NULL; +@@ -2479,7 +2481,7 @@ ds_response_to_ke(struct module_qstate* + /* Verify only returns BOGUS or SECURE. If the rrset is + * bogus, then we are done. */ + sec = val_verify_rrset_entry(qstate->env, ve, ds, +- vq->key_entry, &reason); ++ vq->key_entry, &reason, LDNS_SECTION_ANSWER, qstate); + if(sec != sec_status_secure) { + verbose(VERB_DETAIL, "DS rrset in DS response did " + "not verify"); +@@ -2526,7 +2528,7 @@ ds_response_to_ke(struct module_qstate* + /* Try to prove absence of the DS with NSEC */ + sec = val_nsec_prove_nodata_dsreply( + qstate->env, ve, qinfo, msg->rep, vq->key_entry, +- &proof_ttl, &reason); ++ &proof_ttl, &reason, qstate); + switch(sec) { + case sec_status_secure: + verbose(VERB_DETAIL, "NSEC RRset for the " +@@ -2554,7 +2556,8 @@ ds_response_to_ke(struct module_qstate* + + sec = nsec3_prove_nods(qstate->env, ve, + msg->rep->rrsets + msg->rep->an_numrrsets, +- msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason); ++ msg->rep->ns_numrrsets, qinfo, vq->key_entry, &reason, ++ qstate); + switch(sec) { + case sec_status_insecure: + /* case insecure also continues to unsigned +@@ -2615,7 +2618,7 @@ ds_response_to_ke(struct module_qstate* + goto return_bogus; + } + sec = val_verify_rrset_entry(qstate->env, ve, cname, +- vq->key_entry, &reason); ++ vq->key_entry, &reason, LDNS_SECTION_ANSWER, qstate); + if(sec == sec_status_secure) { + verbose(VERB_ALGO, "CNAME validated, " + "proof that DS does not exist"); +@@ -2781,7 +2784,7 @@ process_dnskey_response(struct module_qs + } + downprot = qstate->env->cfg->harden_algo_downgrade; + vq->key_entry = val_verify_new_DNSKEYs(qstate->region, qstate->env, +- ve, dnskey, vq->ds_rrset, downprot, &reason); ++ ve, dnskey, vq->ds_rrset, downprot, &reason, qstate); + + if(!vq->key_entry) { + log_err("out of memory in verify new DNSKEYs"); +@@ -2856,7 +2859,8 @@ process_prime_response(struct module_qst + ta->dclass); + } + if(ta->autr) { +- if(!autr_process_prime(qstate->env, ve, ta, dnskey_rrset)) { ++ if(!autr_process_prime(qstate->env, ve, ta, dnskey_rrset, ++ qstate)) { + /* trust anchor revoked, restart with less anchors */ + vq->state = VAL_INIT_STATE; + vq->trust_anchor_name = NULL; diff -Nru unbound-1.5.8/debian/root-auto-trust-anchor-file.conf unbound-1.6.0/debian/root-auto-trust-anchor-file.conf --- unbound-1.5.8/debian/root-auto-trust-anchor-file.conf 2016-03-07 03:52:42.000000000 +0000 +++ unbound-1.6.0/debian/root-auto-trust-anchor-file.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -server: - # The following line will configure unbound to perform cryptographic - # DNSSEC validation using the root trust anchor. - auto-trust-anchor-file: "/var/lib/unbound/root.key" diff -Nru unbound-1.5.8/debian/rules unbound-1.6.0/debian/rules --- unbound-1.5.8/debian/rules 2016-04-11 17:23:27.000000000 +0000 +++ unbound-1.6.0/debian/rules 2018-02-28 22:00:51.000000000 +0000 @@ -8,6 +8,7 @@ endif LIBRARY = libunbound2 +DOPACKAGES = $(shell dh_listpackages) export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 @@ -27,48 +28,87 @@ dh_autoreconf dh_autotools-dev_updateconfig +ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) # first build -- build unbound daemon - CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ + PYTHON_VERSION="$(shell py3versions -vd)" \ + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + dh_auto_configure -- \ --disable-rpath \ --with-pidfile=/run/unbound.pid \ + --with-rootkey-file=/var/lib/unbound/root.key \ --with-libevent \ --with-pythonmodule \ + --enable-dnstap \ + --with-dnstap-socket-path=/run/dnstap.sock \ + --libdir=/usr/lib \ + $(CONFIGURE_ARGS) + $(MAKE) + $(MAKE) install DESTDIR="$(CURDIR)/debian/tmp" + $(MAKE) clean +endif + + # second build -- build libunbound only, against nettle + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + dh_auto_configure -- \ + --disable-rpath \ + --with-libunbound-only \ + --with-nettle \ + --with-rootkey-file=/var/lib/unbound/root.key \ + --without-libevent \ + --without-pythonmodule \ + --without-pyunbound \ + $(CONFIGURE_ARGS) + $(MAKE) + $(MAKE) install DESTDIR="$(CURDIR)/debian/tmp-lib" + install -D -m 0644 contrib/libunbound.pc \ + $(CURDIR)/debian/libunbound-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libunbound.pc + $(MAKE) clean + +ifneq (,$(filter python-unbound,$(DOPACKAGES))) + # third build - pyunbound for Python 2 + PYTHON_VERSION="$(shell pyversions -vd)" \ + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + dh_auto_configure -- \ + --disable-rpath \ + --with-pythonmodule \ --with-pyunbound \ $(CONFIGURE_ARGS) - $(MAKE) unbound unbound-checkconf - install -D -m 0755 unbound debian/unbound/usr/sbin/unbound - install -D -m 0755 unbound-checkconf debian/unbound/usr/sbin/unbound-checkconf - - # XXX gross hack to prevent python module from linking against everything - rm -f _unbound.la - sed -i -e 's/^dependency_libs=.*/dependency_libs=''/' libunbound.la - make _unbound.la LIBS="" + $(MAKE) _unbound.la install -D -m 0644 .libs/_unbound.so \ debian/python-unbound/usr/lib/$(shell pyversions -d)/dist-packages/_unbound.so install -m 0644 \ pythonmod/unboundmodule.py \ libunbound/python/unbound.py \ debian/python-unbound/usr/lib/$(shell pyversions -d)/dist-packages - $(MAKE) clean +endif - # second build -- build libunbound and utilities, without extra dependencies - CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ +ifneq (,$(filter python3-unbound,$(DOPACKAGES))) + # fourth build - pyunbound for Python 3 + PYTHON_VERSION="$(shell py3versions -vd)" \ + CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="-Wl,--as-needed $(LDFLAGS)" \ + dh_auto_configure -- \ --disable-rpath \ - --without-libevent \ - --without-pythonmodule \ - --without-pyunbound \ - --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) - - $(MAKE) - $(MAKE) install DESTDIR="$(CURDIR)/debian/tmp" + --with-pythonmodule \ + --with-pyunbound \ + $(CONFIGURE_ARGS) + $(MAKE) _unbound.la + install -D -m 0644 .libs/_unbound.so \ + debian/python3-unbound/usr/lib/$(shell py3versions -d)/dist-packages/_unbound.so + install -m 0644 \ + pythonmod/unboundmodule.py \ + libunbound/python/unbound.py \ + debian/python3-unbound/usr/lib/$(shell py3versions -d)/dist-packages + $(MAKE) clean +endif dh_installdirs +ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) + dh_systemd_enable -p unbound + dh_systemd_enable -p unbound --name=unbound-resolvconf + dh_systemd_start -p unbound unbound.service + dh_installinit --error-handler=true --restart-after-upgrade echo '$$named unbound' > debian/unbound/etc/insserv.conf.d/unbound @@ -77,16 +117,17 @@ install -m 0644 doc/example.conf debian/unbound/usr/share/doc/unbound/examples/unbound.conf install -m 0644 contrib/update-anchor.sh debian/unbound/usr/share/doc/unbound/contrib install -D -m 0755 contrib/unbound_munin_ debian/unbound/usr/share/munin/plugins/unbound_munin_ +endif mkdir -p debian/libunbound-dev/usr/lib/$(DEB_HOST_MULTIARCH) mv \ - debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libunbound.a \ - debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libunbound.so \ + debian/tmp-lib/usr/lib/$(DEB_HOST_MULTIARCH)/libunbound.a \ + debian/tmp-lib/usr/lib/$(DEB_HOST_MULTIARCH)/libunbound.so \ debian/libunbound-dev/usr/lib/$(DEB_HOST_MULTIARCH) mkdir -p debian/$(LIBRARY)/usr/lib/$(DEB_HOST_MULTIARCH) mv \ - debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.* \ + debian/tmp-lib/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.* \ debian/$(LIBRARY)/usr/lib/$(DEB_HOST_MULTIARCH) chmod 0644 debian/$(LIBRARY)/usr/lib/$(DEB_HOST_MULTIARCH)/* @@ -94,9 +135,21 @@ dh_installchangelogs dh_installdocs dh_installman +ifneq (,$(filter python-unbound,$(DOPACKAGES))) dh_python2 --no-guessing-versions +endif +ifneq (,$(filter python3-unbound,$(DOPACKAGES))) + dh_python3 +endif dh_strip dh_compress -Xusr/share/doc/unbound/examples/unbound.conf + +ifneq (,$(filter unbound unbound-anchor unbound-host,$(DOPACKAGES))) + mkdir -p debian/unbound/etc/apparmor.d + cp debian/apparmor-profile debian/unbound/etc/apparmor.d/usr.sbin.unbound + dh_apparmor --profile-name=usr.sbin.unbound -punbound +endif + dh_fixperms dh_makeshlibs dh_installdeb diff -Nru unbound-1.5.8/debian/unbound.conf.d/qname-minimisation.conf unbound-1.6.0/debian/unbound.conf.d/qname-minimisation.conf --- unbound-1.5.8/debian/unbound.conf.d/qname-minimisation.conf 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/debian/unbound.conf.d/qname-minimisation.conf 2018-02-28 22:00:51.000000000 +0000 @@ -0,0 +1,9 @@ +server: + # Send minimum amount of information to upstream servers to enhance + # privacy. Only sends minimum required labels of the QNAME and sets + # QTYPE to NS when possible. + + # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for + # details. + + qname-minimisation: yes diff -Nru unbound-1.5.8/debian/unbound.conf.d/root-auto-trust-anchor-file.conf unbound-1.6.0/debian/unbound.conf.d/root-auto-trust-anchor-file.conf --- unbound-1.5.8/debian/unbound.conf.d/root-auto-trust-anchor-file.conf 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/debian/unbound.conf.d/root-auto-trust-anchor-file.conf 2018-02-28 22:00:51.000000000 +0000 @@ -0,0 +1,4 @@ +server: + # The following line will configure unbound to perform cryptographic + # DNSSEC validation using the root trust anchor. + auto-trust-anchor-file: "/var/lib/unbound/root.key" diff -Nru unbound-1.5.8/debian/unbound.init unbound-1.6.0/debian/unbound.init --- unbound-1.5.8/debian/unbound.init 2016-03-07 03:52:42.000000000 +0000 +++ unbound-1.6.0/debian/unbound.init 2018-02-28 22:00:51.000000000 +0000 @@ -7,6 +7,7 @@ # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO +# pidfile: /run/unbound.pid NAME="unbound" DESC="DNS server" @@ -41,7 +42,7 @@ stop) log_daemon_msg "Stopping $DESC" "$NAME" - if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME; then + if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME --retry 5; then $HELPER resolvconf_stop log_end_msg 0 else diff -Nru unbound-1.5.8/debian/unbound.install unbound-1.6.0/debian/unbound.install --- unbound-1.5.8/debian/unbound.install 2016-03-07 03:52:42.000000000 +0000 +++ unbound-1.6.0/debian/unbound.install 2018-02-28 22:00:51.000000000 +0000 @@ -1,6 +1,9 @@ -debian/root-auto-trust-anchor-file.conf etc/unbound/unbound.conf.d debian/package-helper usr/lib/unbound debian/unbound.conf etc/unbound +debian/unbound.conf.d/qname-minimisation.conf etc/unbound/unbound.conf.d +debian/unbound.conf.d/root-auto-trust-anchor-file.conf etc/unbound/unbound.conf.d +usr/sbin/unbound usr/sbin +usr/sbin/unbound-checkconf usr/sbin usr/sbin/unbound-control usr/sbin usr/sbin/unbound-control-setup usr/sbin usr/share/man/man5/unbound.conf.5 usr/share/man/man5 diff -Nru unbound-1.5.8/debian/unbound.service unbound-1.6.0/debian/unbound.service --- unbound-1.5.8/debian/unbound.service 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/debian/unbound.service 2018-02-28 22:00:51.000000000 +0000 @@ -0,0 +1,18 @@ +[Unit] +Description=Unbound DNS server +Documentation=man:unbound(8) +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +Type=simple +Restart=on-failure +EnvironmentFile=-/etc/default/unbound +ExecStartPre=-/usr/lib/unbound/package-helper chroot_setup +ExecStartPre=-/usr/lib/unbound/package-helper root_trust_anchor_update +ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS +ExecReload=/usr/sbin/unbound-control reload + +[Install] +WantedBy=multi-user.target diff -Nru unbound-1.5.8/debian/unbound.unbound-resolvconf.service unbound-1.6.0/debian/unbound.unbound-resolvconf.service --- unbound-1.5.8/debian/unbound.unbound-resolvconf.service 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/debian/unbound.unbound-resolvconf.service 2018-02-28 22:00:51.000000000 +0000 @@ -0,0 +1,13 @@ +[Unit] +Description=Unbound DNS server via resolvconf +After=unbound.service +PartOf=unbound.service +ConditionFileIsExecutable=/sbin/resolvconf + +[Service] +RemainAfterExit=yes +ExecStart=/usr/lib/unbound/package-helper resolvconf_start +ExecStop=/usr/lib/unbound/package-helper resolvconf_stop + +[Install] +WantedBy=unbound.service diff -Nru unbound-1.5.8/dns64/dns64.c unbound-1.6.0/dns64/dns64.c --- unbound-1.5.8/dns64/dns64.c 2015-10-15 09:02:01.000000000 +0000 +++ unbound-1.6.0/dns64/dns64.c 2016-12-06 13:42:51.000000000 +0000 @@ -521,13 +521,14 @@ * - An internal query. * - A query for a record type other than AAAA. * - CD FLAG was set on querier - * - An AAAA query for which an error was returned. + * - An AAAA query for which an error was returned.(qstate.return_rcode) + * -> treated as servfail thus synthesize (sec 5.1.3 6147), thus + * synthesize in (sec 5.1.2 of RFC6147). * - A successful AAAA query with an answer. */ if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY || qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA || (qstate->query_flags & BIT_CD) - || qstate->return_rcode != LDNS_RCODE_NOERROR || (qstate->return_msg && qstate->return_msg->rep && reply_find_answer_rrset(&qstate->qinfo, @@ -824,8 +825,9 @@ } /* Store the generated response in cache. */ - if (!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep, - 0, 0, 0, NULL, super->query_flags)) + if (!super->no_cache_store && + !dns_cache_store(super->env, &super->qinfo, super->return_msg->rep, + 0, 0, 0, NULL, super->query_flags)) log_err("out of memory"); } @@ -871,7 +873,7 @@ * Function for returning the above function block. */ struct module_func_block * -dns64_get_funcblock() +dns64_get_funcblock(void) { return &dns64_block; } diff -Nru unbound-1.5.8/dnstap/dnstap.c unbound-1.6.0/dnstap/dnstap.c --- unbound-1.5.8/dnstap/dnstap.c 2016-01-27 17:12:26.000000000 +0000 +++ unbound-1.6.0/dnstap/dnstap.c 2016-03-21 09:04:21.000000000 +0000 @@ -475,7 +475,7 @@ return; dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE); } else { - if (!env->log_resolver_query_messages) + if (!env->log_resolver_response_messages) return; dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE); } diff -Nru unbound-1.5.8/doc/Changelog unbound-1.6.0/doc/Changelog --- unbound-1.5.8/doc/Changelog 2016-02-24 15:02:35.000000000 +0000 +++ unbound-1.6.0/doc/Changelog 2016-12-08 08:49:12.000000000 +0000 @@ -1,3 +1,541 @@ +8 December 2016: Wouter + - Fix downcast warnings from visual studio in sldns code. + +7 December 2016: Ralph + - Add DSA support for OpenSSL 1.1.0 + - Fix remote control without cert for LibreSSL + +6 December 2016: George + - Added generic EDNS code for registering known EDNS option codes, + bypassing the cache response stage and uniquifying mesh states. Four EDNS + option lists were added to module_qstate (module_qstate.edns_opts_*) to + store EDNS options from/to front/back side. + - Added two flags to module_qstate (no_cache_lookup, no_cache_store) that + control the modules' cache interactions. + - Added code for registering inplace callback functions. The registered + functions can be called just before replying with local data or Chaos, + replying from cache, replying with SERVFAIL, replying with a resolved + query, sending a query to a nameserver. The functions can inspect the + available data and maybe change response/query related data (i.e. append + EDNS options). + - Updated Python module for the above. + - Updated Python documentation. + +5 December 2016: Ralph + - Fix #1173: differ local-zone type deny from unset + tag_actions element. + +5 December 2016: Wouter + - Fix #1170: document that 'inform' local-zone uses local-data. + +1 December 2016: Ralph + - hyphen as minus fix, by Andreas Schulze + +30 November 2016: Ralph + - Added local-zones and local-data bulk addition and removal + functionality in unbound-control (local_zones, local_zones_remove, + local_datas and local_datas_remove). + - iana portlist update + +29 November 2016: Wouter + - version 1.6.0 is in the development branch. + - braces in view.c around lock statements. + +28 November 2016: Wouter + - new install-sh. + +25 November 2016: Wouter + - Fix that with openssl 1.1 control-use-cert: no uses less cpu, by + using no encryption over the unix socket. + +22 Novenber 2016: Ralph + - Make access-control-tag-data RDATA absolute. This makes the RDATA + origin consistent between local-data and access-control-tag-data. + - Fix NSEC ENT wildcard check. Matching wildcard does not have to be a + subdomain of the NSEC owner. + - QNAME minimisation uses QTYPE=A, therefore always check cache for + this type in harden-below-nxdomain functionality. + - Added unit test for QNAME minimisation + harden below nxdomain + synergy. + +22 November 2016: Wouter + - iana portlist update. + - Fix unit tests for DS hash processing for fake-dsa test option. + - patch from Dag-Erling Smorgrav that removes code that relies + on sbrk(). + +21 November 2016: Wouter + - Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing + Underneath" for the harden-below-nxdomain option. + +10 November 2016: Ralph + - Fix #1155: test status code of unbound-control in 04-checkconf, + not the status code from the tee command. + +4 November 2016: Ralph + - Added stub-ssl-upstream and forward-ssl-upstream options. + +4 November 2016: Wouter + - configure detects ssl security level API function in the autoconf + manner. Every function on its own, so that other libraries (eg. + LibreSSL) can develop their API without hindrance. + - Fix #1154: segfault when reading config with duplicate zones. + - Note that for harden-below-nxdomain the nxdomain must be secure, + this means nsec3 with optout is insufficient. + +3 November 2016: Ralph + - Set OpenSSL security level to 0 when using aNULL ciphers. + +3 November 2016: Wouter + - .gitattributes line for githubs code language display. + - log-identity: config option to set sys log identity, patch from + "Robin H. Johnson" + +2 November 2016: Wouter + - iana portlist update. + +31 October 2016: Wouter + - Fix failure to build on arm64 with no sbrk. + - iana portlist update. + +28 October 2016: Wouter + - Patch for server.num.zero_ttl stats for count of expired replies, + from Pavel Odintsov. + +26 October 2016: Wouter + - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled + with the undocumented switch 'fake-dsa'. It logs a warning. + +25 October 2016: Wouter + - Fix #1134: unbound-control set_option -- val-override-date: -1 works + immediately to ignore datetime, or back to 0 to enable it again. + The -- is to ignore the '-1' as an option flag. + +24 October 2016: Wouter + - serve-expired config option: serve expired responses with TTL 0. + - g.root-servers.net has AAAA address. + +21 October 2016: Wouter + - Ported tests for local_cname unit test to testbound framework. + +20 October 2016: Wouter + - suppress compile warning in lex files. + - init lzt variable, for older gcc compiler warnings. + - fix --enable-dsa to work, instead of copying ecdsa enable. + - Fix DNSSEC validation of query type ANY with DNAME answers. + - Fixup query_info local_alias init. + +19 October 2016: Wouter + - Fix #1130: whitespace in example.conf.in more consistent. + +18 October 2016: Wouter + - Patch that resolves CNAMEs entered in local-data conf statements that + point to data on the internet, from Jinmei Tatuya (Infoblox). + - Removed patch comments from acllist.c and msgencode.c + - Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, + from Jinmei Tatuya (Infoblox). + - Fix #1125: unbound could reuse an answer packet incorrectly for + clients with different EDNS parameters, from Jinmei Tatuya. + - Fix #1118: libunbound.pc sets strange Libs, Libs.private values. + - Added Requires line to libunbound.pc + - Please doxygen by modifying mesh.h + +17 October 2016: Wouter + - Re-fix #839 from view commit overwrite. + - Fixup const void cast warning. + +12 October 2016: Ralph + - Free view config elements. + +11 October 2016: Ralph + - Added qname-minimisation-strict config option. + - iana portlist update. + - fix memoryleak logfile when in debug mode. + +5 October 2016: Ralph + - Added views functionality. + - Fix #1117: spelling errors, from Robert Edmonds. + +30 September 2016: Wouter + - Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav. + +29 September 2016: Wouter + - Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX. + - Fix #839: Memory grows unexpectedly with large RPZ files. + - Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile. + - Fix #841: big local-zone's make it consume large amounts of memory. + +27 September 2016: Wouter + - tag for 1.5.10 release + - trunk contains 1.5.11 in development. + - Fix dnstap relaying "random" messages instead of resolver/forwarder + responses, from Nikolay Edigaryev. + - Fix #836: unbound could echo back EDNS options in an error response. + +20 September 2016: Wouter + - iana portlist update. + - Fix #835: fix --disable-dsa with nettle verify. + - tag for 1.5.10rc1 release. + +15 September 2016: Wouter + - Fix 883: error for duplicate local zone entry. + - Test for openssl init_crypto and init_ssl functions. + +15 September 2016: Ralph + - fix potential memory leak in daemon/remote.c and nullpointer + dereference in validator/autotrust. + - iana portlist update. + +13 September 2016: Wouter + - Silenced flex-generated sign-unsigned warning print with gcc + diagnostic pragma. + - Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len. + +9 September 2016: Wouter + - Fix #831: workaround for spurious fread_chk warning against petal.c + +5 September 2016: Ralph + - Take configured minimum TTL into consideration when reducing TTL + to original TTL from RRSIG. + +5 September 2016: Wouter + - Fix #829: doc of sldns_wire2str_rdata_buf() return value has an + off-by-one typo, from Jinmei Tatuya (Infoblox). + - Fix incomplete prototypes reported by Dag-Erling Smørgrav. + - Fix #828: missing type in access-control-tag-action redirect results + in NXDOMAIN. + +2 September 2016: Wouter + - Fix compile with openssl 1.1.0 with api=1.1.0. + +1 September 2016: Wouter + - RFC 7958 is now out, updated docs for unbound-anchor. + - Fix for compile without warnings with openssl 1.1.0. + - Fix #826: Fix refuse_non_local could result in a broken response. + - iana portlist update. + +29 August 2016: Wouter + - Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A. + Siewior. + - Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e. + +25 August 2016: Ralph + - Clarify local-zone-override entry in unbound.conf.5 + +25 August 2016: Wouter + - 64bit build option for makedist windows compile, -w64. + +24 August 2016: Ralph + - Fix #820: set sldns_str2wire_rr_buf() dual meaning len parameter + in each iteration in find_tag_datas(). + - unbound.conf.5 entries for define-tag, access-control-tag, + access-control-tag-action, access-control-tag-data, local-zone-tag, + and local-zone-override. + +23 August 2016: Wouter + - Fix #804: unbound stops responding after outage. Fixes queries + that attempt to wait for an empty list of subqueries. + - Fix #804: lower num_target_queries for iterator also for failed + lookups. + +8 August 2016: Wouter + - Note that OPENPGPKEY type is RFC 7929. + +4 August 2016: Wouter + - Fix #807: workaround for possible some "unused" function parameters + in test code, from Jinmei Tatuya. + +3 August 2016: Wouter + - use sendmsg instead of sendto for TFO. + +28 July 2016: Wouter + - Fix #806: wrong comment removed. + +26 July 2016: Wouter + - nicer ratelimit-below-domain explanation. + +22 July 2016: Wouter + - Fix #801: missing error condition handling in + daemon_create_workers(). + - Fix #802: workaround for function parameters that are "unused" + without log_assert. + - Fix #803: confusing (and incorrect) code comment in daemon_cleanup(). + +20 July 2016: Wouter + - Fix typo in unbound.conf. + +18 July 2016: Wouter + - Fix #798: Client-side TCP fast open fails (Linux). + +14 July 2016: Wouter + - TCP Fast open patch from Sara Dickinson. + - Fixed unbound.doxygen for 1.8.11. + +7 July 2016: Wouter + - access-control-tag-data implemented. verbose(4) prints tag debug. + +5 July 2016: Wouter + - Fix dynamic link of anchor-update.exe on windows. + - Fix detect of mingw for MXE package build. + - Fixes for 64bit windows compile. + - Fix #788 for nettle 3.0: Failed to build with Nettle >= 3.0 and + --with-libunbound-only --with-nettle. + +4 July 2016: Wouter + - For #787: prefer-ip6 option for unbound.conf prefers to send + upstream queries to ipv6 servers. + - Fix #787: outgoing-interface netblock/64 ipv6 option to use linux + freebind to use 64bits of entropy for every query with random local + part. + +30 June 2016: Wouter + - Document always_transparent, always_refuse, always_nxdomain types. + +29 June 2016: Wouter + - Fix static compile on windows missing gdi32. + +28 June 2016: Wouter + - Create a pkg-config file for libunbound in contrib. + +27 June 2016: Wouter + - Fix #784: Build configure assumess that having getpwnam means there + is endpwent function available. + - Updated repository with newer flex and bison output. + +24 June 2016: Ralph + - Possibility to specify local-zone type for an acl/tag pair + - Possibility to specify (override) local-zone type for a source address + block +16 June 2016: Ralph + - Decrease dp attempts at each QNAME minimisation iteration + +16 June 2016: Wouter + - Fix tcp timeouts in tv.usec. + +15 June 2016: Wouter + - TCP_TIMEOUT is specified in milliseconds. + - If more than half of tcp connections are in use, a shorter timeout + is used (200 msec, vs 2 minutes) to pressure tcp for new connects. + +14 June 2016: Ralph + - QNAME minimisation unit test for dropped QTYPE=A queries. + +14 June 2016: Wouter + - Fix 775: unbound-host and unbound-anchor crash on windows, ignore + null delete for wsaevent. + - Fix spelling in freebind option man page text. + - Fix windows link of ssl with crypt32. + - Fix 779: Union casting is non-portable. + - Fix 780: MAP_ANON not defined in HP-UX 11.31. + - Fix 781: prealloc() is an HP-UX system library call. + +13 June 2016: Ralph + - Use QTYPE=A for QNAME minimisation. + - Keep track of number of time-outs when performing QNAME minimisation. + Stop minimising when number of time-outs for a QNAME/QTYPE pair is + more than three. + +13 June 2016: Wouter + - Fix #778: unbound 1.5.9: -h segfault (null deref). + - Fix directory: fix for unbound-checkconf, it restores cwd. + +10 June 2016: Wouter + - And delete service.conf.shipped on uninstall. + - In unbound.conf directory: dir immediately changes to that directory, + so that include: file below that is relative to that directory. + With chroot, make the directory an absolute path inside chroot. + - keep debug symbols in windows build. + - do not delete service.conf on windows uninstall. + - document directory immediate fix and allow EXECUTABLE syntax in it + on windows. + +9 June 2016: Wouter + - Trunk is called 1.5.10 (with previous fixes already in there to 2 + june). + - Revert fix for NetworkService account on windows due to breakage + it causes. + - Fix that windows install will not overwrite existing service.conf + file (and ignore gui config choices if it exists). + +7 June 2016: Ralph + - Lookup localzones by taglist from acl. + - Possibility to lookup local_zone, regardless the taglist. + - Added local_zone/taglist/acl unit test. + +7 June 2016: Wouter + - Fix #773: Non-standard Python location build failure with pyunbound. + - Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures. + +6 June 2016: Wouter + - Better help text from -h (from Ray Griffith). + - access-control-tag config directive. + - local-zone-override config directive. + - access-control-tag-action and access-control-tag-data config + directives. + - free acl-tags, acltag-action and acltag-data config lists during + initialisation to free up memory for more entries. + +3 June 2016: Wouter + - Fix to not ignore return value of chown() in daemon startup. + +2 June 2016: Wouter + - Fix libubound for edns optlist feature. + - Fix distinction between free and CRYPTO_free in dsa and ecdsa alloc. + - Fix #752: retry resource temporarily unavailable on control pipe. + - un-document localzone tags. + - tag for release 1.5.9rc1. + And this also became release 1.5.9. + - Fix (for 1.5.10): Fix unbound-anchor.exe file location defaults to + Program Files with (x86) appended. + - re-documented localzone tags in example.conf. + +31 May 2016: Wouter + - Fix windows service to be created run with limited rights, as a + network service account, from Mario Turschmann. + - compat strsep implementation. + - generic edns option parse and store code. + - and also generic edns options for upstream messages (and replies). + after parse use edns_opt_find(edns.opt_list, LDNS_EDNS_NSID), + to insert use edns_opt_append(edns, region, code, len, bindata) on + the opt_list passed to send_query, or in edns_opt_inplace_reply. + +30 May 2016: Wouter + - Fix time in case answer comes from cache in ub_resolve_event(). + - Attempted fix for #765: _unboundmodule missing for python3. + +27 May 2016: Wouter + - Fix #770: Small subgroup attack on DH used in unix pipe on localhost + if unbound control uses a unix local named pipe. + - Document write permission to directory of trust anchor needed. + - Fix #768: Unbound Service Sometimes Can Not Shutdown + Completely, WER Report Shown Up. Close handle before closing WSA. + +26 May 2016: Wouter + - Updated patch from Charles Walker. + +24 May 2016: Wouter + - disable-dnssec-lame-check config option from Charles Walker. + - remove memory leak from lame-check patch. + - iana portlist update. + +23 May 2016: Wouter + - Fix #767: Reference to an expired Internet-Draft in + harden-below-nxdomain documentation. + +20 May 2016: Ralph + - No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC + signed zones. + - iana portlist update. + +19 May 2016: Wouter + - Fix #766: dns64 should synthesize results on timeout/errors. + +18 May 2016: Wouter + - Fix #761: DNSSEC LAME false positive resolving nic.club. + +17 May 2016: Wouter + - trunk updated with output of flex 2.6.0. + +6 May 2016: Wouter + - Fix memory leak in out-of-memory conditions of local zone add. + +29 April 2016: Wouter + - Fix sldns with static checking fixes copied from getdns. + +28 April 2016: Wouter + - Fix #759: 0x20 capsforid no longer checks type PTR, for + compatibility with cisco dns guard. This lowers false positives. + +18 April 2016: Wouter + - Fix some malformed reponses to edns queries get fallback to nonedns. + +15 April 2016: Wouter + - cachedb module event handling design. + +14 April 2016: Wouter + - cachedb module framework (empty). + - iana portlist update. + +12 April 2016: Wouter + - Fix #753: document dump_requestlist is for first thread. + +24 March 2016: Wouter + - Document permit-small-holddown for 5011 debug. + - Fix #749: unbound-checkconf gets SIGSEGV when use against a + malformatted conf file. + +23 March 2016: Wouter + - OpenSSL 1.1.0 portability, --disable-dsa configure option. + +21 March 2016: Wouter + - Fix compile of getentropy_linux for SLES11 servicepack 4. + - Fix dnstap-log-resolver-response-messages, from Nikolay Edigaryev. + - Fix test for openssl to use HMAC_Update for 1.1.0. + - acx_nlnetlabs.m4 to v33, with HMAC_Update. + - acx_nlnetlabs.m4 to v34, with -ldl -pthread test for libcrypto. + - ERR_remove_state deprecated since openssl 1.0.0. + - OPENSSL_config is deprecated, removing. + +18 March 2016: Ralph + - Validate QNAME minimised NXDOMAIN responses. + - If QNAME minimisation is enabled, do cache lookup for QTYPE NS in + harden-below-nxdomain. + +17 March 2016: Ralph + - Limit number of QNAME minimisation iterations. + +17 March 2016: Wouter + - Fix #746: Fix unbound sets CD bit on all forwards. + If no trust anchors, it'll not set CD bit when forwarding to another + server. If a trust anchor, no CD bit on the first attempt to a + forwarder, but CD bit thereafter on repeated attempts to get DNSSEC. + - iana portlist update. + +16 March 2016: Wouter + - Fix ip-transparent for ipv6 on FreeBSD, thanks to Nick Hibma. + - Fix ip-transparent for tcp on freebsd. + +15 March 2016: Wouter + - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for + binding to an IP address while the interface or address is down. + +14 March 2016: Wouter + - Fix warnings in ifdef corner case, older or unknown libevent. + - Fix compile for ub_event code with older libev. + +11 March 2016: Wouter + - Remove warning about unused parameter in event_pluggable.c. + - Fix libev usage of dispatch return value. + - No side effects in tolower() call, in case it is a macro. + - For test put free in pluggable api in parenthesis. + +10 March 2016: Wouter + - Fixup backend2str for libev. + +09 March 2016: Willem + - User defined pluggable event API for libunbound + - Fixup of compile fix for pluggable event API from P.Y. Adi + Prasaja. + +09 March 2016: Wouter + - Updated configure and ltmain.sh. + - Updated L root IPv6 address. + +07 March 2016: Wouter + - Fix #747: assert in outnet_serviced_query_stop. + - iana ports fetched via https. + - iana portlist update. + +03 March 2016: Wouter + - configure tests for the weak attribute support by the compiler. + +02 March 2016: Wouter + - 1.5.8 release tag + - trunk contains 1.5.9 in development. + - iana portlist update. + - Fix #745: unbound.py - idn2dname throws UnicodeError when idnname + contains trailing dot. + 24 February 2016: Wouter - Fix OpenBSD asynclook lock free that gets used later (fix test code). - Fix that NSEC3 negative cache is used when there is no salt. Binary files /tmp/tmpfQ2ho3/zzyxSVb8Ya/unbound-1.5.8/doc/CNAME-basedRedirectionDesignNotes.pdf and /tmp/tmpfQ2ho3/_uDKBmJkBQ/unbound-1.6.0/doc/CNAME-basedRedirectionDesignNotes.pdf differ diff -Nru unbound-1.5.8/doc/example.conf.in unbound-1.6.0/doc/example.conf.in --- unbound-1.5.8/doc/example.conf.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/example.conf.in 2016-12-15 08:20:11.000000000 +0000 @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.8. +# See unbound.conf(5) man page, version 1.6.0. # # this is a comment. @@ -53,6 +53,15 @@ # outgoing-interface: 2001:DB8::5 # outgoing-interface: 2001:DB8::6 + # Specify a netblock to use remainder 64 bits as random bits for + # upstream queries. Uses freebind option (Linux). + # outgoing-interface: 2001:DB8::/64 + # Also (Linux:) ip -6 addr add 2001:db8::/64 dev lo + # And: ip -6 route add local 2001:db8::/64 dev lo + # And set prefer-ip6: yes to use the ip6 randomness from a netblock. + # Set this to yes to prefer ipv6 upstream servers over ipv4. + # prefer-ip6: no + # number of ports to allocate per thread, determines the size of the # port range that can be open simultaneously. About double the # num-queries-per-thread, or, use as many as the OS will allow you. @@ -93,6 +102,11 @@ # (uses IP_BINDANY on FreeBSD). # ip-transparent: no + # use IP_FREEBIND so the interface: addresses can be non-local + # and you can bind to nonexisting IPs and interfaces that are down. + # Linux only. On Linux you also have ip-transparent that is similar. + # ip-freebind: no + # EDNS reassembly buffer to advertise to UDP peers (the actual buffer # is set with msg-buffer-size). 1480 can solve fragmentation (timeouts). # edns-buffer-size: 4096 @@ -158,6 +172,10 @@ # the maximum number of hosts that are cached (roundtrip, EDNS, lame). # infra-cache-numhosts: 10000 + # define a number of tags here, use with local-zone, access-control. + # repeat the define-tag statement to add additional tags. + # define-tag: "tag1 tag2 tag3" + # Enable IPv4, "yes" or "no". # do-ip4: yes @@ -198,6 +216,23 @@ # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow + # tag access-control with list of tags (in "" with spaces between) + # Clients using this access control element use localzones that + # are tagged with one of these tags. + # access-control-tag: 192.0.2.0/24 "tag2 tag3" + + # set action for particular tag for given access control element + # if you have multiple tag values, the tag used to lookup the action + # is the first tag match between access-control-tag and local-zone-tag + # where "first" comes from the order of the define-tag values. + # access-control-tag-action: 192.0.2.0/24 tag3 refuse + + # set redirect data for particular tag for access control element + # access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1" + + # Set view for access control element + # access-control-view: 192.0.2.0/24 viewname + # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, # for extra security, but make sure all files are in that directory. @@ -231,6 +266,8 @@ # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory # is not changed. + # If you give a server: directory: dir before include: file statements + # then those includes can be relative to the working directory. # directory: "@UNBOUND_RUN_DIR@" # the log file, "" means log to stderr. @@ -238,9 +275,13 @@ # logfile: "" # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to - # log to, with identity "unbound". If yes, it overrides the logfile. + # log to. If yes, it overrides the logfile. # use-syslog: yes + # Log identity to report. if empty, defaults to the name of argv[0] + # (usually "unbound"). + # log-identity: "" + # print UTC timestamp in ascii to logfile, default is epoch in seconds. # log-time-ascii: no @@ -294,7 +335,7 @@ # Harden against queries that fall under dnssec-signed nxdomain names. # harden-below-nxdomain: no - # Harden the referral path by performing additional queries for + # Harden the referral path by performing additional queries for # infrastructure data. Validates the replies (if possible). # Default off, because the lookups burden the server. Experimental # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. @@ -310,6 +351,12 @@ # to NS when possible. # qname-minimisation: no + # QNAME minimisation in strict mode. Do not fall-back to sending full + # QNAME to potentially broken nameservers. A lot of domains will not be + # resolvable when this option in enabled. + # This option only has effect when qname-minimisation is enabled. + # qname-minimisation-strict: no + # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no @@ -317,6 +364,7 @@ # Domains (and domains in them) without support for dns-0x20 and # the fallback fails because they keep sending different answers. # caps-whitelist: "licdn.com" + # caps-whitelist: "senderbase.org" # Enforce privacy of these addresses. Strips them away from answers. # It may cause DNSSEC validation to additionally mark it as bogus. @@ -364,6 +412,9 @@ # into response messages when those sections are not required. # minimal-responses: no + # true to disable DNSSEC lameness check in iterator. + # disable-dnssec-lame-check: no + # module configuration of the server. A string with identifiers # separated by spaces. Syntax: "[dns64] [validator] iterator" # module-config: "validator iterator" @@ -439,6 +490,10 @@ # that set CD but cannot validate themselves. # ignore-cd-flag: no + # Serve expired reponses from cache, with TTL 0 in the response, + # and then attempt to fetch the data afresh. + # serve-expired: no + # Have the validator log failed validations for your diagnosis. # 0: off. 1: A line per failed user query. 2: With reason and bad IP. # val-log-level: 0 @@ -459,7 +514,8 @@ # If the value 0 is given, missing anchors are not removed. # keep-missing: 31622400 # 366 days - # debug option that allows very small holddown times for key rollover + # debug option that allows very small holddown times for key rollover, + # otherwise the RFC mandates probe intervals must be at least 1 hour. # permit-small-holddown: no # the amount of memory to use for the key cache. @@ -539,8 +595,10 @@ # o redirect serves the zone data for any subdomain in the zone. # o nodefault can be used to normally resolve AS112 zones. # o typetransparent resolves normally for other types and other names - # o inform resolves normally, but logs client IP address + # o inform acts like transparent, but logs client IP address # o inform_deny drops queries and logs client IP address + # o always_transparent, always_refuse, always_nxdomain, resolve in + # that way but ignore local data for that name. # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones @@ -567,6 +625,12 @@ # you need to do the reverse notation yourself. # local-data-ptr: "192.0.2.3 www.example.com" + # tag a localzone with a list of tag names (in "" with spaces between) + # local-zone-tag: "example.com" "tag2 tag3" + + # add a netblock specific override to a localzone, with zone type + # local-zone-override: "example.com" 192.0.2.0/24 refuse + # service clients over SSL (on the TCP sockets), with plain DNS inside # the SSL stream. Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. @@ -600,7 +664,7 @@ # ratelimit-for-domain: example.com 1000 # override the ratelimits for all domains below a domain name # can give this multiple times, the name closest to the zone is used. - # ratelimit-below-domain: example 1000 + # ratelimit-below-domain: com 1000 # Python config section. To enable: # o use --with-pythonmodule to configure before compiling. @@ -653,6 +717,7 @@ # stub-addr: 192.0.2.68 # stub-prime: no # stub-first: no +# stub-ssl-upstream: no # stub-zone: # name: "example.org" # stub-host: ns.example.com. @@ -668,6 +733,23 @@ # forward-addr: 192.0.2.68 # forward-addr: 192.0.2.73@5355 # forward to port 5355. # forward-first: no +# forward-ssl-upstream: no # forward-zone: # name: "example.org" # forward-host: fwd.example.com + +# Views +# Create named views. Name must be unique. Map views to requests using +# the access-control-view option. Views can contain zero or more local-zone +# and local-data options. Options from matching views will override global +# options. Global options will be used if no matching view is found. +# With view-first yes, it will try to answer using the global local-zone and +# local-data elements if there is no view specific match. +# view: +# name: "viewname" +# local-zone: "example.com" redirect +# local-data: "example.com A 192.0.2.3" +# view-first: no +# view: +# name: "anotherview" +# local-zone: "example.com" refuse diff -Nru unbound-1.5.8/doc/libunbound.3.in unbound-1.6.0/doc/libunbound.3.in --- unbound-1.5.8/doc/libunbound.3.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/libunbound.3.in 2016-12-15 08:20:11.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Mar 2, 2016" "NLnet Labs" "unbound 1.5.8" +.TH "libunbound" "3" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -43,7 +43,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.8 functions. +\- Unbound DNS validating resolver 1.6.0 functions. .SH "SYNOPSIS" .B #include .LP @@ -180,7 +180,7 @@ .B ub_ctx_hosts to read them. Before you call this, use the openssl functions CRYPTO_set_id_callback and -CRYPTO_set_locking_callback to set up asyncronous operation if you use +CRYPTO_set_locking_callback to set up asynchronous operation if you use lib openssl (the application calls these functions once for initialisation). Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function. .TP diff -Nru unbound-1.5.8/doc/README unbound-1.6.0/doc/README --- unbound-1.5.8/doc/README 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/README 2016-12-15 08:20:10.000000000 +0000 @@ -1,4 +1,4 @@ -README for Unbound 1.5.8 +README for Unbound 1.6.0 Copyright 2007 NLnet Labs http://unbound.net diff -Nru unbound-1.5.8/doc/unbound.8.in unbound-1.6.0/doc/unbound.8.in --- unbound-1.5.8/doc/unbound.8.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/unbound.8.in 2016-12-15 08:20:10.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Mar 2, 2016" "NLnet Labs" "unbound 1.5.8" +.TH "unbound" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.5.8. +\- Unbound DNS validating resolver 1.6.0. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff -Nru unbound-1.5.8/doc/unbound-anchor.8.in unbound-1.6.0/doc/unbound-anchor.8.in --- unbound-1.5.8/doc/unbound-anchor.8.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/unbound-anchor.8.in 2016-12-15 08:20:10.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Mar 2, 2016" "NLnet Labs" "unbound 1.5.8" +.TH "unbound-anchor" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" @@ -16,6 +16,8 @@ .SH "DESCRIPTION" .B Unbound\-anchor performs setup or update of the root trust anchor for DNSSEC validation. +The program fetches the trust anchor with the method from RFC7958 when +regular RFC5011 update fails to bring it up to date. It can be run (as root) from the commandline, or run as part of startup scripts. Before you start the \fIunbound\fR(8) DNS server. .P @@ -39,8 +41,8 @@ .P It tests if the root anchor file works, and if not, and an update is possible, attempts to update the root anchor using the root update certificate. -It performs a https fetch of root-anchors.xml and checks the results, if -all checks are successful, it updates the root anchor file. Otherwise +It performs a https fetch of root-anchors.xml and checks the results (RFC7958), +if all checks are successful, it updates the root anchor file. Otherwise the root anchor file is unchanged. It performs RFC5011 tracking if the DNSSEC information available via the DNS makes that possible. .P @@ -65,7 +67,7 @@ .B \-u \fIname The server name, it connects to https://name. Specify without https:// prefix. The default is "data.iana.org". It connects to the port specified with \-P. -You can pass an IPv4 addres or IPv6 address (no brackets) if you want. +You can pass an IPv4 address or IPv6 address (no brackets) if you want. .TP .B \-x \fIpath The pathname to the root\-anchors.xml file on the server. (forms URL with \-u). diff -Nru unbound-1.5.8/doc/unbound-checkconf.8.in unbound-1.6.0/doc/unbound-checkconf.8.in --- unbound-1.5.8/doc/unbound-checkconf.8.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/unbound-checkconf.8.in 2016-12-15 08:20:10.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Mar 2, 2016" "NLnet Labs" "unbound 1.5.8" +.TH "unbound-checkconf" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff -Nru unbound-1.5.8/doc/unbound.conf.5.in unbound-1.6.0/doc/unbound.conf.5.in --- unbound-1.5.8/doc/unbound.conf.5.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/unbound.conf.5.in 2016-12-15 08:20:10.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Mar 2, 2016" "NLnet Labs" "unbound 1.5.8" +.TH "unbound.conf" "5" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -72,7 +72,8 @@ the config file at that point. If also using chroot, using full path names for the included files works, relative pathnames for the included names work if the directory where the daemon is started equals its chroot/working -directory. Wildcards can be used to include multiple files, see \fIglob\fR(7). +directory or is specified before the include statement with directory: dir. +Wildcards can be used to include multiple files, see \fIglob\fR(7). .SS "Server Options" These options are part of the .B server: @@ -126,7 +127,7 @@ feature is experimental, and needs support in your OS for particular socket options. Default value is no. .TP -.B outgoing\-interface: \fI +.B outgoing\-interface: \fI Interface to use to connect to the network. This interface is used to send queries to authoritative servers and receive their replies. Can be given multiple times to work on several interfaces. If none are given the @@ -136,12 +137,28 @@ .B outgoing\-interface: lines, the interfaces are then used for both purposes. Outgoing queries are sent via a random outgoing interface to counter spoofing. +.IP +If an IPv6 netblock is specified instead of an individual IPv6 address, +outgoing UDP queries will use a randomised source address taken from the +netblock to counter spoofing. Requires the IPv6 netblock to be routed to the +host running unbound, and requires OS support for unprivileged non-local binds +(currently only supported on Linux). Several netblocks may be specified with +multiple +.B outgoing\-interface: +options, but do not specify both an individual IPv6 address and an IPv6 +netblock, or the randomisation will be compromised. Consider combining with +.B prefer\-ip6: yes +to increase the likelihood of IPv6 nameservers being selected for queries. +On Linux you need these two commands to be able to use the freebind socket +option to receive traffic for the ip6 netblock: +ip \-6 addr add mynetblock/64 dev lo && +ip \-6 route add local mynetblock/64 dev lo .TP .B outgoing\-range: \fI Number of ports to open. This number of file descriptors can be opened per thread. Must be at least 1. Default depends on compile options. Larger numbers need extra resources from the operating system. For performance a -a very large value is best, use libevent to make this possible. +very large value is best, use libevent to make this possible. .TP .B outgoing\-port\-permit: \fI Permit unbound to open this port or range of ports for use to send queries. @@ -277,6 +294,13 @@ provides service on. This option needs unbound to be started with root permissions on some systems. The option uses IP_BINDANY on FreeBSD systems. .TP +.B ip\-freebind: \fI +If yes, then use IP_FREEBIND socket option on sockets where unbound +is listening to incoming traffic. Default no. Allows you to bind to +IP addresses that are nonlocal or do not exist, like when the network +interface or IP address is down. Exists only on Linux, where the similar +ip\-transparent option is also available. +.TP .B rrset\-cache\-size: \fI Number of bytes size of the RRset cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes @@ -322,6 +346,10 @@ cache. Default is 50 milliseconds. Increase this value if using forwarders needing more time to do recursive name resolution. .TP +.B define\-tag: \fI<"list of tags"> +Define the tags that can be used with local\-zone and access\-control. +Enclose the list between quotes ("") and put spaces between tags. +.TP .B do\-ip4: \fI Enable or disable whether ip4 queries are answered or issued. Default is yes. .TP @@ -332,6 +360,10 @@ ipv6 transport for sending DNS traffic, it does not impact the contents of the DNS traffic, which may have ip4 and ip6 addresses in it. .TP +.B prefer\-ip6: \fI +If enabled, prefer IPv6 transport for sending DNS queries to internet +nameservers. Default is no. +.TP .B do\-udp: \fI Enable or disable whether UDP queries are answered or issued. Default is yes. .TP @@ -425,6 +457,26 @@ messages that are disallowed are dropped, with refuse_non_local they receive error code REFUSED. .TP +.B access\-control\-tag: \fI <"list of tags"> +Assign tags to access-control elements. Clients using this access control +element use localzones that are tagged with one of these tags. Tags must be +defined in \fIdefine\-tags\fR. Enclose list of tags in quotes ("") and put +spaces between tags. If access\-control\-tag is configured for a netblock that +does not have an access\-control, an access\-control element with action +\fIallow\fR is configured for this netblock. +.TP +.B access\-control\-tag\-action: \fI +Set action for particular tag for given access control element. If you have +multiple tag values, the tag used to lookup the action is the first tag match +between access\-control\-tag and local\-zone\-tag where "first" comes from the +order of the define-tag values. +.TP +.B access\-control\-tag\-data: \fI <"resource record string"> +Set redirect data for particular tag for given access control element. +.TP +.B access\-control\-view: \fI +Set view for given access control element. +.TP .B chroot: \fI If chroot is enabled, you should pass the configfile (from the commandline) as a full path from the original root. After the @@ -462,6 +514,8 @@ Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@". On Windows the string "%EXECUTABLE%" tries to change to the directory that unbound.exe resides in. +If you give a server: directory: dir before include: file statements +then those includes can be relative to the working directory. .TP .B logfile: \fI If "" is given, logging goes to stderr, or nowhere once daemonized. @@ -480,6 +534,13 @@ The logfile setting is overridden when use\-syslog is turned on. The default is to log to syslog. .TP +.B log\-identity: \fI +If "" is given (default), then the name of the executable, usually "unbound" +is used to report to the log. Enter a string to override it +with that, which is useful on systems that run more than one instance of +unbound, with different configurations, so that the logs can be easily +distinguished against. +.TP .B log\-time\-ascii: \fI Sets logfile lines to use a timestamp in UTC ascii. Default is no, which prints the seconds since 1970 in brackets. No effect if using syslog, in @@ -563,13 +624,15 @@ downgrade attack that disables security for a zone. Default is on. .TP .B harden\-below\-nxdomain: \fI -From draft\-vixie\-dnsext\-resimprove, returns nxdomain to queries for a name +From RFC 8020 (with title "NXDOMAIN: There Really Is Nothing Underneath"), +returns nxdomain to queries for a name below another name that is already known to be nxdomain. DNSSEC mandates noerror for empty nonterminals, hence this is possible. Very old software might return nxdomain for empty nonterminals (that usually happen for reverse IP address lookups), and thus may be incompatible with this. To try to avoid this only DNSSEC-secure nxdomains are used, because the old software does not have DNSSEC. Default is off. +The nxdomain must be secure, this means nsec3 with optout is insufficient. .TP .B harden\-referral\-path: \fI Harden the referral path by performing additional queries for @@ -606,8 +669,15 @@ .B qname\-minimisation: \fI Send minimum amount of information to upstream servers to enhance privacy. Only sent minimum required labels of the QNAME and set QTYPE to NS when -possible. Best effort approach, full QNAME and original QTYPE will be sent when -upstream replies with a RCODE other than NOERROR. Default is off. +possible. Best effort approach; full QNAME and original QTYPE will be sent when +upstream replies with a RCODE other than NOERROR, except when receiving +NXDOMAIN from a DNSSEC signed zone. Default is off. +.TP +.B qname\-minimisation\-strict: \fI +QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to +potentially broken nameservers. A lot of domains will not be resolvable when +this option in enabled. Only use if you know what you are doing. +This option only has effect when qname-minimisation is enabled. Default is off. .TP .B private\-address: \fI Give IPv4 of IPv6 addresses or classless subnets. These are addresses @@ -673,6 +743,13 @@ protocol RFCs mandate these sections, and the additional content could be of use and save roundtrips for clients. .TP +.B disable-dnssec-lame-check: \fI +If true, disables the DNSSEC lameness check in the iterator. This check +sees if RRSIGs are present in the answer, when dnssec is expected, +and retries another authority if RRSIGs are unexpectedly missing. +The validator will insist in RRSIGs for DNSSEC signed domains regardless +of this setting, if a trust anchor is loaded. +.TP .B module\-config: \fI<"module names"> Module configuration, a list of module names separated by spaces, surround the string with quotes (""). The modules can be validator, iterator. @@ -691,7 +768,9 @@ The probes are several times per month, thus the machine must be online frequently. The initial file can be one with contents as described in \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, -so the unbound user must have write permission. +so the unbound user must have write permission. Write permission to the file, +but also to the directory it is in (to create a temporary file, which is +necessary to deal with filesystem full events). .TP .B trust\-anchor: \fI<"Resource Record"> A DS or DNSKEY RR for a key to use for validation. Multiple entries can be @@ -798,6 +877,11 @@ the clients, and then unbound provides them with DNSSEC protection. The default value is "no". .TP +.B serve\-expired: \fI +If enabled, unbound attempts to serve old responses from cache with a +TTL of 0 in the response without waiting for the actual resolution to finish. +The actual resolution answer ends up in the cache later on. Default is "no". +.TP .B val\-nsec3\-keysize\-iterations: \fI<"list of values"> List of keysize and iteration count values, separated by spaces, surrounded by quotes. Default is "1024 150 2048 500 4096 2500". This determines the @@ -866,6 +950,7 @@ Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, +always_transparent, always_refuse, always_nxdomain, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. @@ -916,16 +1001,25 @@ that users with web browsers cannot access sites with suffix example.com. .TP 10 \h'5'\fIinform\fR -The query is answered normally. The client IP address (@portnumber) -is printed to the logfile. The log message is: timestamp, unbound-pid, -info: zonename inform IP@port queryname type class. This option can be -used for normal resolution, but machines looking up infected names are -logged, eg. to run antivirus on them. +The query is answered normally, same as transparent. The client IP +address (@portnumber) is printed to the logfile. The log message is: +timestamp, unbound-pid, info: zonename inform IP@port queryname type +class. This option can be used for normal resolution, but machines +looking up infected names are logged, eg. to run antivirus on them. .TP 10 \h'5'\fIinform_deny\fR The query is dropped, like 'deny', and logged, like 'inform'. Ie. find infected machines without answering the queries. .TP 10 +\h'5'\fIalways_transparent\fR +Like transparent, but ignores local data and resolves normally. +.TP 10 +\h'5'\fIalways_refuse\fR +Like refuse, but ignores local data and refuses the query. +.TP 10 +\h'5'\fIalways_nxdomain\fR +Like static, but ignores local data and returns nxdomain for the query. +.TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option @@ -1043,6 +1137,18 @@ IPv6 address and the host name. For example "192.0.2.4 www.example.com". TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" .TP 5 +.B local\-zone\-tag: \fI <"list of tags"> +Assign tags to localzones. Tagged localzones will only be applied when the +used access-control element has a matching tag. Tags must be defined in +\fIdefine\-tags\fR. Enclose list of tags in quotes ("") and put spaces between +tags. +.TP 5 +.B local\-zone\-override: \fI +Override the localzone type for queries from addresses matching netblock. +Use this localzone type, regardless the type configured for the local-zone +(both tagged and untagged) and regardless the type configured using +access\-control\-tag\-action. +.TP 5 .B ratelimit: \fI Enable ratelimiting of queries sent to nameserver for performing recursion. If 0, the default, it is disabled. This option is experimental at this time. @@ -1197,6 +1303,10 @@ The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. +.TP +.B stub\-ssl\-upstream: \fI +Enabled or disable whether the queries to this stub use SSL for transport. +Default is no. .SS "Forward Zone Options" .LP There may be multiple @@ -1227,6 +1337,36 @@ The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. +.TP +.B forward\-ssl\-upstream: \fI +Enabled or disable whether the queries to this forwarder use SSL for transport. +Default is no. +.SS "View Options" +.LP +There may be multiple +.B view: +clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and +\fBlocal\-data\fR elements. View can be mapped to requests by specifying the view +name in an \fBaccess\-control\-view\fR element. Options from matching views will +override global options. Global options will be used if no matching view +is found. +.TP +.B name: \fI +Name of the view. Must be unique. This name is used in access\-control\-view +elements. +.TP +.B local\-zone: \fI +View specific local\-zone elements. Has the same types and behaviour as the +global local\-zone elements. +.TP +.B local\-data: \fI"" +View specific local\-data elements. Has the same behaviour as the global +local\-data elements. +.TP +.B view\-first: \fI +If enabled, it attempts to use the global local\-zone and local\-data if there +is no match in the view specific options. +The default is no. .SS "Python Module Options" .LP The diff -Nru unbound-1.5.8/doc/unbound-control.8.in unbound-1.6.0/doc/unbound-control.8.in --- unbound-1.5.8/doc/unbound-control.8.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/unbound-control.8.in 2016-12-15 08:20:10.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Mar 2, 2016" "NLnet Labs" "unbound 1.5.8" +.TH "unbound-control" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -99,6 +99,22 @@ domain names below the removed name), NOERROR nodata answers are the result for that name. .TP +.B local_zones +Add local zones read from stdin of unbound\-control. Input is read per line, +with name space type on a line. For bulk additions. +.TP +.B local_zones_remove +Remove local zones read from stdin of unbound\-control. Input is one name per +line. For bulk removals. +.TP +.B local_datas +Add local data RRs read from stdin of unbound\-control. Input is one RR per +line. For bulk additions. +.TP +.B local_datas_remove +Remove local data RRs read from stdin of unbound\-control. Input is one name per +line. For bulk removals. +.TP .B dump_cache The contents of the cache is printed in a text format to stdout. You can redirect it to a file to store the cache in a file. @@ -263,6 +279,21 @@ just the ratelimited domains, with their estimated qps. The ratelimited domains return an error for uncached (new) queries, but cached queries work as normal. +.TP +.B view_list_local_zones \fIview\fR +\fIlist_local_zones\fR for given view. +.TP +.B view_local_zone \fIview\fR \fIname\fR \fItype +\fIlocal_zone\fR for given view. +.TP +.B view_local_zone_remove \fIview\fR \fIname +\fIlocal_zone_remove\fR for given view. +.TP +.B view_local_data \fIview\fR \fIRR data... +\fIlocal_data\fR for given view. +.TP +.B view_local_data_remove \fIview\fR \fIname +\fIlocal_data_remove\fR for given view. .SH "EXIT CODE" The unbound\-control program exits with status code 1 on error, 0 on success. .SH "SET UP" @@ -301,6 +332,9 @@ Not part of the recursivereplies (or the histogram thereof) or cachemiss, as a cache response was sent. .TP +.I threadX.num.zero_ttl +number of replies with ttl zero, because they served an expired cache entry. +.TP .I threadX.num.recursivereplies The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries. .TP @@ -350,6 +384,9 @@ .I total.num.prefetch summed over threads. .TP +.I total.num.zero_ttl +summed over threads. +.TP .I total.num.recursivereplies summed over threads. .TP @@ -384,9 +421,6 @@ time since last statistics printout, in seconds. .SH EXTENDED STATISTICS .TP -.I mem.total.sbrk -If sbrk(2) is available, an estimate of the heap size of the program in number of bytes. Close to the total memory used by the program, as reported by top and ps. Could be wrong if the OS allocates memory non\-contiguously. -.TP .I mem.cache.rrset Memory in bytes in use by the RRset cache. .TP diff -Nru unbound-1.5.8/doc/unbound.doxygen unbound-1.6.0/doc/unbound.doxygen --- unbound-1.5.8/doc/unbound.doxygen 2014-08-18 14:50:59.000000000 +0000 +++ unbound-1.6.0/doc/unbound.doxygen 2016-07-14 11:26:30.000000000 +0000 @@ -623,7 +623,9 @@ pythonmod/examples/resip.py \ libunbound/python/unbound.py \ libunbound/python/libunbound_wrap.c \ - ./ldns-src + ./ldns-src \ + doc/control_proto_spec.txt \ + doc/requirements.txt # The EXCLUDE_SYMLINKS tag can be used select whether or not files or # directories that are symbolic links (a Unix filesystem feature) are excluded diff -Nru unbound-1.5.8/doc/unbound-host.1.in unbound-1.6.0/doc/unbound-host.1.in --- unbound-1.5.8/doc/unbound-host.1.in 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/doc/unbound-host.1.in 2016-12-15 08:20:10.000000000 +0000 @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Mar 2, 2016" "NLnet Labs" "unbound 1.5.8" +.TH "unbound\-host" "1" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff -Nru unbound-1.5.8/.gitattributes unbound-1.6.0/.gitattributes --- unbound-1.5.8/.gitattributes 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/.gitattributes 2016-11-03 08:29:29.000000000 +0000 @@ -0,0 +1 @@ +testdata/*.[0-9] linguist-documentation diff -Nru unbound-1.5.8/iterator/iterator.c unbound-1.6.0/iterator/iterator.c --- unbound-1.5.8/iterator/iterator.c 2015-12-07 15:56:47.000000000 +0000 +++ unbound-1.6.0/iterator/iterator.c 2016-12-06 13:42:51.000000000 +0000 @@ -82,20 +82,6 @@ log_err("iterator: could not apply configuration settings."); return 0; } - if(env->cfg->qname_minimisation) { - uint8_t dname[LDNS_MAX_DOMAINLEN+1]; - size_t len = sizeof(dname); - if(sldns_str2wire_dname_buf("ip6.arpa.", dname, &len) != 0) { - log_err("ip6.arpa. parse error"); - return 0; - } - iter_env->ip6arpa_dname = (uint8_t*)malloc(len); - if(!iter_env->ip6arpa_dname) { - log_err("malloc failure"); - return 0; - } - memcpy(iter_env->ip6arpa_dname, dname, len); - } return 1; } @@ -117,7 +103,6 @@ if(!env || !env->modinfo[id]) return; iter_env = (struct iter_env*)env->modinfo[id]; - free(iter_env->ip6arpa_dname); free(iter_env->target_fetch_policy); priv_delete(iter_env->priv); donotq_delete(iter_env->donotq); @@ -162,6 +147,8 @@ /* Start with the (current) qname. */ iq->qchase = qstate->qinfo; outbound_list_init(&iq->outlist); + iq->minimise_count = 0; + iq->minimise_timeout_count = 0; if (qstate->env->cfg->qname_minimisation) iq->minimisation_state = INIT_MINIMISE_STATE; else @@ -229,6 +216,7 @@ qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) { /* mark address as failed. */ struct delegpt_ns* dpns = NULL; + super_iq->num_target_queries--; if(super_iq->dp) dpns = delegpt_find_ns(super_iq->dp, qstate->qinfo.qname, qstate->qinfo.qname_len); @@ -242,13 +230,11 @@ return; } else { /* see if the failure did get (parent-lame) info */ - if(!cache_fill_missing(super->env, - super_iq->qchase.qclass, super->region, - super_iq->dp)) + if(!cache_fill_missing(super->env, super_iq->qchase.qclass, + super->region, super_iq->dp)) log_err("out of memory adding missing"); } dpns->resolved = 1; /* mark as failed */ - super_iq->num_target_queries--; } if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS) { /* prime failed to get delegation */ @@ -291,27 +277,29 @@ static int error_response_cache(struct module_qstate* qstate, int id, int rcode) { - /* store in cache */ - struct reply_info err; - if(qstate->prefetch_leeway > NORR_TTL) { - verbose(VERB_ALGO, "error response for prefetch in cache"); - /* attempt to adjust the cache entry prefetch */ - if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo, - NORR_TTL, qstate->query_flags)) - return error_response(qstate, id, rcode); - /* if that fails (not in cache), fall through to store err */ - } - memset(&err, 0, sizeof(err)); - err.flags = (uint16_t)(BIT_QR | BIT_RA); - FLAGS_SET_RCODE(err.flags, rcode); - err.qdcount = 1; - err.ttl = NORR_TTL; - err.prefetch_ttl = PREFETCH_TTL_CALC(err.ttl); - /* do not waste time trying to validate this servfail */ - err.security = sec_status_indeterminate; - verbose(VERB_ALGO, "store error response in message cache"); - iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, - qstate->query_flags); + if(!qstate->no_cache_store) { + /* store in cache */ + struct reply_info err; + if(qstate->prefetch_leeway > NORR_TTL) { + verbose(VERB_ALGO, "error response for prefetch in cache"); + /* attempt to adjust the cache entry prefetch */ + if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo, + NORR_TTL, qstate->query_flags)) + return error_response(qstate, id, rcode); + /* if that fails (not in cache), fall through to store err */ + } + memset(&err, 0, sizeof(err)); + err.flags = (uint16_t)(BIT_QR | BIT_RA); + FLAGS_SET_RCODE(err.flags, rcode); + err.qdcount = 1; + err.ttl = NORR_TTL; + err.prefetch_ttl = PREFETCH_TTL_CALC(err.ttl); + /* do not waste time trying to validate this servfail */ + err.security = sec_status_indeterminate; + verbose(VERB_ALGO, "store error response in message cache"); + iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, + qstate->query_flags); + } return error_response(qstate, id, rcode); } @@ -564,6 +552,7 @@ qinf.qname_len = qnamelen; qinf.qtype = qtype; qinf.qclass = qclass; + qinf.local_alias = NULL; /* RD should be set only when sending the query back through the INIT * state. */ @@ -981,7 +970,7 @@ { uint8_t* delname; size_t delnamelen; - struct dns_msg* msg; + struct dns_msg* msg = NULL; log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ @@ -1021,13 +1010,13 @@ * getting older results from cache is a bad idea, no cache */ verbose(VERB_ALGO, "cache blacklisted, going to the network"); msg = NULL; - } else { + } else if(!qstate->no_cache_lookup) { msg = dns_cache_lookup(qstate->env, iq->qchase.qname, iq->qchase.qname_len, iq->qchase.qtype, iq->qchase.qclass, qstate->query_flags, qstate->region, qstate->env->scratch); if(!msg && qstate->env->neg_cache) { - /* lookup in negative cache; may result in + /* lookup in negative cache; may result in * NOERROR/NODATA or NXDOMAIN answers that need validation */ msg = val_neg_getmsg(qstate->env->neg_cache, &iq->qchase, qstate->region, qstate->env->rrset_cache, @@ -1713,10 +1702,11 @@ /* if this was a parent-side glue query itself, then store that * failure in cache. */ - if(iq->query_for_pside_glue && !iq->pside_glue) - iter_store_parentside_neg(qstate->env, &qstate->qinfo, - iq->deleg_msg?iq->deleg_msg->rep: - (iq->response?iq->response->rep:NULL)); + if(!qstate->no_cache_store && iq->query_for_pside_glue + && !iq->pside_glue) + iter_store_parentside_neg(qstate->env, &qstate->qinfo, + iq->deleg_msg?iq->deleg_msg->rep: + (iq->response?iq->response->rep:NULL)); verbose(VERB_QUERY, "out of query targets -- returning SERVFAIL"); /* fail -- no more targets, no more hope of targets, no hope @@ -2009,9 +1999,10 @@ } if(iq->minimisation_state == INIT_MINIMISE_STATE) { - /* (Re)set qinfo_out to (new) delegation point, except - * when qinfo_out is already a subdomain of dp. This happens - * when resolving ip6.arpa dnames. */ + /* (Re)set qinfo_out to (new) delegation point, except when + * qinfo_out is already a subdomain of dp. This happens when + * increasing by more than one label at once (QNAMEs with more + * than MAX_MINIMISE_COUNT labels). */ if(!(iq->qinfo_out.qname_len && dname_subdomain_c(iq->qchase.qname, iq->qinfo_out.qname) @@ -2019,30 +2010,53 @@ iq->dp->name))) { iq->qinfo_out.qname = iq->dp->name; iq->qinfo_out.qname_len = iq->dp->namelen; - iq->qinfo_out.qtype = LDNS_RR_TYPE_NS; + iq->qinfo_out.qtype = LDNS_RR_TYPE_A; iq->qinfo_out.qclass = iq->qchase.qclass; + iq->qinfo_out.local_alias = NULL; + iq->minimise_count = 0; } iq->minimisation_state = MINIMISE_STATE; } if(iq->minimisation_state == MINIMISE_STATE) { - int labdiff = dname_count_labels(iq->qchase.qname) - + int qchaselabs = dname_count_labels(iq->qchase.qname); + int labdiff = qchaselabs - dname_count_labels(iq->qinfo_out.qname); iq->qinfo_out.qname = iq->qchase.qname; iq->qinfo_out.qname_len = iq->qchase.qname_len; + iq->minimise_count++; + iq->minimise_timeout_count = 0; + + iter_dec_attempts(iq->dp, 1); - /* Special treatment for ip6.arpa lookups. - * Reverse IPv6 dname has 34 labels, increment the IP part - * (usually first 32 labels) by 8 labels (7 more than the - * default 1 label increment). */ - if(labdiff <= 32 && - dname_subdomain_c(iq->qchase.qname, ie->ip6arpa_dname)) { - labdiff -= 7; - /* Small chance of zone cut after first label. Stop - * minimising */ - if(labdiff <= 1) - labdiff = 0; + /* Limit number of iterations for QNAMEs with more + * than MAX_MINIMISE_COUNT labels. Send first MINIMISE_ONE_LAB + * labels of QNAME always individually. + */ + if(qchaselabs > MAX_MINIMISE_COUNT && labdiff > 1 && + iq->minimise_count > MINIMISE_ONE_LAB) { + if(iq->minimise_count < MAX_MINIMISE_COUNT) { + int multilabs = qchaselabs - 1 - + MINIMISE_ONE_LAB; + int extralabs = multilabs / + MINIMISE_MULTIPLE_LABS; + + if (MAX_MINIMISE_COUNT - iq->minimise_count >= + multilabs % MINIMISE_MULTIPLE_LABS) + /* Default behaviour is to add 1 label + * every iteration. Therefore, decrement + * the extralabs by 1 */ + extralabs--; + if (extralabs < labdiff) + labdiff -= extralabs; + else + labdiff = 1; + } + /* Last minimised iteration, send all labels with + * QTYPE=NS */ + else + labdiff = 1; } if(labdiff > 1) { @@ -2051,11 +2065,12 @@ &iq->qinfo_out.qname_len, labdiff-1); } - if(labdiff < 1 || - (labdiff < 2 && iq->qchase.qtype == LDNS_RR_TYPE_DS)) + if(labdiff < 1 || (labdiff < 2 + && (iq->qchase.qtype == LDNS_RR_TYPE_DS + || iq->qchase.qtype == LDNS_RR_TYPE_A))) /* Stop minimising this query, resolve "as usual" */ iq->minimisation_state = DONOT_MINIMISE_STATE; - else { + else if(!qstate->no_cache_lookup) { struct dns_msg* msg = dns_cache_lookup(qstate->env, iq->qinfo_out.qname, iq->qinfo_out.qname_len, iq->qinfo_out.qtype, iq->qinfo_out.qclass, @@ -2068,12 +2083,18 @@ * cached as NOERROR/NODATA */ return 1; } - } - if(iq->minimisation_state == SKIP_MINIMISE_STATE) - /* Do not increment qname, continue incrementing next - * iteration */ - iq->minimisation_state = MINIMISE_STATE; + if(iq->minimisation_state == SKIP_MINIMISE_STATE) { + iq->minimise_timeout_count++; + if(iq->minimise_timeout_count < MAX_MINIMISE_TIMEOUT_COUNT) + /* Do not increment qname, continue incrementing next + * iteration */ + iq->minimisation_state = MINIMISE_STATE; + else if(!qstate->env->cfg->qname_minimisation_strict) + /* Too many time-outs detected for this QNAME and QTYPE. + * We give up, disable QNAME minimisation. */ + iq->minimisation_state = DONOT_MINIMISE_STATE; + } if(iq->minimisation_state == DONOT_MINIMISE_STATE) iq->qinfo_out = iq->qchase; @@ -2087,13 +2108,18 @@ iq->dnssec_lame_query?" but lame_query anyway": ""); } fptr_ok(fptr_whitelist_modenv_send_query(qstate->env->send_query)); - outq = (*qstate->env->send_query)( - iq->qinfo_out.qname, iq->qinfo_out.qname_len, - iq->qinfo_out.qtype, iq->qinfo_out.qclass, - iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), EDNS_DO|BIT_CD, + outq = (*qstate->env->send_query)(&iq->qinfo_out, + iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), + /* unset CD if to forwarder(RD set) and not dnssec retry + * (blacklist nonempty) and no trust-anchors are configured + * above the qname or on the first attempt when dnssec is on */ + EDNS_DO| ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&& + !qstate->blacklist&&(!iter_indicates_dnssec_fwd(qstate->env, + &iq->qinfo_out)||target->attempts==1)?0:BIT_CD), iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted( - ie, iq), &target->addr, target->addrlen, iq->dp->name, - iq->dp->namelen, qstate); + ie, iq), &target->addr, target->addrlen, + iq->dp->name, iq->dp->namelen, + (iq->dp->ssl_upstream || qstate->env->cfg->ssl_upstream), qstate); if(!outq) { log_addr(VERB_DETAIL, "error sending query to auth server", &target->addr, target->addrlen); @@ -2145,7 +2171,7 @@ iq->num_current_queries--; if(iq->response == NULL) { /* Don't increment qname when QNAME minimisation is enabled */ - if (qstate->env->cfg->qname_minimisation) + if(qstate->env->cfg->qname_minimisation) iq->minimisation_state = SKIP_MINIMISE_STATE; iq->chase_to_rd = 0; iq->dnssec_lame_query = 0; @@ -2161,8 +2187,10 @@ * differently. No queries should be sent elsewhere */ type = RESPONSE_TYPE_ANSWER; } - if(iq->dnssec_expected && !iq->dnssec_lame_query && + if(!qstate->env->cfg->disable_dnssec_lame_check && iq->dnssec_expected + && !iq->dnssec_lame_query && !(iq->chase_flags&BIT_RD) + && iq->sent_count < DNSSEC_LAME_DETECT_COUNT && type != RESPONSE_TYPE_LAME && type != RESPONSE_TYPE_REC_LAME && type != RESPONSE_TYPE_THROWAWAY @@ -2232,10 +2260,11 @@ iq->num_target_queries = 0; return processDSNSFind(qstate, iq, id); } - iter_dns_store(qstate->env, &iq->response->qinfo, - iq->response->rep, 0, qstate->prefetch_leeway, - iq->dp&&iq->dp->has_parent_side_NS, - qstate->region, qstate->query_flags); + if(!qstate->no_cache_store) + iter_dns_store(qstate->env, &iq->response->qinfo, + iq->response->rep, 0, qstate->prefetch_leeway, + iq->dp&&iq->dp->has_parent_side_NS, + qstate->region, qstate->query_flags); /* close down outstanding requests to be discarded */ outbound_list_clear(&iq->outlist); iq->num_current_queries = 0; @@ -2248,12 +2277,44 @@ &qstate->reply->addr, qstate->reply->addrlen, qstate->region); if(iq->minimisation_state != DONOT_MINIMISE_STATE) { - /* Best effort qname-minimisation. - * Stop minimising and send full query when RCODE - * is not NOERROR */ if(FLAGS_GET_RCODE(iq->response->rep->flags) != - LDNS_RCODE_NOERROR) + LDNS_RCODE_NOERROR) { + if(qstate->env->cfg->qname_minimisation_strict) + return final_state(iq); + /* Best effort qname-minimisation. + * Stop minimising and send full query when + * RCODE is not NOERROR. */ iq->minimisation_state = DONOT_MINIMISE_STATE; + } + if(FLAGS_GET_RCODE(iq->response->rep->flags) == + LDNS_RCODE_NXDOMAIN) { + /* Stop resolving when NXDOMAIN is DNSSEC + * signed. Based on assumption that namservers + * serving signed zones do not return NXDOMAIN + * for empty-non-terminals. */ + if(iq->dnssec_expected) + return final_state(iq); + /* Make subrequest to validate intermediate + * NXDOMAIN if harden-below-nxdomain is + * enabled. */ + if(qstate->env->cfg->harden_below_nxdomain) { + struct module_qstate* subq = NULL; + log_query_info(VERB_QUERY, + "schedule NXDOMAIN validation:", + &iq->response->qinfo); + if(!generate_sub_request( + iq->response->qinfo.qname, + iq->response->qinfo.qname_len, + iq->response->qinfo.qtype, + iq->response->qinfo.qclass, + qstate, id, iq, + INIT_REQUEST_STATE, + FINISHED_STATE, &subq, 1)) + verbose(VERB_ALGO, + "could not validate NXDOMAIN " + "response"); + } + } return next_state(iq, QUERYTARGETS_STATE); } return final_state(iq); @@ -2271,7 +2332,8 @@ } /* if hardened, only store referral if we asked for it */ - if(!qstate->env->cfg->harden_referral_path || + if(!qstate->no_cache_store && + (!qstate->env->cfg->harden_referral_path || ( qstate->qinfo.qtype == LDNS_RR_TYPE_NS && (qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD) @@ -2286,7 +2348,7 @@ iq->qchase.qname, iq->qchase.qname_len, LDNS_RR_TYPE_NS, iq->qchase.qclass) ) - )) { + ))) { /* Store the referral under the current query */ /* no prefetch-leeway, since its not the answer */ iter_dns_store(qstate->env, &iq->response->qinfo, @@ -2299,16 +2361,17 @@ iq->response->rep, iq->dp->name); } /* store parent-side-in-zone-glue, if directly queried for */ - if(iq->query_for_pside_glue && !iq->pside_glue) { - iq->pside_glue = reply_find_rrset(iq->response->rep, - iq->qchase.qname, iq->qchase.qname_len, - iq->qchase.qtype, iq->qchase.qclass); - if(iq->pside_glue) { - log_rrset_key(VERB_ALGO, "found parent-side " - "glue", iq->pside_glue); - iter_store_parentside_rrset(qstate->env, - iq->pside_glue); - } + if(!qstate->no_cache_store && iq->query_for_pside_glue + && !iq->pside_glue) { + iq->pside_glue = reply_find_rrset(iq->response->rep, + iq->qchase.qname, iq->qchase.qname_len, + iq->qchase.qtype, iq->qchase.qclass); + if(iq->pside_glue) { + log_rrset_key(VERB_ALGO, "found parent-side " + "glue", iq->pside_glue); + iter_store_parentside_rrset(qstate->env, + iq->pside_glue); + } } /* Reset the event state, setting the current delegation @@ -2389,10 +2452,11 @@ /* NOTE : set referral=1, so that rrsets get stored but not * the partial query answer (CNAME only). */ /* prefetchleeway applied because this updates answer parts */ - iter_dns_store(qstate->env, &iq->response->qinfo, - iq->response->rep, 1, qstate->prefetch_leeway, - iq->dp&&iq->dp->has_parent_side_NS, NULL, - qstate->query_flags); + if(!qstate->no_cache_store) + iter_dns_store(qstate->env, &iq->response->qinfo, + iq->response->rep, 1, qstate->prefetch_leeway, + iq->dp&&iq->dp->has_parent_side_NS, NULL, + qstate->query_flags); /* set the current request's qname to the new value. */ iq->qchase.qname = sname; iq->qchase.qname_len = snamelen; @@ -2471,7 +2535,8 @@ /* LAME, THROWAWAY and "unknown" all end up here. * Recycle to the QUERYTARGETS state to hopefully try a * different target. */ - if (qstate->env->cfg->qname_minimisation) + if (qstate->env->cfg->qname_minimisation && + !qstate->env->cfg->qname_minimisation_strict) iq->minimisation_state = DONOT_MINIMISE_STATE; return next_state(iq, QUERYTARGETS_STATE); } @@ -2605,6 +2670,10 @@ log_query_info(VERB_ALGO, "processTargetResponse", &qstate->qinfo); log_query_info(VERB_ALGO, "processTargetResponse super", &forq->qinfo); + /* Tell the originating event that this target query has finished + * (regardless if it succeeded or not). */ + foriq->num_target_queries--; + /* check to see if parent event is still interested (in orig name). */ if(!foriq->dp) { verbose(VERB_ALGO, "subq: parent not interested, was reset"); @@ -2620,10 +2689,6 @@ return; } - /* Tell the originating event that this target query has finished - * (regardless if it succeeded or not). */ - foriq->num_target_queries--; - /* if iq->query_for_pside_glue then add the pside_glue (marked lame) */ if(iq->pside_glue) { /* if the pside_glue is NULL, then it could not be found, @@ -2871,10 +2936,11 @@ &qstate->qinfo); /* store negative cache element for parent side glue. */ - if(iq->query_for_pside_glue && !iq->pside_glue) - iter_store_parentside_neg(qstate->env, &qstate->qinfo, - iq->deleg_msg?iq->deleg_msg->rep: - (iq->response?iq->response->rep:NULL)); + if(!qstate->no_cache_store && iq->query_for_pside_glue + && !iq->pside_glue) + iter_store_parentside_neg(qstate->env, &qstate->qinfo, + iq->deleg_msg?iq->deleg_msg->rep: + (iq->response?iq->response->rep:NULL)); if(!iq->response) { verbose(VERB_ALGO, "No response is set, servfail"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); @@ -2910,7 +2976,7 @@ /* store message with the finished prepended items, * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ - if(qstate->query_flags&BIT_RD) { + if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { iter_dns_store(qstate->env, &qstate->qinfo, iq->response->rep, 0, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, @@ -3082,8 +3148,21 @@ goto handle_it; } /* edns is not examined, but removed from message to help cache */ - if(parse_extract_edns(prs, &edns) != LDNS_RCODE_NOERROR) + if(parse_extract_edns(prs, &edns, qstate->env->scratch) != + LDNS_RCODE_NOERROR) goto handle_it; + + /* Copy the edns options we may got from the back end */ + if(edns.opt_list) { + qstate->edns_opts_back_in = edns_opt_copy_region(edns.opt_list, + qstate->region); + if(!qstate->edns_opts_back_in) { + log_err("out of memory on incoming message"); + /* like packet got dropped */ + goto handle_it; + } + } + /* remove CD-bit, we asked for in case we handle validation ourself */ prs->flags &= ~BIT_CD; diff -Nru unbound-1.5.8/iterator/iterator.h unbound-1.6.0/iterator/iterator.h --- unbound-1.5.8/iterator/iterator.h 2015-11-30 16:10:26.000000000 +0000 +++ unbound-1.6.0/iterator/iterator.h 2016-06-13 13:06:35.000000000 +0000 @@ -61,6 +61,23 @@ #define MAX_REFERRAL_COUNT 130 /** max number of queries-sent-out. Make sure large NS set does not loop */ #define MAX_SENT_COUNT 32 +/** max number of queries for which to perform dnsseclameness detection, + * (rrsigs misssing detection) after that, just pick up that response */ +#define DNSSEC_LAME_DETECT_COUNT 4 +/** + * max number of QNAME minimisation iterations. Limits number of queries for + * QNAMEs with a lot of labels. +*/ +#define MAX_MINIMISE_COUNT 10 +/* max number of time-outs for minimised query. Prevents resolving failures + * when the QNAME minimisation QTYPE is blocked. */ +#define MAX_MINIMISE_TIMEOUT_COUNT 3 +/** + * number of labels from QNAME that are always send individually when using + * QNAME minimisation, even when the number of labels of the QNAME is bigger + * tham MAX_MINIMISE_COUNT */ +#define MINIMISE_ONE_LAB 4 +#define MINIMISE_MULTIPLE_LABS (MAX_MINIMISE_COUNT - MINIMISE_ONE_LAB) /** at what query-sent-count to stop target fetch policy */ #define TARGET_FETCH_STOP 3 /** how nice is a server without further information, in msec @@ -349,7 +366,7 @@ /** list of pending queries to authoritative servers. */ struct outbound_list outlist; - /** QNAME minimisation state */ + /** QNAME minimisation state, RFC7816 */ enum minimisation_state minimisation_state; /** @@ -357,6 +374,17 @@ * when qname minimisation is enabled. */ struct query_info qinfo_out; + + /** + * Count number of QNAME minisation iterations. Used to limit number of + * outgoing queries when QNAME minimisation is enabled. + */ + int minimise_count; + + /** + * Count number of time-outs. Used to prevent resolving failures when + * the QNAME minimisation QTYPE is blocked. */ + int minimise_timeout_count; }; /** diff -Nru unbound-1.5.8/iterator/iter_delegpt.c unbound-1.6.0/iterator/iter_delegpt.c --- unbound-1.5.8/iterator/iter_delegpt.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/iterator/iter_delegpt.c 2016-11-04 12:07:52.000000000 +0000 @@ -72,6 +72,7 @@ return NULL; copy->bogus = dp->bogus; copy->has_parent_side_NS = dp->has_parent_side_NS; + copy->ssl_upstream = dp->ssl_upstream; for(ns = dp->nslist; ns; ns = ns->next) { if(!delegpt_add_ns(copy, region, ns->name, ns->lame)) return NULL; diff -Nru unbound-1.5.8/iterator/iter_delegpt.h unbound-1.6.0/iterator/iter_delegpt.h --- unbound-1.5.8/iterator/iter_delegpt.h 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/iterator/iter_delegpt.h 2016-11-04 12:07:52.000000000 +0000 @@ -81,6 +81,8 @@ uint8_t has_parent_side_NS; /** for assertions on type of delegpt */ uint8_t dp_type_mlc; + /** use SSL for upstream query */ + uint8_t ssl_upstream; }; /** @@ -355,7 +357,7 @@ /** * create malloced delegation point, with the given name - * @param name: uncompressed wireformat of degegpt name. + * @param name: uncompressed wireformat of delegpt name. * @return NULL on alloc failure */ struct delegpt* delegpt_create_mlc(uint8_t* name); diff -Nru unbound-1.5.8/iterator/iter_fwd.c unbound-1.6.0/iterator/iter_fwd.c --- unbound-1.5.8/iterator/iter_fwd.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/iterator/iter_fwd.c 2016-11-04 12:07:52.000000000 +0000 @@ -265,6 +265,8 @@ * last resort will ask for parent-side NS record and thus * fallback to the internet name servers on a failure */ dp->has_parent_side_NS = (uint8_t)!s->isfirst; + /* use SSL for queries to this forwarder */ + dp->ssl_upstream = (uint8_t)s->ssl_upstream; verbose(VERB_QUERY, "Forward zone server list:"); delegpt_log(VERB_QUERY, dp); if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp)) @@ -294,6 +296,7 @@ uint8_t* dname; size_t dname_len; for(s = cfg->stubs; s; s = s->next) { + if(!s->name) continue; dname = sldns_str2wire_dname(s->name, &dname_len); if(!dname) { log_err("cannot parse stub name '%s'", s->name); diff -Nru unbound-1.5.8/iterator/iter_hints.c unbound-1.6.0/iterator/iter_hints.c --- unbound-1.5.8/iterator/iter_hints.c 2015-09-22 08:35:03.000000000 +0000 +++ unbound-1.6.0/iterator/iter_hints.c 2016-11-04 12:07:52.000000000 +0000 @@ -147,12 +147,14 @@ if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:84::b")) goto failed; if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; + if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed; if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed; + if(!ah(dp, "G.ROOT-SERVERS.NET.", "2001:500:12::d0d")) goto failed; if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::53")) goto failed; if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed; if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed; if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed; - if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:3::42")) goto failed; + if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:9f::42")) goto failed; if(!ah(dp, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) goto failed; } return dp; @@ -274,6 +276,8 @@ * last resort will ask for parent-side NS record and thus * fallback to the internet name servers on a failure */ dp->has_parent_side_NS = (uint8_t)!s->isfirst; + /* ssl_upstream */ + dp->ssl_upstream = (uint8_t)s->ssl_upstream; delegpt_log(VERB_QUERY, dp); if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime)) return 0; diff -Nru unbound-1.5.8/iterator/iter_utils.c unbound-1.6.0/iterator/iter_utils.c --- unbound-1.5.8/iterator/iter_utils.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/iterator/iter_utils.c 2016-10-20 15:05:30.000000000 +0000 @@ -360,6 +360,39 @@ } } *selected_rtt = low_rtt; + + if (env->cfg->prefer_ip6) { + int got_num6 = 0; + int low_rtt6 = 0; + int i; + prev = NULL; + a = dp->result_list; + for(i = 0; i < got_num; i++) { + swap_to_front = 0; + if(a->addr.ss_family == AF_INET6) { + got_num6++; + swap_to_front = 1; + if(low_rtt6 == 0 || a->sel_rtt < low_rtt6) { + low_rtt6 = a->sel_rtt; + } + } + /* swap to front if IPv6, or move to next result */ + if(swap_to_front && prev) { + n = a->next_result; + prev->next_result = n; + a->next_result = dp->result_list; + dp->result_list = a; + a = n; + } else { + prev = a; + a = a->next_result; + } + } + if(got_num6 > 0) { + got_num = got_num6; + *selected_rtt = low_rtt6; + } + } return got_num; } @@ -499,6 +532,7 @@ qinf.qname_len = namelen; qinf.qtype = t; qinf.qclass = c; + qinf.local_alias = NULL; fptr_ok(fptr_whitelist_modenv_detect_cycle( qstate->env->detect_cycle)); return (*qstate->env->detect_cycle)(qstate, &qinf, @@ -590,6 +624,27 @@ return 1; } +int +iter_indicates_dnssec_fwd(struct module_env* env, struct query_info *qinfo) +{ + struct trust_anchor* a; + if(!env || !env->anchors || !qinfo || !qinfo->qname) + return 0; + /* a trust anchor exists above the name? */ + if((a=anchors_lookup(env->anchors, qinfo->qname, qinfo->qname_len, + qinfo->qclass))) { + if(a->numDS == 0 && a->numDNSKEY == 0) { + /* insecure trust point */ + lock_basic_unlock(&a->lock); + return 0; + } + lock_basic_unlock(&a->lock); + return 1; + } + /* no trust anchor above it. */ + return 0; +} + int iter_indicates_dnssec(struct module_env* env, struct delegpt* dp, struct dns_msg* msg, uint16_t dclass) diff -Nru unbound-1.5.8/iterator/iter_utils.h unbound-1.6.0/iterator/iter_utils.h --- unbound-1.5.8/iterator/iter_utils.h 2015-03-04 08:30:17.000000000 +0000 +++ unbound-1.6.0/iterator/iter_utils.h 2016-03-17 14:01:59.000000000 +0000 @@ -174,6 +174,18 @@ struct delegpt* dp); /** + * See if qname has DNSSEC needs in the forwarding case. This is true if + * there is a trust anchor above it. Whether there is an insecure delegation + * to the data is unknown, but CD-retry is needed. + * @param env: environment with anchors. + * @param qinfo: query name and class. + * @return true if trust anchor above qname, false if no anchor or insecure + * point above qname. + */ +int iter_indicates_dnssec_fwd(struct module_env* env, + struct query_info *qinfo); + +/** * See if delegation is expected to have DNSSEC information (RRSIGs) in * its answers, or not. Inspects delegation point (name), trust anchors, * and delegation message (DS RRset) to determine this. diff -Nru unbound-1.5.8/libunbound/context.c unbound-1.6.0/libunbound/context.c --- unbound-1.5.8/libunbound/context.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/libunbound/context.c 2016-12-06 13:42:51.000000000 +0000 @@ -62,6 +62,7 @@ config_apply(cfg); if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env)) return UB_INITFAIL; + log_edns_known_options(VERB_ALGO, ctx->env); ctx->local_zones = local_zones_create(); if(!ctx->local_zones) return UB_NOMEM; diff -Nru unbound-1.5.8/libunbound/context.h unbound-1.6.0/libunbound/context.h --- unbound-1.5.8/libunbound/context.h 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/libunbound/context.h 2016-03-09 15:34:21.000000000 +0000 @@ -49,7 +49,7 @@ struct libworker; struct tube; struct sldns_buffer; -struct event_base; +struct ub_event_base; /** * The context structure @@ -114,7 +114,7 @@ struct ub_randstate* seed_rnd; /** event base for event oriented interface */ - struct event_base* event_base; + struct ub_event_base* event_base; /** libworker for event based interface */ struct libworker* event_worker; diff -Nru unbound-1.5.8/libunbound/libunbound.c unbound-1.6.0/libunbound/libunbound.c --- unbound-1.5.8/libunbound/libunbound.c 2016-02-23 13:29:35.000000000 +0000 +++ unbound-1.6.0/libunbound/libunbound.c 2016-12-06 13:42:51.000000000 +0000 @@ -57,6 +57,7 @@ #include "util/random.h" #include "util/net_help.h" #include "util/tube.h" +#include "util/ub_event.h" #include "services/modstack.h" #include "services/localzone.h" #include "services/cache/infra.h" @@ -131,6 +132,15 @@ errno = ENOMEM; return NULL; } + /* init edns_known_options */ + if(!edns_known_options_init(ctx->env)) { + config_delete(ctx->env->cfg); + free(ctx->env); + ub_randfree(ctx->seed_rnd); + free(ctx); + errno = ENOMEM; + return NULL; + } ctx->env->alloc = &ctx->superalloc; ctx->env->worker = NULL; ctx->env->need_to_validate = 0; @@ -150,6 +160,7 @@ ub_randfree(ctx->seed_rnd); config_delete(ctx->env->cfg); modstack_desetup(&ctx->mods, ctx->env); + edns_known_options_delete(ctx->env); free(ctx->env); free(ctx); errno = e; @@ -161,6 +172,7 @@ ub_randfree(ctx->seed_rnd); config_delete(ctx->env->cfg); modstack_desetup(&ctx->mods, ctx->env); + edns_known_options_delete(ctx->env); free(ctx->env); free(ctx); errno = e; @@ -170,6 +182,20 @@ } struct ub_ctx* +ub_ctx_create_ub_event(struct ub_event_base* ueb) +{ + struct ub_ctx* ctx = ub_ctx_create_nopipe(); + if(!ctx) + return NULL; + /* no pipes, but we have the locks to make sure everything works */ + ctx->created_bg = 0; + ctx->dothread = 1; /* the processing is in the same process, + makes ub_cancel and ub_ctx_delete do the right thing */ + ctx->event_base = ueb; + return ctx; +} + +struct ub_ctx* ub_ctx_create_event(struct event_base* eb) { struct ub_ctx* ctx = ub_ctx_create_nopipe(); @@ -179,7 +205,11 @@ ctx->created_bg = 0; ctx->dothread = 1; /* the processing is in the same process, makes ub_cancel and ub_ctx_delete do the right thing */ - ctx->event_base = eb; + ctx->event_base = ub_libevent_event_base(eb); + if (!ctx->event_base) { + ub_ctx_delete(ctx); + return NULL; + } return ctx; } @@ -279,6 +309,8 @@ rrset_cache_delete(ctx->env->rrset_cache); infra_delete(ctx->env->infra_cache); config_delete(ctx->env->cfg); + edns_known_options_delete(ctx->env); + inplace_cb_lists_delete(ctx->env); free(ctx->env); } ub_randfree(ctx->seed_rnd); @@ -698,6 +730,9 @@ } } + /* set time in case answer comes from cache */ + ub_comm_base_now(ctx->event_worker->base); + /* create new ctx_query and attempt to add to the list */ q = context_new(ctx, name, rrtype, rrclass, (ub_callback_t)callback, mydata); @@ -1323,10 +1358,12 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base) { + struct ub_event_base* new_base; + if (!ctx || !ctx->event_base || !base) { return UB_INITFAIL; } - if (ctx->event_base == base) { + if (ub_libevent_get_event_base(ctx->event_base) == base) { /* already set */ return UB_NOERROR; } @@ -1335,9 +1372,11 @@ /* destroy the current worker - safe to pass in NULL */ libworker_delete_event(ctx->event_worker); ctx->event_worker = NULL; - ctx->event_base = base; + new_base = ub_libevent_event_base(base); + if (new_base) + ctx->event_base = new_base; ctx->created_bg = 0; ctx->dothread = 1; lock_basic_unlock(&ctx->cfglock); - return UB_NOERROR; + return new_base ? UB_NOERROR : UB_INITFAIL; } diff -Nru unbound-1.5.8/libunbound/libworker.c unbound-1.6.0/libunbound/libworker.c --- unbound-1.5.8/libunbound/libworker.c 2016-01-05 10:03:59.000000000 +0000 +++ unbound-1.6.0/libunbound/libworker.c 2016-12-06 13:42:51.000000000 +0000 @@ -119,7 +119,7 @@ /** setup fresh libworker struct */ static struct libworker* -libworker_setup(struct ub_ctx* ctx, int is_bg, struct event_base* eb) +libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) { unsigned int seed; struct libworker* w = (struct libworker*)calloc(1, sizeof(*w)); @@ -258,7 +258,7 @@ } struct libworker* libworker_create_event(struct ub_ctx* ctx, - struct event_base* eb) + struct ub_event_base* eb) { return libworker_setup(ctx, 0, eb); } @@ -573,14 +573,17 @@ { qinfo->qtype = (uint16_t)q->res->qtype; qinfo->qclass = (uint16_t)q->res->qclass; + qinfo->local_alias = NULL; qinfo->qname = sldns_str2wire_dname(q->res->qname, &qinfo->qname_len); if(!qinfo->qname) { return 0; } + qinfo->local_alias = NULL; edns->edns_present = 1; edns->ext_rcode = 0; edns->edns_version = 0; edns->bits = EDNS_DO; + edns->opt_list = NULL; if(sldns_buffer_capacity(w->back->udp_buff) < 65535) edns->udp_size = (uint16_t)sldns_buffer_capacity( w->back->udp_buff); @@ -606,8 +609,9 @@ /* see if there is a fixed answer */ sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); - if(local_zones_answer(ctx->local_zones, &qinfo, &edns, - w->back->udp_buff, w->env->scratch, NULL)) { + if(local_zones_answer(ctx->local_zones, w->env, &qinfo, &edns, + w->back->udp_buff, w->env->scratch, NULL, NULL, 0, NULL, 0, + NULL, 0, NULL, 0, NULL)) { regional_free_all(w->env->scratch); libworker_fillup_fg(q, LDNS_RCODE_NOERROR, w->back->udp_buff, sec_status_insecure, NULL); @@ -676,8 +680,9 @@ /* see if there is a fixed answer */ sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); - if(local_zones_answer(ctx->local_zones, &qinfo, &edns, - w->back->udp_buff, w->env->scratch, NULL)) { + if(local_zones_answer(ctx->local_zones, w->env, &qinfo, &edns, + w->back->udp_buff, w->env->scratch, NULL, NULL, 0, NULL, 0, + NULL, 0, NULL, 0, NULL)) { regional_free_all(w->env->scratch); free(qinfo.qname); libworker_event_done_cb(q, LDNS_RCODE_NOERROR, @@ -796,8 +801,9 @@ /* see if there is a fixed answer */ sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid); sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags); - if(local_zones_answer(w->ctx->local_zones, &qinfo, &edns, - w->back->udp_buff, w->env->scratch, NULL)) { + if(local_zones_answer(w->ctx->local_zones, w->env, &qinfo, &edns, + w->back->udp_buff, w->env->scratch, NULL, NULL, 0, NULL, 0, + NULL, 0, NULL, 0, NULL)) { regional_free_all(w->env->scratch); q->msg_security = sec_status_insecure; add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL); @@ -820,11 +826,10 @@ slabhash_clear(w->env->msg_cache); } -struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec, - int want_dnssec, int nocaps, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, - struct module_qstate* q) +struct outbound_entry* libworker_send_query(struct query_info* qinfo, + uint16_t flags, int dnssec, int want_dnssec, int nocaps, + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, + size_t zonelen, int ssl_upstream, struct module_qstate* q) { struct libworker* w = (struct libworker*)q->env->worker; struct outbound_entry* e = (struct outbound_entry*)regional_alloc( @@ -832,11 +837,10 @@ if(!e) return NULL; e->qstate = q; - e->qsent = outnet_serviced_query(w->back, qname, - qnamelen, qtype, qclass, flags, dnssec, want_dnssec, nocaps, - q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr, - addrlen, zone, zonelen, libworker_handle_service_reply, e, - w->back->udp_buff); + e->qsent = outnet_serviced_query(w->back, qinfo, flags, dnssec, + want_dnssec, nocaps, q->env->cfg->tcp_upstream, ssl_upstream, + addr, addrlen, zone, zonelen, q, libworker_handle_service_reply, + e, w->back->udp_buff, q->env); if(!e->qsent) { return NULL; } @@ -951,13 +955,12 @@ log_assert(0); } -struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname), - size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), - uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), - int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), - socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q)) +struct outbound_entry* worker_send_query(struct query_info* ATTR_UNUSED(qinfo), + uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec), + int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps), + struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), + uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), + int ATTR_UNUSED(ssl_upstream), struct module_qstate* ATTR_UNUSED(q)) { log_assert(0); return 0; diff -Nru unbound-1.5.8/libunbound/libworker.h unbound-1.6.0/libunbound/libworker.h --- unbound-1.5.8/libunbound/libworker.h 2014-05-28 08:20:44.000000000 +0000 +++ unbound-1.6.0/libunbound/libworker.h 2016-12-06 13:42:51.000000000 +0000 @@ -1,5 +1,5 @@ /* - * libunbound/worker.h - worker thread or process that resolves + * libunbound/libworker.h - worker thread or process that resolves * * Copyright (c) 2007, NLnet Labs. All rights reserved. * @@ -58,7 +58,8 @@ struct regional; struct tube; struct sldns_buffer; -struct event_base; +struct ub_event_base; +struct query_info; /** * The library-worker status structure @@ -115,7 +116,7 @@ * @return new worker or NULL. */ struct libworker* libworker_create_event(struct ub_ctx* ctx, - struct event_base* eb); + struct ub_event_base* eb); /** * Attach context_query to mesh for callback in event-driven setup. diff -Nru unbound-1.5.8/libunbound/python/doc/conf.py unbound-1.6.0/libunbound/python/doc/conf.py --- unbound-1.5.8/libunbound/python/doc/conf.py 2009-04-02 10:14:27.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/conf.py 2016-12-06 13:42:51.000000000 +0000 @@ -82,10 +82,13 @@ # Options for HTML output # ----------------------- +# The theme that the html output should use. +html_theme = "classic" + # The style sheet to use for HTML and HTML Help pages. A file of that name # must exist either in Sphinx' static/ path, or in one of the custom paths # given in html_static_path. -html_style = 'default.css' +#html_style = 'default.css' # The name for this set of Sphinx documents. If None, it defaults to # " v documentation". diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example1a.rst unbound-1.6.0/libunbound/python/doc/examples/example1a.rst --- unbound-1.5.8/libunbound/python/doc/examples/example1a.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example1a.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,26 +1,33 @@ .. _example_resolve_name: -============================== Resolve a name -============================== +============== -This basic example shows how to create a context and resolve a host address (DNS record of A type). +This basic example shows how to create a context and resolve a host address +(DNS record of A type). + +Source code +----------- :: - #!/usr/bin/python - import unbound - - ctx = unbound.ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - - status, result = ctx.resolve("www.google.com") - if status == 0 and result.havedata: - print "Result.data:", result.data.address_list - elif status != 0: - print "Resolve error:", unbound.ub_strerror(status) + #!/usr/bin/python + import unbound + + ctx = unbound.ub_ctx() + ctx.resolvconf("/etc/resolv.conf") -In contrast with C API, the source code is more compact while the performance of C implementation is preserved. -The main advantage is that you need not take care about the deallocation and allocation of context and result structures; pyUnbound module do it automatically for you. + status, result = ctx.resolve("www.google.com") + if status == 0 and result.havedata: + print "Result.data:", result.data.address_list + elif status != 0: + print "Resolve error:", unbound.ub_strerror(status) + +In contrast with the C API, the source code is more compact while the +performance of C implementation is preserved. +The main advantage is that you need not take care about the deallocation and +allocation of context and result structures; pyUnbound module does it +automatically for you. -If only domain name is given, the :meth:`unbound.ub_ctx.resolve` looks for A records in IN class. +If only domain name is given, the :meth:`unbound.ub_ctx.resolve` looks for +A records in IN class. diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example1b.rst unbound-1.6.0/libunbound/python/doc/examples/example1b.rst --- unbound-1.5.8/libunbound/python/doc/examples/example1b.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example1b.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,33 +1,37 @@ .. _example_reverse_lookup: -============================== Reverse DNS lookup -============================== +================== -Reverse DNS lookup involves determining the hostname associated with a given IP address. +Reverse DNS lookup involves determining the hostname associated with a given IP +address. This example shows how reverse lookup can be done using unbound module. For the reverse DNS records, the special domain in-addr.arpa is reserved. -For example, a host name for the IP address 74.125.43.147 can be obtained by issuing a DNS query for the PTR record for address 147.43.125.74.in-addr.arpa. +For example, a host name for the IP address ``74.125.43.147`` can be obtained +by issuing a DNS query for the PTR record for address +``147.43.125.74.in-addr.arpa.`` + +Source code +----------- :: - #!/usr/bin/python - import unbound - - ctx = unbound.ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - - status, result = ctx.resolve(unbound.reverse("74.125.43.147") + ".in-addr.arpa.", unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN) - if status == 0 and result.havedata: - print "Result.data:", result.data.domain_list - elif status != 0: - print "Resolve error:", unbound.ub_strerror(status) + #!/usr/bin/python + import unbound -In order to simplify the python code, unbound module contains function which reverses the hostname components. -This function is defined as follows:: + ctx = unbound.ub_ctx() + ctx.resolvconf("/etc/resolv.conf") - def reverse(domain): - return '.'.join([a for a in domain.split(".")][::-1]) + status, result = ctx.resolve(unbound.reverse("74.125.43.147") + ".in-addr.arpa.", unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN) + if status == 0 and result.havedata: + print "Result.data:", result.data.domain_list + elif status != 0: + print "Resolve error:", unbound.ub_strerror(status) +In order to simplify the python code, unbound module contains the +:meth:`unbound.reverse` function which reverses the hostname components. +This function is defined as follows:: + def reverse(domain): + return '.'.join([a for a in domain.split(".")][::-1]) diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example2.rst unbound-1.6.0/libunbound/python/doc/examples/example2.rst --- unbound-1.5.8/libunbound/python/doc/examples/example2.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example2.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,41 +1,41 @@ .. _example_setup_ctx: -============================== Lookup from threads -============================== +=================== -This example shows how to use unbound module from a threaded program. -In this example, three lookup threads are created which work in background. -Each thread resolves different DNS record. +This example shows how to use unbound module from a threaded program. +In this example, three lookup threads are created which work in background. +Each thread resolves different DNS record. -:: +Source code +----------- - #!/usr/bin/python - from unbound import ub_ctx, RR_TYPE_A, RR_CLASS_IN - from threading import Thread - - ctx = ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - - class LookupThread(Thread): - def __init__(self,ctx, name): - Thread.__init__(self) - self.ctx = ctx - self.name = name - - def run(self): - print "Thread lookup started:",self.name - status, result = self.ctx.resolve(self.name, RR_TYPE_A, RR_CLASS_IN) - if status == 0 and result.havedata: - print " Result:",self.name,":", result.data.address_list - - threads = [] - for name in ["www.fit.vutbr.cz","www.vutbr.cz","www.google.com"]: - thread = LookupThread(ctx, name) - thread.start() - threads.append(thread) - - for thread in threads: - thread.join() +:: + #!/usr/bin/python + from unbound import ub_ctx, RR_TYPE_A, RR_CLASS_IN + from threading import Thread + + ctx = ub_ctx() + ctx.resolvconf("/etc/resolv.conf") + + class LookupThread(Thread): + def __init__(self,ctx, name): + Thread.__init__(self) + self.ctx = ctx + self.name = name + + def run(self): + print "Thread lookup started:",self.name + status, result = self.ctx.resolve(self.name, RR_TYPE_A, RR_CLASS_IN) + if status == 0 and result.havedata: + print " Result:",self.name,":", result.data.address_list + + threads = [] + for name in ["www.fit.vutbr.cz","www.vutbr.cz","www.google.com"]: + thread = LookupThread(ctx, name) + thread.start() + threads.append(thread) + for thread in threads: + thread.join() diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example3.rst unbound-1.6.0/libunbound/python/doc/examples/example3.rst --- unbound-1.5.8/libunbound/python/doc/examples/example3.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example3.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,12 +1,14 @@ .. _example_asynch: -============================== Asynchronous lookup -============================== +=================== This example performs the name lookup in the background. The main program keeps running while the name is resolved. +Source code +----------- + :: #!/usr/bin/python @@ -33,4 +35,5 @@ if (status != 0): print "Resolve error:", unbound.ub_strerror(status) -The :meth:`unbound.ub_ctx.resolve_async` method is able to pass on any Python object. In this example, we used a dictionary object `my_data`. +The :meth:`unbound.ub_ctx.resolve_async` method is able to pass on any Python +object. In this example, we used a dictionary object ``my_data``. diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example4.rst unbound-1.6.0/libunbound/python/doc/examples/example4.rst --- unbound-1.5.8/libunbound/python/doc/examples/example4.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example4.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,33 +1,35 @@ .. _example_examine: -============================== DNSSEC validator -============================== +================ This example program performs DNSSEC validation of a DNS lookup. +Source code +----------- + :: - #!/usr/bin/python - import os - from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN - - ctx = ub_ctx() - ctx.resolvconf("/etc/resolv.conf") - if (os.path.isfile("keys")): - ctx.add_ta_file("keys") #read public keys for DNSSEC verification - - status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) - if status == 0 and result.havedata: - - print "Result:", result.data.address_list - - if result.secure: - print "Result is secure" - elif result.bogus: - print "Result is bogus" - else: - print "Result is insecure" + #!/usr/bin/python + import os + from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN + + ctx = ub_ctx() + ctx.resolvconf("/etc/resolv.conf") + if (os.path.isfile("keys")): + ctx.add_ta_file("keys") #read public keys for DNSSEC verification + + status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) + if status == 0 and result.havedata: + + print "Result:", result.data.address_list + + if result.secure: + print "Result is secure" + elif result.bogus: + print "Result is bogus" + else: + print "Result is insecure" More detailed informations can be seen in libUnbound DNSSEC tutorial `here`_. diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example5.rst unbound-1.6.0/libunbound/python/doc/examples/example5.rst --- unbound-1.5.8/libunbound/python/doc/examples/example5.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example5.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,13 +1,17 @@ .. _example_resolver_only: -============================== Resolver only -============================== +============= This example program shows how to perform DNS resolution only. Unbound contains two basic modules: resolver and validator. -In case, the validator is not necessary, the validator module can be turned off using "module-config" option. -This option contains a list of module names separated by the space char. This list determined which modules should be employed and in what order. +In case, the validator is not necessary, the validator module can be turned off +using "module-config" option. +This option contains a list of module names separated by the space char. This +list determined which modules should be employed and in what order. + +Source code +----------- :: @@ -25,5 +29,6 @@ print "Result:", result.data.address_list .. note:: - The :meth:`unbound.ub_ctx.set_option` method must be used before the first resolution (i.e. before :meth:`unbound.ub_ctx.resolve` or :meth:`unbound.ub_ctx.resolve_async` call). - + The :meth:`unbound.ub_ctx.set_option` method must be used before the first + resolution (i.e. before :meth:`unbound.ub_ctx.resolve` or + :meth:`unbound.ub_ctx.resolve_async` call). diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example6.rst unbound-1.6.0/libunbound/python/doc/examples/example6.rst --- unbound-1.5.8/libunbound/python/doc/examples/example6.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example6.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,11 +1,13 @@ .. _example_localzone: -============================== Local zone manipulation -============================== +======================= -This example program shows how to define local zone containing custom DNS records. +This example program shows how to define local zone containing custom DNS +records. -.. literalinclude:: example6-1.py - :language: python +Source code +----------- +.. literalinclude:: example6-1.py + :language: python diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example7.rst unbound-1.6.0/libunbound/python/doc/examples/example7.rst --- unbound-1.5.8/libunbound/python/doc/examples/example7.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example7.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,18 +1,33 @@ .. _example_idna: -================================================= Internationalized domain name support -================================================= +===================================== Unlike the libUnbound, pyUnbound is able to handle IDN queries. -.. literalinclude:: example7-1.py - :language: python +Automatic IDN DNAME conversion +------------------------------- -If we use unicode string in :meth:`unbound.ub_ctx.resolve` method, the IDN DNAME conversion (if it is necessary) is performed on background. +If we use unicode string in :meth:`unbound.ub_ctx.resolve` method, +the IDN DNAME conversion (if it is necessary) is performed on background. -.. literalinclude:: example7-2.py - :language: python +Source code +........... -The :class:`unbound.ub_data` class contains attributes suffix which converts the dname to UTF string. These attributes have the '_idn' suffix. -Apart from this aproach, two conversion functions exist (:func:`unbound.idn2dname` and :func:`unbound.dname2idn`). +.. literalinclude:: example7-1.py + :language: python + +IDN converted attributes +------------------------ + +The :class:`unbound.ub_data` class contains attributes suffix which converts +the dname to UTF string. These attributes have the ``_idn`` suffix. + +Apart from this aproach, two conversion functions exist +(:func:`unbound.idn2dname` and :func:`unbound.dname2idn`). + +Source code +........... + +.. literalinclude:: example7-2.py + :language: python diff -Nru unbound-1.5.8/libunbound/python/doc/examples/example8.rst unbound-1.6.0/libunbound/python/doc/examples/example8.rst --- unbound-1.5.8/libunbound/python/doc/examples/example8.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/example8.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,28 +1,34 @@ .. _example_mxlookup: -================================================= Lookup for MX and NS records -================================================= +============================ -The pyUnbound extension provides functions which are able to encode RAW RDATA produces by unbound resolver (see :class:`unbound.ub_data`). +The pyUnbound extension provides functions which are able to encode RAW RDATA +produces by unbound resolver (see :class:`unbound.ub_data`). -.. literalinclude:: example8-1.py - :language: python +Source code +----------- -Previous example produces following output:: +.. literalinclude:: example8-1.py + :language: python - Result: - raw data: 00 0F 05 6D 61 69 6C 34 03 6E 69 63 02 63 7A 00;00 14 02 6D 78 05 63 7A 6E 69 63 03 6F 72 67 00;00 0A 04 6D 61 69 6C 03 6E 69 63 02 63 7A 00 - priority:15 address: mail4.nic.cz. - priority:20 address: mx.cznic.org. - priority:10 address: mail.nic.cz. - - Result: - raw data: D9 1F CD 32 - address: 217.31.205.50 - - Result: - raw data: 01 61 02 6E 73 03 6E 69 63 02 63 7A 00;01 65 02 6E 73 03 6E 69 63 02 63 7A 00;01 63 02 6E 73 03 6E 69 63 02 63 7A 00 - host: a.ns.nic.cz. - host: e.ns.nic.cz. - host: c.ns.nic.cz. +Output +------ + +The previous example produces the following output:: + + Result: + raw data: 00 0F 05 6D 61 69 6C 34 03 6E 69 63 02 63 7A 00;00 14 02 6D 78 05 63 7A 6E 69 63 03 6F 72 67 00;00 0A 04 6D 61 69 6C 03 6E 69 63 02 63 7A 00 + priority:15 address: mail4.nic.cz. + priority:20 address: mx.cznic.org. + priority:10 address: mail.nic.cz. + + Result: + raw data: D9 1F CD 32 + address: 217.31.205.50 + + Result: + raw data: 01 61 02 6E 73 03 6E 69 63 02 63 7A 00;01 65 02 6E 73 03 6E 69 63 02 63 7A 00;01 63 02 6E 73 03 6E 69 63 02 63 7A 00 + host: a.ns.nic.cz. + host: e.ns.nic.cz. + host: c.ns.nic.cz. diff -Nru unbound-1.5.8/libunbound/python/doc/examples/index.rst unbound-1.6.0/libunbound/python/doc/examples/index.rst --- unbound-1.5.8/libunbound/python/doc/examples/index.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/examples/index.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,14 +1,16 @@ Examples -============================== +======== -Here you can find several examples which utilizes the unbound library in Python environment. -Unbound is a caching validator and resolver and can be linked into an application, as a library where can answer DNS queries for the application. +Here you can find several examples which utilizes the unbound library in Python +environment. Unbound is a caching validator and resolver and can be linked into +an application, as a library where can answer DNS queries for the application. This set of examples shows how to use the functions from Python environment. -`Tutorials` +Tutorials +--------- .. toctree:: - :maxdepth: 1 - :glob: + :maxdepth: 1 + :glob: - example* + example* diff -Nru unbound-1.5.8/libunbound/python/doc/install.rst unbound-1.6.0/libunbound/python/doc/install.rst --- unbound-1.5.8/libunbound/python/doc/install.rst 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/install.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,31 +1,38 @@ Installation -=================================== +============ -**Prerequisites** +Prerequisites +------------- Python 2.4 or higher, SWIG 1.3 or higher, GNU make -**Compiling** +Compiling +--------- After downloading, you can compile the pyUnbound library by doing:: - > tar -xzf unbound-x.x.x-py.tar.gz - > cd unbound-x.x.x - > ./configure --with-pyunbound - > make + > tar -xzf unbound-x.x.x-py.tar.gz + > cd unbound-x.x.x + > ./configure --with-pyunbound + > make -You may want to --with-pythonmodule as well if you want to use python as -a module in the resolver. +You may want to enable ``--with-pythonmodule`` as well if you want to use +python as a module in the resolver. -You need GNU make to compile sources; SWIG and Python devel libraries to compile extension module. +You need ``GNU make`` to compile sources; ``SWIG`` and ``Python devel`` +libraries to compile extension module. -**Testing** +Testing +------- -If the compilation is successful, you can test the python LDNS extension module by:: +If the compilation is successful, you can test the python LDNS extension module +by:: - > cd contrib/python - > make testenv - > ./dns-lookup.py + > cd contrib/python + > make testenv + > ./dns-lookup.py -You may want to make install in the main directory since make testenv is for debugging. In contrib/examples you can find simple applications written in Python using the Unbound extension. +You may want to ``make install`` in the main directory since ``make testenv`` +is for debugging. In contrib/examples you can find simple applications written +in Python using the Unbound extension. diff -Nru unbound-1.5.8/libunbound/python/doc/intro.rst unbound-1.6.0/libunbound/python/doc/intro.rst --- unbound-1.5.8/libunbound/python/doc/intro.rst 2009-04-02 09:50:45.000000000 +0000 +++ unbound-1.6.0/libunbound/python/doc/intro.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,39 +1,58 @@ Introduction -=================================== +============ -**Unbound** +Unbound +------- - `Unbound`_ is an implementation of a DNS resolver, that performs caching and DNSSEC validation. - Together with unbound, the libunbound library is provided. - This library can be used to convert hostnames to ip addresses, and back, as well as obtain other information. - Since the resolver allows to specify the class and type of a query (A record, NS, MX, ...), this library offers powerful resolving tool. - The library also performs public-key validation of results with DNSSEC. - - .. _Unbound: http://www.unbound.net/documentation - -**pyUnbound** - - The pyUnbound is an extension module for Python which provides an object-oriented interface to libunbound. - It is the first Python module which offers thread-safe caching resolver. - - The interface was designed with the emphasis on the simplicity of use. - There are two main classes :class:`unbound.ub_ctx` (a validation and resolution context) and :class:`unbound.ub_result` which contains the validation and resolution results. - The objects are thread-safe, and a context can be used in non-threaded as well as threaded environment. - Resolution can be performed blocking and non-blocking (i.e. asynchronous). - The asynchronous method returns from the call immediately, so that processing can go on, while the results become available later. - -**Features** - * customizable caching validation resolver for synchronous and asynchronous lookups - * easy to use object interface - * easy to integrate extension module - * designed for thread environment (i.e. thread-safe) - * allows define and customize of local zone and its RR's during the operation (i.e. without restart) - * includes encoding functions to simplify the results retrieval - * Internationalized domain name (`IDN`_) support - - .. _IDN: http://en.wikipedia.org/wiki/Internationalized_domain_name - -**Application area** - * DNS-based applications performing DNS lookups; the caching resolver can reduce overhead - * Applications where the validation of DNS records is required - * Great solution for customizable and dynamic DNS-based white/blacklists (spam rejection, connection rejection, ...) using the dynamic local zone manipulation +`Unbound`_ is an implementation of a DNS resolver, that performs caching and +DNSSEC validation. +Together with unbound, the libunbound library is provided. +This library can be used to convert hostnames to ip addresses, and back, as +well as obtain other information. +Since the resolver allows to specify the class and type of a query (A record, +NS, MX, ...), this library offers powerful resolving tool. +The library also performs public-key validation of results with DNSSEC. + +.. _Unbound: http://www.unbound.net/documentation + +pyUnbound +--------- + +The pyUnbound is an extension module for Python which provides an +object-oriented interface to libunbound. +It is the first Python module which offers thread-safe caching resolver. + +The interface was designed with the emphasis on the simplicity of use. +There are two main classes :class:`unbound.ub_ctx` (a validation and resolution +context) and :class:`unbound.ub_result` which contains the validation and +resolution results. +The objects are thread-safe, and a context can be used in non-threaded as well +as threaded environment. +Resolution can be performed blocking and non-blocking (i.e. asynchronous). +The asynchronous method returns from the call immediately, so that processing +can go on, while the results become available later. + +Features +-------- + +* Customizable caching validation resolver for synchronous and asynchronous + lookups +* Easy to use object interface +* Easy to integrate extension module +* Designed for thread environment (i.e. thread-safe) +* Allows define and customize of local zone and its RR's during the operation + (i.e. without restart) +* Includes encoding functions to simplify the results retrieval +* Internationalized domain name (`IDN`_) support + +.. _IDN: http://en.wikipedia.org/wiki/Internationalized_domain_name + +Application area +---------------- + +* DNS-based applications performing DNS lookups; the caching resolver can + reduce overhead +* Applications where the validation of DNS records is required +* Great solution for customizable and dynamic DNS-based white/blacklists (spam + rejection, connection rejection, ...) using the dynamic local zone + manipulation diff -Nru unbound-1.5.8/libunbound/python/libunbound.i unbound-1.6.0/libunbound/python/libunbound.i --- unbound-1.5.8/libunbound/python/libunbound.i 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/libunbound/python/libunbound.i 2016-03-02 08:18:38.000000000 +0000 @@ -945,7 +945,7 @@ :param idnname: (unicode string) IDN name :returns: (string) domain name """ - return '.'.join([encodings.idna.ToASCII(a) for a in idnname.split('.')]) + return '.'.join([encodings.idna.ToASCII(a) if a else '' for a in idnname.split('.')]) def dname2idn(name): """Converts canonic domain name in IDN format to unicode string diff -Nru unbound-1.5.8/libunbound/ubsyms.def unbound-1.6.0/libunbound/ubsyms.def --- unbound-1.5.8/libunbound/ubsyms.def 2016-02-23 13:05:34.000000000 +0000 +++ unbound-1.6.0/libunbound/ubsyms.def 2016-03-09 15:34:21.000000000 +0000 @@ -6,6 +6,7 @@ ub_ctx_config ub_ctx_create ub_ctx_create_event +ub_ctx_create_ub_event ub_ctx_data_add ub_ctx_data_remove ub_ctx_debuglevel diff -Nru unbound-1.5.8/libunbound/unbound-event.h unbound-1.6.0/libunbound/unbound-event.h --- unbound-1.5.8/libunbound/unbound-event.h 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/libunbound/unbound-event.h 2016-03-09 15:34:21.000000000 +0000 @@ -36,20 +36,21 @@ /** * \file * - * This file contains the unbound interface for use with libevent. - * You have to use the same libevent that unbound was compiled with, - * otherwise it wouldn't work, the event and event_base structures would - * be different. If unbound is compiled without libevent support then - * this header file is not supposed to be installed on the system. + * This file contains the unbound interface for use with user defined + * pluggable event bases. * - * Use ub_ctx_create_event_base() to create an unbound context that uses - * the event base that you have made. Then, use the ub_resolve_event call - * to add DNS resolve queries to the context. Those then run when you - * call event_dispatch() on your event_base, and when they are done you - * get a function callback. + * Use ub_ctx_create_event_ub_base() to create an unbound context that uses + * the user provided event base API. Then, use the ub_resolve_event call + * to add DNS resolve queries to the context. Those then run whith the + * provided event_base, and when they are done you get a function callback. * * This method does not fork another process or create a thread, the effort - * is done by the unbound state machines that are connected to the event_base. + * is done by the unbound state machines that are connected to the event base. + * + * It is also possible to provide a libevent based event base by using + * ub_ctx_create_event_base(). But you have to use the same libevent that + * unbound was compiled with, otherwise it wouldn't work, the event and + * event_base structures would be different. */ #ifndef _UB_UNBOUND_EVENT_H #define _UB_UNBOUND_EVENT_H @@ -62,12 +63,136 @@ struct ub_result; struct event_base; +/** event timeout */ +#define UB_EV_TIMEOUT 0x01 +/** event fd readable */ +#define UB_EV_READ 0x02 +/** event fd writable */ +#define UB_EV_WRITE 0x04 +/** event signal */ +#define UB_EV_SIGNAL 0x08 +/** event must persist */ +#define UB_EV_PERSIST 0x10 + +/** magic number to identify this version of the pluggable event api */ +#define UB_EVENT_MAGIC 0x44d74d78 + +struct ub_event; +struct ub_event_base; +struct timeval; + +/** + * The Virtual Method Table for and ub_event_base "object" + */ +struct ub_event_base_vmt { + /** Destructor for the ub_event_base object, + * (not called by libunbound) */ + void (*free)(struct ub_event_base*); + /** Run the event loop + * (not called by libunbound when using ub_resolve_event) */ + int (*dispatch)(struct ub_event_base*); + /** Exit the given event loop */ + int (*loopexit)(struct ub_event_base*, struct timeval*); + /** Instantiate a new ub_event associated with this event base */ + struct ub_event* (*new_event)(struct ub_event_base*, + int fd, short bits, void (*cb)(int, short, void*), void* arg); + /** Instantiate a new signal associated with this event base, + * (not called by libunbound) */ + struct ub_event* (*new_signal)(struct ub_event_base*, int fd, + void (*cb)(int, short, void*), void* arg); + /** Create a new ub_event associated with the given wsaevent, + * (not called by libunbound) */ + struct ub_event* (*winsock_register_wsaevent)(struct ub_event_base*, + void* wsaevent, void (*cb)(int, short, void*), void* arg); +}; + +/** + * A user defined pluggable event base is registered by providing a + * ub_event_base "object" with the ub_ctx_create_ub_event() function. + * The magic number must be correct and the Virtual Method Table must be + * fully equipped providing the event base API to be used by libunbound. + */ +struct ub_event_base { + /** magic must be UB_EVENT_MAGIC (0x44d74d78) */ + unsigned long magic; + /** Virtual Method Table for ub_event_base */ + struct ub_event_base_vmt* vmt; +}; + +/** + * The Virtual Method Table for and ub_event "object" + */ +struct ub_event_vmt { + /** Add event bits for this event to fire on. + * The event will be deactivated before this function is called. */ + void (*add_bits)(struct ub_event*, short); + /** Configure the event so it will not longer fire on given bits + * The event will be deactivated before this function is called. */ + void (*del_bits)(struct ub_event*, short); + /** Change or set the file descriptor on the event + * The event will be deactivated before this function is called. */ + void (*set_fd)(struct ub_event*, int); + /** Destructor for the ub_event object */ + void (*free)(struct ub_event*); + /** Activate the event. The given timeval is an timeout value. */ + int (*add)(struct ub_event*, struct timeval*); + /** Deactivate the event */ + int (*del)(struct ub_event*); + /** Reconfigure and activate a timeout event */ + int (*add_timer)(struct ub_event*, struct ub_event_base*, + void (*cb)(int, short, void*), void* arg, struct timeval*); + /** Deactivate the timeout event */ + int (*del_timer)(struct ub_event*); + /** Activate a signal event (not called by libunbound). */ + int (*add_signal)(struct ub_event*, struct timeval*); + /** Deactivate a signal event (not called by libunbound). */ + int (*del_signal)(struct ub_event*); + /** Destructor for a ub_event associated with a wsaevent, + * (not called by libunbound) + */ + void (*winsock_unregister_wsaevent)(struct ub_event* ev); + /** Libunbound will signal the eventloop when a TCP windows socket + * will block on next read or write (given by the eventbits), to work + * around edge trigger event behaviour of select on windows with TCP. + */ + void (*winsock_tcp_wouldblock)(struct ub_event*, int eventbit); +}; + +/** + * An "object" comprising a user defined pluggable event. + * The magic number must be correct and the Virtual Method Table must be + * fully equipped providing the ub_event API to be used by libunbound. + */ +struct ub_event { + /** magic must be UB_EVENT_MAGIC (0x44d74d78) */ + unsigned long magic; + /** Virtual Method Table for ub_event */ + struct ub_event_vmt* vmt; +}; + typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*); /** * Create a resolving and validation context. * The information from /etc/resolv.conf and /etc/hosts is not utilised by * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them. + * @param base: the pluggable event base that the caller has created. + * The unbound context uses this event base. + * @return a new context. default initialisation. + * returns NULL on error. + * You must use ub_resolve_event with this context. + * Do not call ub_ctx_async, ub_poll, ub_wait, ub_process, this is all done + * with the event_base. Setup the options you like with the other functions. + */ +struct ub_ctx* ub_ctx_create_ub_event(struct ub_event_base* base); + +/** + * Create a resolving and validation context. + * The information from /etc/resolv.conf and /etc/hosts is not utilised by + * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them. + * You have to use the same libevent that unbound was compiled with, + * otherwise it wouldn't work, the event and event_base structures would + * be different. * @param base: the event base that the caller has created. The unbound * context uses this event base. * @return a new context. default initialisation. @@ -79,7 +204,10 @@ struct ub_ctx* ub_ctx_create_event(struct event_base* base); /** - * Set a new event_base on a context created with ub_ctx_create_event. + * Set a new libevent event_base on a context created with ub_ctx_create_event. + * You have to use the same libevent that unbound was compiled with, + * otherwise it wouldn't work, the event and event_base structures would + * be different. * Any outbound queries will be canceled. * @param ctx the ub_ctx to update. Must have been created with ub_ctx_create_event * @param base the new event_base to attach to the ctx diff -Nru unbound-1.5.8/libunbound/worker.h unbound-1.6.0/libunbound/worker.h --- unbound-1.5.8/libunbound/worker.h 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/libunbound/worker.h 2016-12-06 13:42:51.000000000 +0000 @@ -48,13 +48,12 @@ struct comm_point; struct module_qstate; struct tube; +struct edns_option; +struct query_info; /** * Worker service routine to send serviced queries to authoritative servers. - * @param qname: query name. (host order) - * @param qnamelen: length in bytes of qname, including trailing 0. - * @param qtype: query type. (host order) - * @param qclass: query class. (host order) + * @param qinfo: query info. * @param flags: host order flags word, with opcode and CD bit. * @param dnssec: if set, EDNS record will have DO bit set. * @param want_dnssec: signatures needed. @@ -63,15 +62,15 @@ * @param addrlen: length of addr. * @param zone: delegation point name. * @param zonelen: length of zone name wireformat dname. + * @param ssl_upstream: use SSL for upstream queries. * @param q: wich query state to reactivate upon return. * @return: false on failure (memory or socket related). no query was * sent. */ -struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec, - int want_dnssec, int nocaps, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, - struct module_qstate* q); +struct outbound_entry* libworker_send_query(struct query_info* qinfo, + uint16_t flags, int dnssec, int want_dnssec, int nocaps, + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, + size_t zonelen, int ssl_upstream, struct module_qstate* q); /** process incoming replies from the network */ int libworker_handle_reply(struct comm_point* c, void* arg, int error, @@ -106,10 +105,7 @@ /** * Worker service routine to send serviced queries to authoritative servers. - * @param qname: query name. (host order) - * @param qnamelen: length in bytes of qname, including trailing 0. - * @param qtype: query type. (host order) - * @param qclass: query class. (host order) + * @param qinfo: query info. * @param flags: host order flags word, with opcode and CD bit. * @param dnssec: if set, EDNS record will have DO bit set. * @param want_dnssec: signatures needed. @@ -118,15 +114,15 @@ * @param addrlen: length of addr. * @param zone: wireformat dname of the zone. * @param zonelen: length of zone name. + * @param ssl_upstream: use SSL for upstream queries. * @param q: wich query state to reactivate upon return. * @return: false on failure (memory or socket related). no query was * sent. */ -struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec, - int want_dnssec, int nocaps, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, - struct module_qstate* q); +struct outbound_entry* worker_send_query(struct query_info* qinfo, + uint16_t flags, int dnssec, int want_dnssec, int nocaps, + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, + size_t zonelen, int ssl_upstream, struct module_qstate* q); /** * process control messages from the main thread. Frees the control diff -Nru unbound-1.5.8/Makefile.in unbound-1.6.0/Makefile.in --- unbound-1.5.8/Makefile.in 2016-02-17 15:51:57.000000000 +0000 +++ unbound-1.6.0/Makefile.in 2016-12-06 15:29:35.000000000 +0000 @@ -81,7 +81,7 @@ # compat with OpenBSD LINTFLAGS+="-Dsigset_t=long" # FreeBSD -LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" +LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" INSTALL=$(SHELL) $(srcdir)/install-sh @@ -101,31 +101,33 @@ iterator/iter_delegpt.c iterator/iter_donotq.c iterator/iter_fwd.c \ iterator/iter_hints.c iterator/iter_priv.c iterator/iter_resptype.c \ iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \ -services/localzone.c services/mesh.c services/modstack.c \ +services/localzone.c services/mesh.c services/modstack.c services/view.c \ services/outbound_list.c services/outside_network.c util/alloc.c \ util/config_file.c util/configlexer.c util/configparser.c \ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \ util/storage/lruhash.c util/storage/slabhash.c util/timehist.c util/tube.c \ -util/winsock_event.c validator/autotrust.c validator/val_anchor.c \ -validator/validator.c validator/val_kcache.c validator/val_kentry.c \ -validator/val_neg.c validator/val_nsec3.c validator/val_nsec.c \ -validator/val_secalgo.c validator/val_sigcrypt.c \ -validator/val_utils.c dns64/dns64.c $(CHECKLOCK_SRC) $(DNSTAP_SRC) +util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ +validator/autotrust.c validator/val_anchor.c validator/validator.c \ +validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ +validator/val_nsec3.c validator/val_nsec.c validator/val_secalgo.c \ +validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c cachedb/cachedb.c $(CHECKLOCK_SRC) \ +$(DNSTAP_SRC) COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo \ +iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \ outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \ fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ -val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo \ +val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) -COMMON_OBJ=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ +COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo +COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo # set to $COMMON_OBJ or to "" if --enableallsymbols COMMON_OBJ_ALL_SYMBOLS=@COMMON_OBJ_ALL_SYMBOLS@ COMPAT_SRC=compat/ctime_r.c compat/fake-rfc2553.c compat/gmtime_r.c \ @@ -134,7 +136,8 @@ compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ -compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c +compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c \ +compat/strsep.c COMPAT_OBJ=$(LIBOBJS:.o=.lo) COMPAT_OBJ_WITHOUT_CTIME=$(LIBOBJ_WITHOUT_CTIME:.o=.lo) COMPAT_OBJ_WITHOUT_CTIMEARC4=$(LIBOBJ_WITHOUT_CTIMEARC4:.o=.lo) @@ -177,7 +180,8 @@ testcode/replay.c testcode/fake_event.c TESTBOUND_OBJ=testbound.lo replay.lo fake_event.lo TESTBOUND_OBJ_LINK=$(TESTBOUND_OBJ) testpkts.lo worker.lo acl_list.lo \ -daemon.lo stats.lo $(COMMON_OBJ_WITHOUT_NETCALL) $(SLDNS_OBJ) $(COMPAT_OBJ) +daemon.lo stats.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ +$(COMPAT_OBJ) LOCKVERIFY_SRC=testcode/lock_verify.c LOCKVERIFY_OBJ=lock_verify.lo LOCKVERIFY_OBJ_LINK=$(LOCKVERIFY_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ @@ -209,8 +213,8 @@ $(SLDNS_OBJ) LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \ libunbound/libworker.c -LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo -LIBUNBOUND_OBJ_LINK=$(LIBUNBOUND_OBJ) $(COMMON_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ) +LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo +LIBUNBOUND_OBJ_LINK=$(LIBUNBOUND_OBJ) $(COMMON_OBJ_WITHOUT_UB_EVENT) $(SLDNS_OBJ) $(COMPAT_OBJ) # win apps or "" if not on windows WINAPPS=@WINAPPS@ @@ -224,7 +228,7 @@ $(COMPAT_OBJ_WITHOUT_CTIMEARC4) ANCHORUPD_SRC=winrc/anchor-update.c ANCHORUPD_OBJ=anchor-update.lo -ANCHORUPD_OBJ_LINK=$(ANCHORUPD_OBJ) rsrc_anchorupd.o $(COMPAT_OBJ_WITHOUT_CTIMEARC4) +ANCHORUPD_OBJ_LINK=$(ANCHORUPD_OBJ) rsrc_anchorupd.o $(COMPAT_OBJ_WITHOUT_CTIMEARC4) wire2str.lo str2wire.lo parseutil.lo sbuffer.lo rrdef.lo keyraw.lo parse.lo RSRC_OBJ=rsrc_svcinst.o rsrc_svcuninst.o rsrc_anchorupd.o rsrc_unbound.o \ rsrc_unbound_host.o rsrc_unbound_anchor.o rsrc_unbound_control.o \ rsrc_unbound_checkconf.o @@ -552,7 +556,7 @@ @echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand" iana_update: - curl -o port-numbers.tmp http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed + curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '// {p=0;} /udp/ {p=1;} /[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} // { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc rm -f port-numbers.tmp @@ -596,7 +600,6 @@ rm -f $(DEPEND_TMP) $(DEPEND_TMP2) # Dependencies -as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \ @@ -614,6 +617,7 @@ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h +as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/sldns/sbuffer.h @@ -621,17 +625,20 @@ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/services/view.h msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ @@ -700,25 +707,33 @@ $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/as112.h + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/as112.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/util/data/dname.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h + $(srcdir)/validator/val_utils.h $(PYTHONMOD_HEADER) +view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h @@ -755,14 +770,15 @@ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ + $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(PYTHONMOD_HEADER) locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ @@ -772,13 +788,13 @@ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h -netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/util/log.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h +netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/util/ub_event.h \ + $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/dnstap/dnstap.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -808,7 +824,15 @@ $(srcdir)/util/netevent.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h +ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h +ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ + $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -822,8 +846,8 @@ val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/as112.h + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/as112.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -880,7 +904,7 @@ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \ $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ @@ -888,6 +912,7 @@ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h +cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ @@ -934,8 +959,11 @@ unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -955,10 +983,10 @@ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ @@ -969,12 +997,12 @@ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ - $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h \ + $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -994,7 +1022,7 @@ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ @@ -1002,8 +1030,8 @@ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ @@ -1020,7 +1048,7 @@ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -1031,8 +1059,8 @@ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ @@ -1041,8 +1069,11 @@ $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/libworker.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ @@ -1050,10 +1081,10 @@ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -1101,7 +1132,7 @@ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -1113,17 +1144,19 @@ $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/sldns/sbuffer.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ @@ -1131,11 +1164,12 @@ $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h + $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ @@ -1163,14 +1197,15 @@ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ + win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/winsock_event.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h @@ -1213,3 +1248,4 @@ sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h isblank.lo isblank.o: $(srcdir)/compat/isblank.c config.h +strsep.lo strsep.o: $(srcdir)/compat/strsep.c config.h diff -Nru unbound-1.5.8/pythonmod/doc/conf.py unbound-1.6.0/pythonmod/doc/conf.py --- unbound-1.5.8/pythonmod/doc/conf.py 2009-04-02 09:51:51.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/conf.py 2016-12-06 13:42:51.000000000 +0000 @@ -80,10 +80,13 @@ # Options for HTML output # ----------------------- +# The theme that the html output should use. +html_theme = "classic" + # The style sheet to use for HTML and HTML Help pages. A file of that name # must exist either in Sphinx' static/ path, or in one of the custom paths # given in html_static_path. -html_style = 'default.css' +#html_style = 'default.css' # The name for this set of Sphinx documents. If None, it defaults to # " v documentation". diff -Nru unbound-1.5.8/pythonmod/doc/examples/example1.rst unbound-1.6.0/pythonmod/doc/examples/example1.rst --- unbound-1.5.8/pythonmod/doc/examples/example1.rst 2009-04-02 10:14:27.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/examples/example1.rst 2016-12-06 14:04:42.000000000 +0000 @@ -1,10 +1,12 @@ .. _log_handler: Packet logger -========================= +============= This example shows how to log and print details about query and response. -As soon as the ``iterator`` has finished (event is :data:`module_event_moddone`), ``qstate.return_msg`` contains response packet or ``None``. +As soon as the ``iterator`` has finished (event is +:data:`module_event_moddone`), ``qstate.return_msg`` contains response packet +or ``None``. This packet will be send to a client that asked for it. Complete source code @@ -14,14 +16,16 @@ :language: python Testing ------------------- +------- Run the unbound server: ``root@localhost>unbound -dv -c ./test-log.conf`` -In case you use own configuration file, don't forget to enable python module: ``module-config: "validator python iterator"`` and use valid script path: ``python-script: "./examples/log.py"``. +In case you use own configuration file, don't forget to enable python module: +``module-config: "validator python iterator"`` and use valid script path: +``python-script: "./examples/log.py"``. -Example of output:: +Example of output:: [1231790168] unbound[7941:0] info: response for [1231790168] unbound[7941:0] info: reply from 192.5.6.31#53 diff -Nru unbound-1.5.8/pythonmod/doc/examples/example2.rst unbound-1.6.0/pythonmod/doc/examples/example2.rst --- unbound-1.5.8/pythonmod/doc/examples/example2.rst 2009-04-02 10:14:27.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/examples/example2.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,12 +1,14 @@ Response generation -===================== +=================== This example shows how to handle queries and generate response packet. .. note:: - If the python module is the first module and validator module is enabled (``module-config: "python validator iterator"``), - a return_msg security flag has to be set at least to 2. Leaving security flag untouched causes that the - response will be refused by unbound worker as unbound will consider it as non-valid response. + If the python module is the first module and validator module is enabled + (``module-config: "python validator iterator"``), a return_msg security flag + has to be set at least to 2. Leaving security flag untouched causes that the + response will be refused by unbound worker as unbound will consider it as + non-valid response. Complete source code -------------------- @@ -27,20 +29,21 @@ Dig produces the following output:: - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48426 - ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 - - ;; QUESTION SECTION: - ;test.xxx.localdomain. IN A - - ;; ANSWER SECTION: - test.xxx.localdomain. 10 IN A 127.0.0.1 - - ;; Query time: 2 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Jan 01 12:46:02 2009 - ;; MSG SIZE rcvd: 54 + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48426 + ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + + ;; QUESTION SECTION: + ;test.xxx.localdomain. IN A + + ;; ANSWER SECTION: + test.xxx.localdomain. 10 IN A 127.0.0.1 + + ;; Query time: 2 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Jan 01 12:46:02 2009 + ;; MSG SIZE rcvd: 54 -As we handle (override) in python module only queries ending with "localdomain.", the unboud can still resolve host names. +As we handle (override) in the python module only queries ending with +``localdomain.``, unboud can still resolve host names. diff -Nru unbound-1.5.8/pythonmod/doc/examples/example4.rst unbound-1.6.0/pythonmod/doc/examples/example4.rst --- unbound-1.5.8/pythonmod/doc/examples/example4.rst 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/examples/example4.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,15 +1,19 @@ DNS-based language dictionary -=============================== +============================= This example shows how to create a simple language dictionary based on **DNS** -service within 15 minutes. The translation will be performed using TXT resource records. +service within 15 minutes. The translation will be performed using TXT resource +records. Key parts ------------ +--------- Initialization -~~~~~~~~~~~~~~~~~~~~~~~ -On **init()** module loads dictionary from a text file containing records in ``word [tab] translation`` format. +~~~~~~~~~~~~~~ + +On **init()** module loads dictionary from a text file containing records in +``word [tab] translation`` format. + :: def init(id, cfg): @@ -20,11 +24,14 @@ The suitable file can be found at http://slovnik.zcu.cz DNS query and word lookup -~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~ -Let's define the following format od DNS queries: ``word1[.]word2[.] ... wordN[.]{en,cs}[._dict_.cz.]``. +Let's define the following format od DNS queries: +``word1[.]word2[.] ... wordN[.]{en,cs}[._dict_.cz.]``. Word lookup is done by simple ``dict`` lookup from broken DNS request. -Query name is divided into a list of labels. This list is accessible as qname_list attribute. +Query name is divided into a list of labels. This list is accessible as +``qname_list`` attribute. + :: aword = ' '.join(qstate.qinfo.qname_list[0:-4]) #skip last four labels @@ -37,35 +44,40 @@ if (adict == "cs") and (aword in cz_dict): words = cz_dict[aword] # CS -> EN -In the first step, we get a string in the form: ``word1[space]word2[space]...word[space]``. -In the second assignment, fourth label from the end is obtained. This label should contains *"cs"* or *"en"*. -This label determines the direction of translation. - +In the first step, we get a string in the form: +``word1[space]word2[space]...word[space]``. +In the second assignment, fourth label from the end is obtained. This label +should contains *"cs"* or *"en"*. This label determines the direction of +translation. Forming of a DNS reply -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~ DNS reply is formed only on valid match and added as TXT answer. + :: - msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_TXT, RR_CLASS_IN, PKT_AA) + msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_TXT, RR_CLASS_IN, PKT_AA) - for w in words: - msg.answer.append("%s 300 IN TXT \"%s\"" % (qstate.qinfo.qname_str, w.replace("\"", "\\\""))) + for w in words: + msg.answer.append("%s 300 IN TXT \"%s\"" % (qstate.qinfo.qname_str, w.replace("\"", "\\\""))) - if not msg.set_return_msg(qstate): - qstate.ext_state[id] = MODULE_ERROR - return True + if not msg.set_return_msg(qstate): + qstate.ext_state[id] = MODULE_ERROR + return True - qstate.return_rcode = RCODE_NOERROR - qstate.ext_state[id] = MODULE_FINISHED - return True + qstate.return_rcode = RCODE_NOERROR + qstate.ext_state[id] = MODULE_FINISHED + return True -In the first step, a :class:`DNSMessage` instance is created for a given query *(type TXT)*. +In the first step, a :class:`DNSMessage` instance is created for a given query +*(type TXT)*. The fourth argument specifies the flags *(authoritative answer)*. -In the second step, we append TXT records containing the translation *(on the right side of RR)*. +In the second step, we append TXT records containing the translation *(on the +right side of RR)*. Then, the response is finished and ``qstate.return_msg`` contains new response. -If no error, the module sets :attr:`module_qstate.return_rcode` and :attr:`module_qstate.ext_state`. +If no error, the module sets :attr:`module_qstate.return_rcode` and +:attr:`module_qstate.ext_state`. **Steps:** @@ -82,80 +94,82 @@ In case you use own configuration file, don't forget to enable Python module:: - module-config: "validator python iterator" + module-config: "validator python iterator" and use valid script path:: - python-script: "./examples/dict.py" + python-script: "./examples/dict.py" The translation from english word *"a bar fly"* to Czech can be done by doing: ``>>>dig TXT @127.0.0.1 a.bar.fly.en._dict_.cz`` -:: +:: + + ; (1 server found) + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48691 + ;; flags: aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + + ;; QUESTION SECTION: + ;a.bar.fly.en._dict_.cz. IN TXT + + ;; ANSWER SECTION: + a.bar.fly.en._dict_.cz. 300 IN TXT "barov\253 povale\232" + + ;; Query time: 5 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Jan 01 17:44:18 2009 + ;; MSG SIZE rcvd: 67 - ; (1 server found) - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48691 - ;; flags: aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 - - ;; QUESTION SECTION: - ;a.bar.fly.en._dict_.cz. IN TXT - - ;; ANSWER SECTION: - a.bar.fly.en._dict_.cz. 300 IN TXT "barov\253 povale\232" - - ;; Query time: 5 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Jan 01 17:44:18 2009 - ;; MSG SIZE rcvd: 67 - ``>>>dig TXT @127.0.0.1 nic.cs._dict_.cz`` + :: - ; <<>> DiG 9.5.0-P2 <<>> TXT @127.0.0.1 nic.cs._dict_.cz - ; (1 server found) - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58710 - ;; flags: aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 - - ;; QUESTION SECTION: - ;nic.cs._dict_.cz. IN TXT - - ;; ANSWER SECTION: - nic.cs._dict_.cz. 300 IN TXT "aught" - nic.cs._dict_.cz. 300 IN TXT "naught" - nic.cs._dict_.cz. 300 IN TXT "nihil" - nic.cs._dict_.cz. 300 IN TXT "nix" - nic.cs._dict_.cz. 300 IN TXT "nothing" - nic.cs._dict_.cz. 300 IN TXT "zilch" - - ;; Query time: 0 msec - ;; SERVER: 127.0.0.1#53(127.0.0.1) - ;; WHEN: Mon Jan 01 17:45:39 2009 - ;; MSG SIZE rcvd: 143 + ; <<>> DiG 9.5.0-P2 <<>> TXT @127.0.0.1 nic.cs._dict_.cz + ; (1 server found) + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58710 + ;; flags: aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 + + ;; QUESTION SECTION: + ;nic.cs._dict_.cz. IN TXT + + ;; ANSWER SECTION: + nic.cs._dict_.cz. 300 IN TXT "aught" + nic.cs._dict_.cz. 300 IN TXT "naught" + nic.cs._dict_.cz. 300 IN TXT "nihil" + nic.cs._dict_.cz. 300 IN TXT "nix" + nic.cs._dict_.cz. 300 IN TXT "nothing" + nic.cs._dict_.cz. 300 IN TXT "zilch" + + ;; Query time: 0 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Jan 01 17:45:39 2009 + ;; MSG SIZE rcvd: 143 -Proof that the unbound still works as resolver. + Proof that the unbound still works as resolver. ``>>>dig A @127.0.0.1 www.nic.cz`` + :: - ; (1 server found) - ;; global options: printcmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19996 - ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5 - - ;; QUESTION SECTION: - ;www.nic.cz. IN A - - ;; ANSWER SECTION: - www.nic.cz. 1662 IN A 217.31.205.50 - - ;; AUTHORITY SECTION: - ... + ; (1 server found) + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19996 + ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5 + + ;; QUESTION SECTION: + ;www.nic.cz. IN A + + ;; ANSWER SECTION: + www.nic.cz. 1662 IN A 217.31.205.50 + + ;; AUTHORITY SECTION: + ... Complete source code -------------------- diff -Nru unbound-1.5.8/pythonmod/doc/examples/example5.rst unbound-1.6.0/pythonmod/doc/examples/example5.rst --- unbound-1.5.8/pythonmod/doc/examples/example5.rst 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/examples/example5.rst 2016-12-06 13:42:51.000000000 +0000 @@ -0,0 +1,191 @@ +EDNS options +============ + +This example shows how to interact with EDNS options. + +When quering unbound with the EDNS option ``65001`` and data ``0xc001`` we +expect an answer with the same EDNS option code and data ``0xdeadbeef``. + + +Key parts +~~~~~~~~~ + +This example relies on the following functionalities: + + +Registering EDNS options +------------------------ + +By registering EDNS options we can tune unbound's behavior when encountering a +query with a known EDNS option. The two available options are: + +- ``bypass_cache_stage``: If set to ``True`` unbound will not try to answer + from cache. Instead execution is passed to the modules +- ``no_aggregation``: If set to ``True`` unbound will consider this query + unique and will not aggregate it with similar queries + +Both values default to ``False``. + +.. code-block:: python + + if not register_edns_option(env, 65001, bypass_cache_stage=True, + no_aggregation=True): + log_info("python: Could not register EDNS option {}".format(65001)) + + +EDNS option lists +----------------- + +EDNS option lists can be found in the :class:`module_qstate` class. There are +four available lists in total: + +- :class:`module_qstate.edns_opts_front_in`: options that came from the client + side. **Should not** be changed +- :class:`module_qstate.edns_opts_back_out`: options that will be sent to the + server side. Can be populated by edns literate modules +- :class:`module_qstate.edns_opts_back_in`: options that came from the server + side. **Should not** be changed +- :class:`module_qstate.edns_opts_front_out`: options that will be sent to the + client side. Can be populated by edns literate modules + +Each list element has the following members: + +- ``code``: the EDNS option code; +- ``data``: the EDNS option data. + + +Reading an EDNS option list +........................... + +The lists' contents can be accessed in python by their ``_iter`` counterpart as +an iterator: + +.. code-block:: python + + if not edns_opt_list_is_empty(qstate.edns_opts_front_in): + for o in qstate.edns_opts_front_in_iter: + log_info("python: Code: {}, Data: '{}'".format(o.code, + "".join('{:02x}'.format(x) for x in o.data))) + + +Writing to an EDNS option list +.............................. + +By appending to an EDNS option list we can add new EDNS options. The new +element is going to be allocated in :class:`module_qstate.region`. The data +**must** be represented with a python ``bytearray``: + +.. code-block:: python + + b = bytearray.fromhex("deadbeef") + if not edns_opt_list_append(qstate.edns_opts_front_out, + o.code, b, qstate.region): + log_info("python: Could not append EDNS option {}".format(o.code)) + +We can also remove an EDNS option code from an EDNS option list. + +.. code-block:: python + + if not edns_opt_list_remove(edns_opt_list, code): + log_info("python: Option code {} was not found in the " + "list.".format(code)) + +.. note:: All occurences of the EDNS option code will be removed from the list: + + +Controlling other modules' cache behavior +----------------------------------------- + +During the modules' operation, some modules may interact with the cache +(e.g., iterator). This behavior can be controlled by using the following +:class:`module_qstate` flags: + +- :class:`module_qstate.no_cache_lookup`: Modules *operating after* this module + will not lookup the cache for an answer +- :class:`module_qstate.no_cache_store`: Modules *operating after* this module + will not store the response in the cache + +Both values default to ``0``. + +.. code-block:: python + + def operate(id, event, qstate, qdata): + if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): + # Detect if edns option code 56001 is present from the client side. If + # so turn on the flags for cache management. + if not edns_opt_list_is_empty(qstate.edns_opts_front_in): + log_info("python: searching for edns option code 65001 during NEW " + "or PASS event ") + for o in qstate.edns_opts_front_in_iter: + if o.code == 65001: + log_info("python: found edns option code 65001") + # Instruct other modules to not lookup for an + # answer in the cache. + qstate.no_cache_lookup = 1 + log_info("python: enabled no_cache_lookup") + + # Instruct other modules to not store the answer in + # the cache. + qstate.no_cache_store = 1 + log_info("python: enabled no_cache_store") + + +Testing +~~~~~~~ + +Run the Unbound server: :: + + root@localhost$ unbound -dv -c ./test-edns.conf + +In case you use your own configuration file, don't forget to enable the Python +module:: + + module-config: "validator python iterator" + +and use a valid script path:: + + python-script: "./examples/edns.py" + +Quering with EDNS option ``65001:0xc001``: + +:: + + root@localhost$ dig @localhost nlnetlabs.nl +ednsopt=65001:c001 + + ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost nlnetlabs.nl +ednsopt=65001:c001 + ; (1 server found) + ;; global options: +cmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33450 + ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 + + ;; OPT PSEUDOSECTION: + ; EDNS: version: 0, flags:; udp: 4096 + ; OPT=65001: de ad be ef ("....") + ;; QUESTION SECTION: + ;nlnetlabs.nl. IN A + + ;; ANSWER SECTION: + nlnetlabs.nl. 10200 IN A 185.49.140.10 + + ;; AUTHORITY SECTION: + nlnetlabs.nl. 10200 IN NS anyns.pch.net. + nlnetlabs.nl. 10200 IN NS ns.nlnetlabs.nl. + nlnetlabs.nl. 10200 IN NS ns-ext1.sidn.nl. + nlnetlabs.nl. 10200 IN NS sec2.authdns.ripe.net. + + ;; ADDITIONAL SECTION: + ns.nlnetlabs.nl. 10200 IN AAAA 2a04:b900::8:0:0:60 + ns.nlnetlabs.nl. 10200 IN A 185.49.140.60 + + ;; Query time: 10 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Dec 05 14:50:56 CET 2016 + ;; MSG SIZE rcvd: 212 + + +Complete source code +~~~~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../examples/edns.py + :language: python diff -Nru unbound-1.5.8/pythonmod/doc/examples/example6.rst unbound-1.6.0/pythonmod/doc/examples/example6.rst --- unbound-1.5.8/pythonmod/doc/examples/example6.rst 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/examples/example6.rst 2016-12-06 13:42:51.000000000 +0000 @@ -0,0 +1,299 @@ +Inplace callbacks +================= + +This example shows how to register and use inplace callback functions. These +functions are going to be called just before unbound replies back to a client. +They can perform certain actions without interrupting unbound's execution flow +(e.g. add/remove EDNS options, manipulate the reply). + +Two different scenarios will be shown: + +- If answering from cache and the client used EDNS option code ``65002`` we + will answer with the same code but with data ``0xdeadbeef``; +- When answering with a SERVFAIL we also add an empty EDNS option code + ``65003``. + + +Key parts +~~~~~~~~~ + +This example relies on the following functionalities: + + +Registering inplace callback functions +-------------------------------------- + +There are four types of inplace callback functions: + +- `inplace callback reply functions`_ +- `inplace callback reply_cache functions`_ +- `inplace callback reply_local functions`_ +- `inplace callback reply_servfail functions`_ + + +Inplace callback reply functions +................................ + +Called when answering with a *resolved* query. + +The callback function's prototype is the following: + +.. code-block:: python + + def inplace_reply_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): + """Function that will be registered as an inplace callback function. + It will be called when answering with a resolved query. + :param qinfo: query_info struct; + :param qstate: module qstate. It contains the available opt_lists; It + SHOULD NOT be altered; + :param rep: reply_info struct; + :param rcode: return code for the query; + :param edns: edns_data to be sent to the client side. It SHOULD NOT be + altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + """ + +.. note:: The function's name is irrelevant. + +We can register such function as: + +.. code-block:: python + + if not register_inplace_cb_reply(inplace_reply_callback, env): + log_info("python: Could not register inplace callback function.") + + +Inplace callback reply_cache functions +...................................... + +Called when answering *from cache*. + +The callback function's prototype is the following: + +.. code-block:: python + + def inplace_cache_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): + """Function that will be registered as an inplace callback function. + It will be called when answering from the cache. + :param qinfo: query_info struct; + :param qstate: module qstate. None; + :param rep: reply_info struct; + :param rcode: return code for the query; + :param edns: edns_data sent from the client side. The list with the EDNS + options is accesible through edns.opt_list. It SHOULD NOT be + altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + """ + +.. note:: The function's name is irrelevant. + +We can register such function as: + +.. code-block:: python + + if not register_inplace_cb_reply_cache(inplace_cache_callback, env): + log_info("python: Could not register inplace callback function.") + + +Inplace callback reply_local functions +...................................... + +Called when answering with *local data* or a *Chaos(CH) reply*. + +The callback function's prototype is the following: + +.. code-block:: python + + def inplace_local_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): + """Function that will be registered as an inplace callback function. + It will be called when answering from local data. + :param qinfo: query_info struct; + :param qstate: module qstate. None; + :param rep: reply_info struct; + :param rcode: return code for the query; + :param edns: edns_data sent from the client side. The list with the + EDNS options is accesible through edns.opt_list. It + SHOULD NOT be altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + """ + +.. note:: The function's name is irrelevant. + +We can register such function as: + +.. code-block:: python + + if not register_inplace_cb_reply_local(inplace_local_callback, env): + log_info("python: Could not register inplace callback function.") + + +Inplace callback reply_servfail functions +......................................... + +Called when answering with *SERVFAIL*. + +The callback function's prototype is the following: + +.. code-block:: python + + def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, region): + """Function that will be registered as an inplace callback function. + It will be called when answering with SERVFAIL. + :param qinfo: query_info struct; + :param qstate: module qstate. If not None the relevant opt_lists are + available here; + :param rep: reply_info struct. None; + :param rcode: return code for the query. LDNS_RCODE_SERVFAIL; + :param edns: edns_data to be sent to the client side. If qstate is None + edns.opt_list contains the EDNS options sent from the client + side. It SHOULD NOT be altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + """ + +.. note:: The function's name is irrelevant. + +We can register such function as: + +.. code-block:: python + + if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env): + log_info("python: Could not register inplace callback function.") + + +Testing +~~~~~~~ + +Run the Unbound server: :: + + root@localhost$ unbound -dv -c ./test-inplace_callbacks.conf + +In case you use your own configuration file, don't forget to enable the Python +module:: + + module-config: "validator python iterator" + +and use a valid script path :: + + python-script: "./examples/inplace_callbacks.py" + +On the first query for the nlnetlabs.nl A record we get no EDNS option back: + +:: + + root@localhost$ dig @localhost nlnetlabs.nl +ednsopt=65002 + + ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost nlnetlabs.nl +ednsopt=65002 + ; (1 server found) + ;; global options: +cmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48057 + ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 + + ;; OPT PSEUDOSECTION: + ; EDNS: version: 0, flags:; udp: 4096 + ;; QUESTION SECTION: + ;nlnetlabs.nl. IN A + + ;; ANSWER SECTION: + nlnetlabs.nl. 10200 IN A 185.49.140.10 + + ;; AUTHORITY SECTION: + nlnetlabs.nl. 10200 IN NS ns.nlnetlabs.nl. + nlnetlabs.nl. 10200 IN NS sec2.authdns.ripe.net. + nlnetlabs.nl. 10200 IN NS anyns.pch.net. + nlnetlabs.nl. 10200 IN NS ns-ext1.sidn.nl. + + ;; ADDITIONAL SECTION: + ns.nlnetlabs.nl. 10200 IN A 185.49.140.60 + ns.nlnetlabs.nl. 10200 IN AAAA 2a04:b900::8:0:0:60 + + ;; Query time: 813 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Dec 05 16:15:32 CET 2016 + ;; MSG SIZE rcvd: 204 + +When we issue the same query again we get a cached response and the expected +``65002: 0xdeadbeef`` EDNS option: + +:: + + root@localhost$ dig @localhost nlnetlabs.nl +ednsopt=65002 + + ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost nlnetlabs.nl +ednsopt=65002 + ; (1 server found) + ;; global options: +cmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26489 + ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 + + ;; OPT PSEUDOSECTION: + ; EDNS: version: 0, flags:; udp: 4096 + ; OPT=65002: de ad be ef ("....") + ;; QUESTION SECTION: + ;nlnetlabs.nl. IN A + + ;; ANSWER SECTION: + nlnetlabs.nl. 10197 IN A 185.49.140.10 + + ;; AUTHORITY SECTION: + nlnetlabs.nl. 10197 IN NS ns.nlnetlabs.nl. + nlnetlabs.nl. 10197 IN NS sec2.authdns.ripe.net. + nlnetlabs.nl. 10197 IN NS anyns.pch.net. + nlnetlabs.nl. 10197 IN NS ns-ext1.sidn.nl. + + ;; ADDITIONAL SECTION: + ns.nlnetlabs.nl. 10197 IN AAAA 2a04:b900::8:0:0:60 + ns.nlnetlabs.nl. 10197 IN A 185.49.140.60 + + ;; Query time: 0 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Dec 05 16:50:04 CET 2016 + ;; MSG SIZE rcvd: 212 + +By issuing a query for a bogus domain unbound replies with SERVFAIL and an +empty EDNS option code ``65003``. *For this example to work unbound needs to be +validating*: + +:: + + root@localhost$ dig @localhost bogus.nlnetlabs.nl txt + + ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost bogus.nlnetlabs.nl txt + ; (1 server found) + ;; global options: +cmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19865 + ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 + + ;; OPT PSEUDOSECTION: + ; EDNS: version: 0, flags:; udp: 4096 + ; OPT=65003 + ;; QUESTION SECTION: + ;bogus.nlnetlabs.nl. IN TXT + + ;; Query time: 11 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Dec 05 17:06:01 CET 2016 + ;; MSG SIZE rcvd: 51 + + +Complete source code +~~~~~~~~~~~~~~~~~~~~ +.. literalinclude:: ../../examples/inplace_callbacks.py + :language: python diff -Nru unbound-1.5.8/pythonmod/doc/examples/index.rst unbound-1.6.0/pythonmod/doc/examples/index.rst --- unbound-1.5.8/pythonmod/doc/examples/index.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/examples/index.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,15 +1,16 @@ .. _Tutorials: -============================== -Tutorials -============================== +Examples +======== -Here you can find several tutorials which clarify the usage and capabilities of Unbound scriptable interface. +Here you can find several tutorials which clarify the usage and capabilities of +the Unbound scriptable interface. -`Tutorials` +Tutorials +--------- .. toctree:: - :maxdepth: 2 - :glob: + :maxdepth: 2 + :glob: - example* + example* diff -Nru unbound-1.5.8/pythonmod/doc/install.rst unbound-1.6.0/pythonmod/doc/install.rst --- unbound-1.5.8/pythonmod/doc/install.rst 2009-04-02 09:51:51.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/install.rst 2016-12-06 13:42:51.000000000 +0000 @@ -1,39 +1,44 @@ Installation -=================================== +============ -**Prerequisites** +Prerequisites +------------- Python 2.4 or higher, SWIG 1.3 or higher, GNU make -**Download** +Download +-------- You can download the source codes `here`_. The latest release is 1.1.1, Jan 15, 2009. .. _here: unbound-1.1.1-py.tar.gz -**Compiling** +Compiling +--------- After downloading, you can compile the Unbound library by doing:: - > tar -xzf unbound-1.1.1-py.tar.gz - > cd unbound-1.1.1 - > ./configure --with-pythonmodule - > make + > tar -xzf unbound-1.1.1-py.tar.gz + > cd unbound-1.1.1 + > ./configure --with-pythonmodule + > make You need GNU make to compile sources. SWIG and Python devel libraries to compile extension module. -**Testing** +Testing +------- If the compilation is successful, you can test the extension module by:: - > cd pythonmod - > make sudo # or "make test" or "make suexec" + > cd pythonmod + > make sudo # or "make test" or "make suexec" -This will start unbound server with language dictionary service (see :ref:`Tutorials`). +This will start unbound server with language dictionary service +(see :ref:`Tutorials`). In order to test this service, type:: - + > dig TXT @127.0.0.1 aught.en._dict_.cz Dig should print this message (czech equivalent of aught):: @@ -44,16 +49,17 @@ ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30085 ;; flags: aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 - + ;; QUESTION SECTION: - ;aught.en._dict_.cz. IN TXT - + ;aught.en._dict_.cz. IN TXT + ;; ANSWER SECTION: - aught.en._dict_.cz. 300 IN TXT "nic" - + aught.en._dict_.cz. 300 IN TXT "nic" + ;; Query time: 11 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jan 10 16:45:58 2009 ;; MSG SIZE rcvd: 52 -The ``pythonmod/examples`` directory contains simple applications written in Python. +The ``pythonmod/examples`` directory contains simple applications written in +Python. diff -Nru unbound-1.5.8/pythonmod/doc/modules/functions.rst unbound-1.6.0/pythonmod/doc/modules/functions.rst --- unbound-1.5.8/pythonmod/doc/modules/functions.rst 2009-03-25 14:47:47.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/modules/functions.rst 2016-12-06 13:42:51.000000000 +0000 @@ -7,25 +7,26 @@ .. function:: ntohs(netshort) This subroutine converts values between the host and network byte order. - Specifically, **ntohs()** converts 16-bit quantities from network byte order to host byte order. - + Specifically, **ntohs()** converts 16-bit quantities from network byte order + to host byte order. + :param netshort: 16-bit short addr :rtype: converted addr - - + + Cache ----- .. function:: storeQueryInCache(qstate, qinfo, msgrep, is_referral) Store pending query in local cache. - + :param qstate: :class:`module_qstate` :param qinfo: :class:`query_info` :param msgrep: :class:`reply_info` :param is_referal: integer :rtype: boolean - + .. function:: invalidateQueryInCache(qstate, qinfo) Invalidate record in local cache. @@ -34,6 +35,111 @@ :param qinfo: :class:`query_info` +EDNS options +------------ + +.. function:: register_edns_option(env, code, bypass_cache_stage=False, no_aggregation=False) + + Register EDNS option code. + + :param env: :class:`module_env` + :param code: option code(integer) + :param bypass_cache_stage: whether to bypass the cache response stage + :param no_aggregation: whether this query should be unique + :return: ``1`` if successful, ``0`` otherwise + :rtype: integer + +.. function:: edns_opt_list_find(list, code) + + Find the EDNS option code in the EDNS option list. + + :param list: linked list of :class:`edns_option` + :param code: option code (integer) + :return: the edns option if found or None + :rtype: :class:`edns_option` or None + +.. function:: edns_opt_list_remove(list, code); + + Remove an ENDS option code from the list. + .. note:: All :class:`edns_option` with the code will be removed + + :param list: linked list of :class:`edns_option` + :param code: option code (integer) + :return: ``1`` if at least one :class:`edns_option` was removed, ``0`` otherwise + :rtype: integer + +.. function:: edns_opt_list_append(list, code, data, region) + + Append given EDNS option code with data to the list. + + :param list: linked list of :class:`edns_option` + :param code: option code (integer) + :param data: EDNS data. **Must** be a :class:`bytearray` + :param region: :class:`regional` + +.. function:: edns_opt_list_is_empty(list) + + Check if an EDNS option list is empty. + + :param list: linked list of :class:`edns_option` + :return: ``1`` if list is empty, ``0`` otherwise + :rtype: integer + + +Inplace callbacks +----------------- + +.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region) + + Function prototype for callback functions used in + `register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_, + `register_inplace_cb_reply_local` and `register_inplace_cb_reply_servfail`. + + :param qinfo: :class:`query_info` + :param qstate: :class:`module_qstate` + :param rep: :class:`reply_info` + :param rcode: return code (integer), check ``RCODE_`` constants. + :param edns: :class:`edns_data` + :param opt_list_out: :class:`edns_option`. EDNS option list to append options to. + :param region: :class:`regional` + +.. function:: register_inplace_cb_reply(py_cb, env) + + Register py_cb as an inplace reply callback function. + + :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param env: :class:`module_env` + :return: True on success, False otherwise + :rtype: boolean + +.. function:: register_inplace_cb_reply_cache(py_cb, env) + + Register py_cb as an inplace reply_cache callback function. + + :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param env: :class:`module_env` + :return: True on success, False otherwise + :rtype: boolean + +.. function:: register_inplace_cb_reply_local(py_cb, env) + + Register py_cb as an inplace reply_local callback function. + + :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param env: :class:`module_env` + :return: True on success, False otherwise + :rtype: boolean + +.. function:: register_inplace_cb_reply_servfail(py_cb, env) + + Register py_cb as an inplace reply_servfail callback function. + + :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param env: :class:`module_env` + :return: True on success, False otherwise + :rtype: boolean + + Logging ------- @@ -71,50 +177,51 @@ :param msg: string desc to accompany the hexdump. :param data: data to dump in hex format. :param length: length of data. - + .. function:: log_dns_msg(str, qinfo, reply) Log DNS message. - + :param str: string message :param qinfo: :class:`query_info` :param reply: :class:`reply_info` - + .. function:: log_query_info(verbosity_value, str, qinf) Log query information. - + :param verbosity_value: see constants :param str: string message :param qinf: :class:`query_info` - + .. function:: regional_log_stats(r) Log regional statistics. - + :param r: :class:`regional` + Debugging --------- .. function:: strextstate(module_ext_state) Debug utility, module external qstate to string. - + :param module_ext_state: the state value. :rtype: descriptive string. .. function:: strmodulevent(module_event) Debug utility, module event to string. - + :param module_event: the module event value. :rtype: descriptive string. - + .. function:: ldns_rr_type2str(atype) Convert RR type to string. - + .. function:: ldns_rr_class2str(aclass) Convert RR class to string. diff -Nru unbound-1.5.8/pythonmod/doc/modules/struct.rst unbound-1.6.0/pythonmod/doc/modules/struct.rst --- unbound-1.5.8/pythonmod/doc/modules/struct.rst 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/pythonmod/doc/modules/struct.rst 2016-12-06 13:42:51.000000000 +0000 @@ -6,55 +6,94 @@ .. class:: module_qstate - Module state, per query. - - This class provides these data attributes: - - .. attribute:: qinfo - - (:class:`query_info`) Informations about query being answered. Name, RR type, RR class. - - .. attribute:: query_flags - - (uint16) Flags for query. See QF_BIT\_ predefined constants. - - .. attribute:: is_priming - - If this is a (stub or root) priming query (with hints). - - .. attribute:: reply - - comm_reply contains server replies. - - .. attribute:: return_msg - - (:class:`dns_msg`) The reply message, with message for client and calling module (read-only attribute). - Note that if you want to create of modify return_msg you should use :class:`DNSMessage`. - - .. attribute:: return_rcode - - The rcode, in case of error, instead of a reply message. Determines whether the return_msg contains reply. - - .. attribute:: region - - Region for this query. Cleared when query process finishes. - - .. attribute:: curmod - - Which module is executing. - - .. attribute:: ext_state[] - - Module states. - - .. attribute:: env - - Environment for this query. - - .. attribute:: mesh_info - - Mesh related information for this query. + Module state, per query. + + This class provides these data attributes: + + .. attribute:: qinfo + + (:class:`query_info`) Informations about query being answered. Name, RR type, RR class. + + .. attribute:: query_flags + + (uint16) Flags for query. See QF_BIT\_ predefined constants. + + .. attribute:: is_priming + + If this is a (stub or root) priming query (with hints). + + .. attribute:: reply + + comm_reply contains server replies. + + .. attribute:: return_msg + + (:class:`dns_msg`) The reply message, with message for client and calling module (read-only attribute). + Note that if you want to create of modify return_msg you should use :class:`DNSMessage`. + + .. attribute:: return_rcode + + The rcode, in case of error, instead of a reply message. Determines whether the return_msg contains reply. + + .. attribute:: region + + Region for this query. Cleared when query process finishes. + + .. attribute:: curmod + + Which module is executing. + + .. attribute:: ext_state[] + + Module states. + + .. attribute:: env + + Environment for this query. + + .. attribute:: mesh_info + + Mesh related information for this query. + + .. attribute:: edns_opts_front_in + + Incoming EDNS options from the front end. + .. attribute:: edns_opts_front_in_iter + + Iterator for `edns_opts_front_in`. + + .. attribute:: edns_opts_back_out + + Outgoing EDNS options to the back end. + + .. attribute:: edns_opts_back_out_iter + + Iterator for `edns_opts_back_out`. + + .. attribute:: edns_opts_back_in + + Incoming EDNS options from the back end. + + .. attribute:: edns_opts_back_in_iter + + Iterator for `ends_opts_back_in`. + + .. attribute:: edns_opts_front_out + + Outgoing EDNS options to the front end. + + .. attribute:: edns_opts_front_out_iter + + Iterator for `edns_opts_front_out`. + + .. attribute:: no_cache_lookup + + Flag to indicate whether modules should answer from the cache. + + .. attribute:: no_cache_store + + Flag to indicate whether modules should store answer in the cache. query_info ---------------- @@ -94,7 +133,57 @@ .. attribute:: qclass_str The ``qclass`` in display presentation format (string). - + +edns_data +--------- + +.. class:: edns_data + + This class represents the EDNS information parsed/encoded from/to a packet. It provides these data attributes: + + .. attribute:: edns_present + + If EDNS OPT record is present. + + .. attribute:: ext_rcode + + Extended RCODE. + + .. attribute:: edns_version + + The EDNS version number. + + .. attribute:: bits + + The EDNS bits field from ttl (host order): Z. + + .. attribute:: udp_size + + UDP reassembly size. + + .. attribute:: opt_list + + The EDNS option list. + + .. attribute:: opt_list_iter + + Iterator for `opt_list`. + +edns_option +----------- + +.. class:: edns_option + + This class represents an EDNS option (code, data) found in EDNS option lists. It provides these data attributes: + + .. attribute:: code + + The EDNS option code. + + .. attribute:: data + + The EDNS option data. + reply_info -------------------- diff -Nru unbound-1.5.8/pythonmod/examples/edns.py unbound-1.6.0/pythonmod/examples/edns.py --- unbound-1.5.8/pythonmod/examples/edns.py 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/pythonmod/examples/edns.py 2016-12-06 13:42:51.000000000 +0000 @@ -0,0 +1,194 @@ +# -*- coding: utf-8 -*- +''' + edns.py: python module showcasing EDNS option functionality. + + Copyright (c) 2016, NLnet Labs. + + This software is open source. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + * Neither the name of the organization nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +''' +#Try: +# - dig @localhost nlnetlabs.nl +ednsopt=65001:c001 +# This query will always reach the modules stage as EDNS option 65001 is +# registered to bypass the cache response stage. It will also be handled +# as a unique query because of the no_aggregation flag. This means that +# it will not be aggregated with other queries for the same qinfo. +# For demonstration purposes when option 65001 with hexdata 'c001' is +# sent from the client side this module will reply with the same code and +# data 'deadbeef'. + +# Useful functions: +# edns_opt_list_is_empty(edns_opt_list): +# Check if the option list is empty. +# Return True if empty, False otherwise. +# +# edns_opt_list_append(edns_opt_list, code, data_bytearray, region): +# Append the EDNS option with code and data_bytearray to the given +# edns_opt_list. +# NOTE: data_bytearray MUST be a Python bytearray. +# Return True on success, False on failure. +# +# edns_opt_list_remove(edns_opt_list, code): +# Remove all occurences of the given EDNS option code from the +# edns_opt_list. +# Return True when at least one EDNS option was removed, False otherwise. +# +# register_edns_option(env, code, bypass_cache_stage=True, +# no_aggregation=True): +# Register EDNS option code as a known EDNS option. +# bypass_cache_stage: +# bypasses answering from cache and allows the query to reach the +# modules for further EDNS handling. +# no_aggregation: +# makes every query with the said EDNS option code unique. +# Return True on success, False on failure. +# +# Examples on how to use the functions are given in this file. + + +def init_standard(id, env): + """New version of the init function. + The function's signature is the same as the C counterpart and allows for + extra functionality during init. + ..note:: This function is preferred by unbound over the old init function. + ..note:: The previously accesible configuration options can now be found in + env.cgf. + """ + log_info("python: inited script {}".format(env.cfg.python_script)) + + # Register EDNS option 65001 as a known EDNS option. + if not register_edns_option(env, 65001, bypass_cache_stage=True, + no_aggregation=True): + return False + + return True + + +def init(id, cfg): + """Previous version init function. + ..note:: This function is still supported for backwards compatibility when + the init_standard function is missing. When init_standard is + present this function SHOULD be ommited to avoid confusion to the + reader. + """ + return True + + +def deinit(id): return True + + +def inform_super(id, qstate, superqstate, qdata): return True + + +def operate(id, event, qstate, qdata): + if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): + # Detect if EDNS option code 56001 is present from the client side. If + # so turn on the flags for cache management. + if not edns_opt_list_is_empty(qstate.edns_opts_front_in): + log_info("python: searching for EDNS option code 65001 during NEW " + "or PASS event ") + for o in qstate.edns_opts_front_in_iter: + if o.code == 65001: + log_info("python: found EDNS option code 65001") + # Instruct other modules to not lookup for an + # answer in the cache. + qstate.no_cache_lookup = 1 + log_info("python: enabled no_cache_lookup") + + # Instruct other modules to not store the answer in + # the cache. + qstate.no_cache_store = 1 + log_info("python: enabled no_cache_store") + + #Pass on the query + qstate.ext_state[id] = MODULE_WAIT_MODULE + return True + + elif event == MODULE_EVENT_MODDONE: + # If the client sent EDNS option code 65001 and data 'c001' reply + # with the same code and data 'deadbeef'. + if not edns_opt_list_is_empty(qstate.edns_opts_front_in): + log_info("python: searching for EDNS option code 65001 during " + "MODDONE") + for o in qstate.edns_opts_front_in_iter: + if o.code == 65001 and o.data == bytearray.fromhex("c001"): + b = bytearray.fromhex("deadbeef") + if not edns_opt_list_append(qstate.edns_opts_front_out, + o.code, b, qstate.region): + qstate.ext_state[id] = MODULE_ERROR + return False + + # List every EDNS option in all lists. + # The available lists are: + # - qstate.edns_opts_front_in: EDNS options that came from the + # client side. SHOULD NOT be changed; + # + # - qstate.edns_opts_back_out: EDNS options that will be sent to the + # server side. Can be populated by + # EDNS literate modules; + # + # - qstate.edns_opts_back_in: EDNS options that came from the + # server side. SHOULD NOT be changed; + # + # - qstate.edns_opts_front_out: EDNS options that will be sent to the + # client side. Can be populated by + # EDNS literate modules; + # + # The lists' contents can be accessed in python by their _iter + # counterpart as an iterator. + if not edns_opt_list_is_empty(qstate.edns_opts_front_in): + log_info("python: EDNS options in edns_opts_front_in:") + for o in qstate.edns_opts_front_in_iter: + log_info("python: Code: {}, Data: '{}'".format(o.code, + "".join('{:02x}'.format(x) for x in o.data))) + + if not edns_opt_list_is_empty(qstate.edns_opts_back_out): + log_info("python: EDNS options in edns_opts_back_out:") + for o in qstate.edns_opts_back_out_iter: + log_info("python: Code: {}, Data: '{}'".format(o.code, + "".join('{:02x}'.format(x) for x in o.data))) + + if not edns_opt_list_is_empty(qstate.edns_opts_back_in): + log_info("python: EDNS options in edns_opts_back_in:") + for o in qstate.edns_opts_back_in_iter: + log_info("python: Code: {}, Data: '{}'".format(o.code, + "".join('{:02x}'.format(x) for x in o.data))) + + if not edns_opt_list_is_empty(qstate.edns_opts_front_out): + log_info("python: EDNS options in edns_opts_front_out:") + for o in qstate.edns_opts_front_out_iter: + log_info("python: Code: {}, Data: '{}'".format(o.code, + "".join('{:02x}'.format(x) for x in o.data))) + + qstate.ext_state[id] = MODULE_FINISHED + return True + + log_err("pythonmod: Unknown event") + qstate.ext_state[id] = MODULE_ERROR + return True diff -Nru unbound-1.5.8/pythonmod/examples/inplace_callbacks.py unbound-1.6.0/pythonmod/examples/inplace_callbacks.py --- unbound-1.5.8/pythonmod/examples/inplace_callbacks.py 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/pythonmod/examples/inplace_callbacks.py 2016-12-06 13:42:51.000000000 +0000 @@ -0,0 +1,244 @@ +# -*- coding: utf-8 -*- +''' + inplace_callbacks.py: python module showcasing inplace callback function + registration and functionality. + + Copyright (c) 2016, NLnet Labs. + + This software is open source. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + * Neither the name of the organization nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +''' +#Try: +# - dig @localhost nlnetlabs.nl +ednsopt=65002: +# This query *could* be answered from cache. If so, unbound will reply +# with the same EDNS option 65002, but with hexdata 'deadbeef' as data. +# +# - dig @localhost bogus.nlnetlabs.nl txt: +# This query returns SERVFAIL as the txt record of bogus.nlnetlabs.nl is +# intentionally bogus. The reply will contain an empty EDNS option +# with option code 65003. +# (unbound needs to be validating for this example to work) + +# Useful functions: +# register_inplace_cb_reply(inplace_reply_callback, env): +# Register the reply_callback function as an inplace callback function +# when answering with a resolved query. +# Return True on success, False on failure. +# +# register_inplace_cb_reply_cache(inplace_reply_cache_callback, env): +# Register the reply_cache_callback function as an inplace callback +# function when answering from cache. +# Return True on success, False on failure. +# +# register_inplace_cb_reply_local(inplace_reply_local_callback, env): +# Register the reply_local_callback function as an inplace callback +# function when answering from local data or chaos reply. +# Return True on success, False on failure. +# +# register_inplace_cb_reply_servfail(inplace_reply_servfail_callback, env): +# Register the reply_servfail_callback function as an inplace callback +# function when answering with servfail. +# Return True on success, False on failure. +# +# Examples on how to use the functions are given in this file. + + +def inplace_reply_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, + region): + """Function that will be registered as an inplace callback function. + It will be called when answering with a resolved query. + :param qinfo: query_info struct; + :param qstate: module qstate. It contains the available opt_lists; It + SHOULD NOT be altered; + :param rep: reply_info struct; + :param rcode: return code for the query; + :param edns: edns_data to be sent to the client side. It SHOULD NOT be + altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + """ + log_info("python: called back while replying.") + return True + + +def inplace_cache_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, + region): + """Function that will be registered as an inplace callback function. + It will be called when answering from the cache. + :param qinfo: query_info struct; + :param qstate: module qstate. None; + :param rep: reply_info struct; + :param rcode: return code for the query; + :param edns: edns_data sent from the client side. The list with the EDNS + options is accesible through edns.opt_list. It SHOULD NOT be + altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + + For demostration purposes we want to see if EDNS option 65002 is present + and reply with a new value. + """ + log_info("python: called back while answering from cache.") + # Inspect the incoming EDNS options. + if not edns_opt_list_is_empty(edns.opt_list): + log_info("python: available EDNS options:") + for o in edns.opt_list_iter: + log_info("python: Code: {}, Data: '{}'".format(o.code, + "".join('{:02x}'.format(x) for x in o.data))) + if o.code == 65002: + log_info("python: *found option code 65002*") + + # add to opt_list + # Data MUST be represented in a bytearray. + b = bytearray.fromhex("deadbeef") + if edns_opt_list_append(opt_list_out, o.code, b, region): + log_info("python: *added new option code 65002*") + else: + log_info("python: *failed to add new option code 65002*") + return False + break + + return True + + +def inplace_local_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, + region): + """Function that will be registered as an inplace callback function. + It will be called when answering from local data. + :param qinfo: query_info struct; + :param qstate: module qstate. None; + :param rep: reply_info struct; + :param rcode: return code for the query; + :param edns: edns_data sent from the client side. The list with the + EDNS options is accesible through edns.opt_list. It + SHOULD NOT be altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + """ + log_info("python: called back while replying with local data or chaos" + " reply.") + return True + + +def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, + region): + """Function that will be registered as an inplace callback function. + It will be called when answering with SERVFAIL. + :param qinfo: query_info struct; + :param qstate: module qstate. If not None the relevant opt_lists are + available here; + :param rep: reply_info struct. None; + :param rcode: return code for the query. LDNS_RCODE_SERVFAIL; + :param edns: edns_data to be sent to the client side. If qstate is None + edns.opt_list contains the EDNS options sent from the client + side. It SHOULD NOT be altered; + :param opt_list_out: the list with the EDNS options that will be sent as a + reply. It can be populated with EDNS options; + :param region: region to allocate temporary data. Needs to be used when we + want to append a new option to opt_list_out. + :return: True on success, False on failure. + + For demostration purposes we want to reply with an empty EDNS code '65003'. + """ + log_info("python: called back while servfail.") + b = bytearray.fromhex("") + edns_opt_list_append(opt_list_out, 65003, b, region) + return True + + +def init_standard(id, env): + """New version of the init function. + The function's signature is the same as the C counterpart and allows for + extra functionality during init. + ..note:: This function is preferred by unbound over the old init function. + ..note:: The previously accesible configuration options can now be found in + env.cgf. + """ + log_info("python: inited script {}".format(env.cfg.python_script)) + + # Register the inplace_reply_callback function as an inplace callback + # function when answering a resolved query. + if not register_inplace_cb_reply(inplace_reply_callback, env): + return False + + # Register the inplace_cache_callback function as an inplace callback + # function when answering from cache. + if not register_inplace_cb_reply_cache(inplace_cache_callback, env): + return False + + # Register the inplace_local_callback function as an inplace callback + # function when answering from local data. + if not register_inplace_cb_reply_local(inplace_local_callback, env): + return False + + # Register the inplace_servfail_callback function as an inplace callback + # function when answering with SERVFAIL. + if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env): + return False + + return True + + +def init(id, cfg): + """Previous version init function. + ..note:: This function is still supported for backwards compatibility when + the init_standard function is missing. When init_standard is + present this function SHOULD be ommited to avoid confusion to the + reader. + """ + return True + + +def deinit(id): return True + + +def inform_super(id, qstate, superqstate, qdata): return True + + +def operate(id, event, qstate, qdata): + if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): + qstate.ext_state[id] = MODULE_WAIT_MODULE + return True + + elif event == MODULE_EVENT_MODDONE: + qstate.ext_state[id] = MODULE_FINISHED + return True + + log_err("pythonmod: Unknown event") + qstate.ext_state[id] = MODULE_ERROR + return True diff -Nru unbound-1.5.8/pythonmod/interface.i unbound-1.6.0/pythonmod/interface.i --- unbound-1.5.8/pythonmod/interface.i 2015-04-16 14:41:14.000000000 +0000 +++ unbound-1.6.0/pythonmod/interface.i 2016-12-06 13:42:51.000000000 +0000 @@ -1,7 +1,6 @@ /* * interface.i: unbound python module */ - %module unboundmodule %{ /** @@ -34,10 +33,10 @@ #include "sldns/pkthdr.h" %} -%include "stdint.i" // uint_16_t can be known type now +%include "stdint.i" /* uint_16_t can be known type now */ %inline %{ - //converts [len][data][len][data][0] string to a List of labels (PyBytes) + /* converts [len][data][len][data][0] string to a List of labels (PyBytes) */ PyObject* GetNameAsLabelList(const char* name, int len) { PyObject* list; int cnt=0, i; @@ -202,13 +201,16 @@ char* dname; size_t dname_len; uint32_t flags; - uint16_t type; //rrset type in network format - uint16_t rrset_class; //rrset class in network format + uint16_t type; /* rrset type in network format */ + uint16_t rrset_class; /* rrset class in network format */ %mutable; }; -//This subroutine converts values between the host and network byte order. -//Specifically, ntohs() converts 16-bit quantities from network byte order to host byte order. +/** + * This subroutine converts values between the host and network byte order. + * Specifically, ntohs() converts 16-bit quantities from network byte order to + * host byte order. + */ uint16_t ntohs(uint16_t netshort); %inline %{ @@ -269,17 +271,24 @@ %ignore packed_rrset_data::rr_data; struct packed_rrset_data { - uint32_t ttl; //TTL (in seconds like time()) + /* TTL (in seconds like time()) */ + uint32_t ttl; - size_t count; //number of rrs - size_t rrsig_count; //number of rrsigs + /* number of rrs */ + size_t count; + /* number of rrsigs */ + size_t rrsig_count; enum rrset_trust trust; enum sec_status security; - size_t* rr_len; //length of every rr's rdata - uint32_t *rr_ttl; //ttl of every rr - uint8_t** rr_data; //array of pointers to every rr's rdata; The rr_data[i] rdata is stored in uncompressed wireformat. + /* length of every rr's rdata */ + size_t* rr_len; + /* ttl of every rr */ + uint32_t *rr_ttl; + /* array of pointers to every rr's rdata. The rr_data[i] rdata is stored in + * uncompressed wireformat. */ + uint8_t** rr_data; }; %pythoncode %{ @@ -359,10 +368,10 @@ size_t an_numrrsets; size_t ns_numrrsets; size_t ar_numrrsets; - size_t rrset_count; // an_numrrsets + ns_numrrsets + ar_numrrsets + size_t rrset_count; /* an_numrrsets + ns_numrrsets + ar_numrrsets */ struct ub_packed_rrset_key** rrsets; - struct rrset_ref ref[1]; //? + struct rrset_ref ref[1]; /* ? */ }; struct rrset_ref { @@ -396,11 +405,11 @@ struct rrset_ref* _rrset_ref_get(struct reply_info* r, int idx) { if ((r != NULL) && (idx >= 0) && ((size_t)idx < r->rrset_count)) { -//printf("_rrset_ref_get: %lX key:%lX\n", r->ref + idx, r->ref[idx].key); +/* printf("_rrset_ref_get: %lX key:%lX\n", r->ref + idx, r->ref[idx].key); */ return &(r->ref[idx]); -// return &(r->ref[idx]); +/* return &(r->ref[idx]); */ } -//printf("_rrset_ref_get: NULL\n"); +/* printf("_rrset_ref_get: NULL\n"); */ return NULL; } %} @@ -479,30 +488,166 @@ if _newclass:family = _swig_property(_family_get) %} } + +/* ************************************************************************************ * + Structure edns_option + * ************************************************************************************ */ +/* Rename the members to follow the python convention of marking them as + * private. Access to the opt_code and opt_data members is given by the later + * python defined code and data members respectively. */ +%rename(_next) edns_option::next; +%rename(_opt_code) edns_option::opt_code; +%rename(_opt_len) edns_option::opt_len; +%rename(_opt_data) edns_option::opt_data; +struct edns_option { + struct edns_option* next; + uint16_t opt_code; + size_t opt_len; + uint8_t* opt_data; +}; + +%inline %{ + PyObject* _edns_option_opt_code_get(struct edns_option* option) { + uint16_t opt_code = option->opt_code; + return PyInt_FromLong(opt_code); + } + + PyObject* _edns_option_opt_data_get(struct edns_option* option) { + return PyByteArray_FromStringAndSize((uint8_t*)option->opt_data, + option->opt_len); + } +%} +%extend edns_option { + %pythoncode %{ + def _opt_code_get(self): return _edns_option_opt_code_get(self) + __swig_getmethods__["code"] = _opt_code_get + if _newclass: opt_code = _swig_property(_opt_code_get) + + def _opt_data_get(self): return _edns_option_opt_data_get(self) + __swig_getmethods__["data"] = _opt_data_get + if _newclass: opt_data = _swig_property(_opt_data_get) + %} +} + /* ************************************************************************************ * + Structure edns_data + * ************************************************************************************ */ +/* This is ignored because we will pass a double pointer of this to Python + * with custom getmethods. This is done to bypass Swig's behavior to pass NULL + * pointers as None. */ +%ignore edns_data::opt_list; +struct edns_data { + int edns_present; + uint8_t ext_rcode; + uint8_t edns_version; + uint16_t bits; + uint16_t udp_size; + struct edns_option* opt_list; +}; +%inline %{ + struct edns_option** _edns_data_opt_list_get(struct edns_data* edns) { + return &edns->opt_list; + } +%} +%extend edns_data { + %pythoncode %{ + def _opt_list_iter(self): return EdnsOptsListIter(self.opt_list) + __swig_getmethods__["opt_list_iter"] = _opt_list_iter + if _newclass:opt_list_iter = _swig_property(_opt_list_iter) + def _opt_list(self): return _edns_data_opt_list_get(self) + __swig_getmethods__["opt_list"] = _opt_list + if _newclass:opt_list = _swig_property(_opt_list) + %} +} + +/* ************************************************************************************ * + Structure module_env + * ************************************************************************************ */ +struct module_env { + struct config_file* cfg; + struct slabhash* msg_cache; + struct rrset_cache* rrset_cache; + struct infra_cache* infra_cache; + struct key_cache* key_cache; + + /* --- services --- */ + struct outbound_entry* (*send_query)(struct query_info* qinfo, + uint16_t flags, int dnssec, int want_dnssec, int nocaps, + struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* zone, size_t zonelen, int ssl_upstream, + struct module_qstate* q); + void (*detach_subs)(struct module_qstate* qstate); + int (*attach_sub)(struct module_qstate* qstate, + struct query_info* qinfo, uint16_t qflags, int prime, + int valrec, struct module_qstate** newq); + void (*kill_sub)(struct module_qstate* newq); + int (*detect_cycle)(struct module_qstate* qstate, + struct query_info* qinfo, uint16_t flags, int prime, + int valrec); + + struct regional* scratch; + struct sldns_buffer* scratch_buffer; + struct worker* worker; + struct mesh_area* mesh; + struct alloc_cache* alloc; + struct ub_randstate* rnd; + time_t* now; + struct timeval* now_tv; + int need_to_validate; + struct val_anchors* anchors; + struct val_neg_cache* neg_cache; + struct comm_timer* probe_timer; + struct iter_forwards* fwds; + struct iter_hints* hints; + void* modinfo[MAX_MODULE]; + + void* inplace_cb_lists[inplace_cb_types_total]; + struct edns_known_option* edns_known_options; + size_t edns_known_options_num; +}; + + +/* ************************************************************************************ * Structure module_qstate * ************************************************************************************ */ %ignore module_qstate::ext_state; %ignore module_qstate::minfo; +/* These are ignored because we will pass a double pointer of them to Python + * with custom getmethods. This is done to bypass Swig's behavior to pass NULL + * pointers as None. */ +%ignore module_qstate::edns_opts_front_in; +%ignore module_qstate::edns_opts_back_out; +%ignore module_qstate::edns_opts_back_in; +%ignore module_qstate::edns_opts_front_out; + /* Query state */ struct module_qstate { struct query_info qinfo; - uint16_t query_flags; //See QF_BIT_xx constants - int is_priming; + uint16_t query_flags; /* See QF_BIT_xx constants */ + int is_priming; + int is_valrec; struct comm_reply* reply; struct dns_msg* return_msg; - int return_rcode; + int return_rcode; struct regional* region; /* unwrapped */ - int curmod; + int curmod; - enum module_ext_state ext_state[MAX_MODULE]; - void* minfo[MAX_MODULE]; + enum module_ext_state ext_state[MAX_MODULE]; + void* minfo[MAX_MODULE]; + time_t prefetch_leeway; struct module_env* env; /* unwrapped */ struct mesh_state* mesh_info; + + struct edns_option* edns_opts_front_in; + struct edns_option* edns_opts_back_out; + struct edns_option* edns_opts_back_in; + struct edns_option* edns_opts_front_out; + int no_cache_lookup; + int no_cache_store; }; %constant int MODULE_COUNT = MAX_MODULE; @@ -540,6 +685,25 @@ def __getitem__(self, index): return _unboundmodule._ext_state_get(self.obj, index) def __setitem__(self, index, value): _unboundmodule._ext_state_set(self.obj, index, value) def __len__(self): return _unboundmodule.MODULE_COUNT + + class EdnsOptsListIter: + def __init__(self, obj): + self._current = obj + self._temp = None + def __iter__(self): return self + def __next__(self): + """Python 3 compatibility""" + return self._get_next() + def next(self): + """Python 2 compatibility""" + return self._get_next() + def _get_next(self): + if not edns_opt_list_is_empty(self._current): + self._temp = self._current + self._current = _p_p_edns_option_get_next(self._current) + return _dereference_edns_option(self._temp) + else: + raise StopIteration %} %inline %{ @@ -549,12 +713,42 @@ } return 0; } - + void _ext_state_set(struct module_qstate* q, int idx, enum module_ext_state state) { if ((q != NULL) && (idx >= 0) && (idx < MAX_MODULE)) { q->ext_state[idx] = state; } } + + int edns_opt_list_is_empty(struct edns_option** opt) { + if (!opt || !(*opt)) return 1; + return 0; + } + + struct edns_option* _dereference_edns_option(struct edns_option** opt) { + if (!opt) return NULL; + return *opt; + } + + struct edns_option** _p_p_edns_option_get_next(struct edns_option** opt) { + return &(*opt)->next; + } + + struct edns_option** _edns_opts_front_in_get(struct module_qstate* q) { + return &q->edns_opts_front_in; + } + + struct edns_option** _edns_opts_back_out_get(struct module_qstate* q) { + return &q->edns_opts_back_out; + } + + struct edns_option** _edns_opts_back_in_get(struct module_qstate* q) { + return &q->edns_opts_back_in; + } + + struct edns_option** _edns_opts_front_out_get(struct module_qstate* q) { + return &q->edns_opts_front_out; + } %} %extend module_qstate { @@ -566,6 +760,32 @@ def __ext_state_get(self): return ExtState(self) __swig_getmethods__["ext_state"] = __ext_state_get if _newclass:ext_state = _swig_property(__ext_state_get)#, __ext_state_set) + + def _edns_opts_front_in_iter(self): return EdnsOptsListIter(self.edns_opts_front_in) + __swig_getmethods__["edns_opts_front_in_iter"] = _edns_opts_front_in_iter + if _newclass:edns_opts_front_in_iter = _swig_property(_edns_opts_front_in_iter) + def _edns_opts_back_out_iter(self): return EdnsOptsListIter(self.edns_opts_back_out) + __swig_getmethods__["edns_opts_back_out_iter"] = _edns_opts_back_out_iter + if _newclass:edns_opts_back_out_iter = _swig_property(_edns_opts_back_out_iter) + def _edns_opts_back_in_iter(self): return EdnsOptsListIter(self.edns_opts_back_in) + __swig_getmethods__["edns_opts_back_in_iter"] = _edns_opts_back_in_iter + if _newclass:edns_opts_back_in_iter = _swig_property(_edns_opts_back_in_iter) + def _edns_opts_front_out_iter(self): return EdnsOptsListIter(self.edns_opts_front_out) + __swig_getmethods__["edns_opts_front_out_iter"] = _edns_opts_front_out_iter + if _newclass:edns_opts_front_out_iter = _swig_property(_edns_opts_front_out_iter) + + def _edns_opts_front_in(self): return _edns_opts_front_in_get(self) + __swig_getmethods__["edns_opts_front_in"] = _edns_opts_front_in + if _newclass:edns_opts_front_in = _swig_property(_edns_opts_front_in) + def _edns_opts_back_out(self): return _edns_opts_back_out_get(self) + __swig_getmethods__["edns_opts_back_out"] = _edns_opts_back_out + if _newclass:edns_opts_back_out = _swig_property(_edns_opts_back_out) + def _edns_opts_back_in(self): return _edns_opts_back_in_get(self) + __swig_getmethods__["edns_opts_back_in"] = _edns_opts_back_in + if _newclass:edns_opts_back_in = _swig_property(_edns_opts_back_in) + def _edns_opts_front_out(self): return _edns_opts_front_out_get(self) + __swig_getmethods__["edns_opts_front_out"] = _edns_opts_front_out + if _newclass:edns_opts_front_out = _swig_property(_edns_opts_front_out) %} } @@ -1037,8 +1257,9 @@ /* ************************************************************************************ * Functions * ************************************************************************************ */ - -// Various debuging functions +/****************************** + * Various debuging functions * + ******************************/ void verbose(enum verbosity_value level, const char* format, ...); void log_info(const char* format, ...); void log_err(const char* format, ...); @@ -1048,24 +1269,166 @@ void log_query_info(enum verbosity_value v, const char* str, struct query_info* qinf); void regional_log_stats(struct regional *r); -// Free allocated memory from marked sources returning corresponding types +/*************************************************************************** + * Free allocated memory from marked sources returning corresponding types * + ***************************************************************************/ %typemap(newfree, noblock = 1) char * { free($1); } -// Mark as source returning newly allocated memory +/*************************************************** + * Mark as source returning newly allocated memory * + ***************************************************/ %newobject sldns_wire2str_type; %newobject sldns_wire2str_class; -// LDNS functions +/****************** + * LDNS functions * + ******************/ char *sldns_wire2str_type(const uint16_t atype); char *sldns_wire2str_class(const uint16_t aclass); -// Functions from pythonmod_utils +/********************************** + * Functions from pythonmod_utils * + **********************************/ int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo, struct reply_info* msgrep, int is_referral); void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qinfo); -// Module conversion functions +/******************************* + * Module conversion functions * + *******************************/ const char* strextstate(enum module_ext_state s); const char* strmodulevent(enum module_ev e); +/************************** + * Edns related functions * + **************************/ +struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code); +int edns_register_option(uint16_t opt_code, int bypass_cache_stage, + int no_aggregation, struct module_env* env); + +%pythoncode %{ + def register_edns_option(env, code, bypass_cache_stage=False, + no_aggregation=False): + """Wrapper function to provide keyword attributes.""" + return edns_register_option(code, bypass_cache_stage, + no_aggregation, env) +%} + +/****************************** + * Callback related functions * + ******************************/ +/* typemap to check if argument is callable */ +%typemap(in) PyObject *py_cb { + if (!PyCallable_Check($input)) { + SWIG_exception_fail(SWIG_TypeError, "Need a callable object!"); + return NULL; + } + $1 = $input; +} +/* typemap to get content/size from a bytearray */ +%typemap(in) (size_t len, uint8_t* py_bytearray_data) { + if (!PyByteArray_CheckExact($input)) { + SWIG_exception_fail(SWIG_TypeError, "Expected bytearray!"); + return NULL; + } + $2 = PyByteArray_AsString($input); + $1 = PyByteArray_Size($input); +} + +int edns_opt_list_remove(struct edns_option** list, uint16_t code); +int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, + uint8_t* py_bytearray_data, struct regional* region); + +%{ + /* This function is called by unbound in order to call the python + * callback function. */ + int python_inplace_cb_reply_generic(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct regional* region, void* python_callback) + { + PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; + PyObject *py_rep, *py_region; + PyObject *result; + int res = 0; + + func = (PyObject *) python_callback; + PyGILState_STATE gstate = PyGILState_Ensure(); + py_edns = SWIG_NewPointerObj((void*) edns, SWIGTYPE_p_edns_data, 0); + py_qstate = SWIG_NewPointerObj((void*) qstate, + SWIGTYPE_p_module_qstate, 0); + py_opt_list_out = SWIG_NewPointerObj((void*) opt_list_out, + SWIGTYPE_p_p_edns_option, 0); + py_qinfo = SWIG_NewPointerObj((void*) qinfo, SWIGTYPE_p_query_info, 0); + py_rep = SWIG_NewPointerObj((void*) rep, SWIGTYPE_p_reply_info, 0); + py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); + result = PyObject_CallFunction(func, "OOOiOOO", py_qinfo, py_qstate, + py_rep, rcode, py_edns, py_opt_list_out, py_region); + Py_XDECREF(py_edns); + Py_XDECREF(py_qstate); + Py_XDECREF(py_opt_list_out); + Py_XDECREF(py_qinfo); + Py_XDECREF(py_rep); + Py_XDECREF(py_region); + if (result) { + res = PyInt_AsLong(result); + } + Py_XDECREF(result); + PyGILState_Release(gstate); + return res; + } + + /* Swig implementations for Python */ + static int register_inplace_cb_reply(PyObject* py_cb, + struct module_env* env) + { + int ret = inplace_cb_reply_register( + python_inplace_cb_reply_generic, (void*) py_cb, env); + if (ret) Py_INCREF(py_cb); + return ret; + } + static int register_inplace_cb_reply_cache(PyObject* py_cb, + struct module_env* env) + { + int ret = inplace_cb_reply_cache_register( + python_inplace_cb_reply_generic, (void*) py_cb, env); + if (ret) Py_INCREF(py_cb); + return ret; + } + static int register_inplace_cb_reply_local(PyObject* py_cb, + struct module_env* env) + { + int ret = inplace_cb_reply_local_register( + python_inplace_cb_reply_generic, (void*) py_cb, env); + if (ret) Py_INCREF(py_cb); + return ret; + } + static int register_inplace_cb_reply_servfail(PyObject* py_cb, + struct module_env* env) + { + int ret = inplace_cb_reply_servfail_register( + python_inplace_cb_reply_generic, (void*) py_cb, env); + if (ret) Py_INCREF(py_cb); + return ret; + } +%} +/* C declarations */ +int inplace_cb_reply_register( + inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); +int inplace_cb_reply_cache_register( + inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); +int inplace_cb_reply_local_register( + inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); +int inplace_cb_reply_servfail_register( + inplace_cb_reply_func_t* cb, void* cb_arg, struct module_env* env); + +/* Swig declarations */ +static int register_inplace_cb_reply(PyObject* py_cb, + struct module_env* env); +static int register_inplace_cb_reply_cache(PyObject* py_cb, + struct module_env* env); +static int register_inplace_cb_reply_local(PyObject* py_cb, + struct module_env* env); +static int register_inplace_cb_reply_servfail(PyObject* py_cb, + struct module_env* env); diff -Nru unbound-1.5.8/pythonmod/pythonmod.c unbound-1.6.0/pythonmod/pythonmod.c --- unbound-1.5.8/pythonmod/pythonmod.c 2015-04-16 14:41:14.000000000 +0000 +++ unbound-1.6.0/pythonmod/pythonmod.c 2016-12-06 13:42:51.000000000 +0000 @@ -112,8 +112,10 @@ { /* Initialize module */ FILE* script_py = NULL; - PyObject* py_cfg, *res; + PyObject* py_init_arg, *res; PyGILState_STATE gil; + int init_standard = 1; + struct pythonmod_env* pe = (struct pythonmod_env*)calloc(1, sizeof(struct pythonmod_env)); if (!pe) { @@ -141,6 +143,9 @@ #endif Py_SetProgramName(progname); Py_NoSiteFlag = 1; +#if PY_MAJOR_VERSION >= 3 + PyImport_AppendInittab(SWIG_name, (void*)SWIG_init); +#endif Py_Initialize(); PyEval_InitThreads(); SWIG_init(); @@ -153,10 +158,10 @@ PyRun_SimpleString("import sys \n"); PyRun_SimpleString("sys.path.append('.') \n"); if(env->cfg->directory && env->cfg->directory[0]) { - char wdir[1524]; - snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n", - env->cfg->directory); - PyRun_SimpleString(wdir); + char wdir[1524]; + snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n", + env->cfg->directory); + PyRun_SimpleString(wdir); } PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n"); PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n"); @@ -195,11 +200,15 @@ fclose(script_py); - if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) + if ((pe->func_init = PyDict_GetItemString(pe->dict, "init_standard")) == NULL) { - log_err("pythonmod: function init is missing in %s", pe->fname); - PyGILState_Release(gil); - return 0; + init_standard = 0; + if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) + { + log_err("pythonmod: function init is missing in %s", pe->fname); + PyGILState_Release(gil); + return 0; + } } if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) { @@ -220,16 +229,28 @@ return 0; } - py_cfg = SWIG_NewPointerObj((void*) env->cfg, SWIGTYPE_p_config_file, 0); - res = PyObject_CallFunction(pe->func_init, "iO", id, py_cfg); + if (init_standard) + { + py_init_arg = SWIG_NewPointerObj((void*) env, SWIGTYPE_p_module_env, 0); + } + else + { + py_init_arg = SWIG_NewPointerObj((void*) env->cfg, + SWIGTYPE_p_config_file, 0); + } + res = PyObject_CallFunction(pe->func_init, "iO", id, py_init_arg); if (PyErr_Occurred()) { log_err("pythonmod: Exception occurred in function init"); PyErr_Print(); + Py_XDECREF(res); + Py_XDECREF(py_init_arg); + PyGILState_Release(gil); + return 0; } Py_XDECREF(res); - Py_XDECREF(py_cfg); + Py_XDECREF(py_init_arg); PyGILState_Release(gil); return 1; diff -Nru unbound-1.5.8/pythonmod/pythonmod.h unbound-1.6.0/pythonmod/pythonmod.h --- unbound-1.5.8/pythonmod/pythonmod.h 2010-07-07 13:13:36.000000000 +0000 +++ unbound-1.6.0/pythonmod/pythonmod.h 2016-12-06 13:42:51.000000000 +0000 @@ -55,14 +55,22 @@ void pythonmod_deinit(struct module_env* env, int id); /** python module operate on a query */ -void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, int id, struct outbound_entry* outbound); +void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* outbound); /** python module */ -void pythonmod_inform_super(struct module_qstate* qstate, int id, struct module_qstate* super); +void pythonmod_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super); /** python module cleanup query state */ void pythonmod_clear(struct module_qstate* qstate, int id); /** python module alloc size routine */ size_t pythonmod_get_mem(struct module_env* env, int id); + +/** Declared here for fptr_wlist access. The definition is in interface.i. */ +int python_inplace_cb_reply_generic(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct regional* region, void* python_callback); #endif /* PYTHONMOD_H */ diff -Nru unbound-1.5.8/pythonmod/pythonmod_utils.c unbound-1.6.0/pythonmod/pythonmod_utils.c --- unbound-1.5.8/pythonmod/pythonmod_utils.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/pythonmod/pythonmod_utils.c 2016-05-31 15:08:05.000000000 +0000 @@ -129,7 +129,8 @@ return 0; } /* edns is not examined, but removed from message to help cache */ - if(parse_extract_edns(prs, &edns) != LDNS_RCODE_NOERROR) + if(parse_extract_edns(prs, &edns, qstate->env->scratch) != + LDNS_RCODE_NOERROR) return 0; /* remove CD-bit, we asked for in case we handle validation ourself */ diff -Nru unbound-1.5.8/pythonmod/test-edns.conf unbound-1.6.0/pythonmod/test-edns.conf --- unbound-1.5.8/pythonmod/test-edns.conf 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/pythonmod/test-edns.conf 2016-12-06 13:42:51.000000000 +0000 @@ -0,0 +1,17 @@ +# Example configuration file for edns.py +server: + verbosity: 1 + interface: 0.0.0.0 + do-daemonize: no + access-control: 0.0.0.0/0 allow + chroot: "" + username: "" + directory: "" + logfile: "" + pidfile: "unbound.pid" + module-config: "validator python iterator" + +# Python config section +python: + # Script file to load + python-script: "./examples/edns.py" diff -Nru unbound-1.5.8/pythonmod/test-inplace_callbacks.py unbound-1.6.0/pythonmod/test-inplace_callbacks.py --- unbound-1.5.8/pythonmod/test-inplace_callbacks.py 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/pythonmod/test-inplace_callbacks.py 2016-12-06 13:42:51.000000000 +0000 @@ -0,0 +1,17 @@ +# Example configuration file for edns.py +server: + verbosity: 1 + interface: 0.0.0.0 + do-daemonize: no + access-control: 0.0.0.0/0 allow + chroot: "" + username: "" + directory: "" + logfile: "" + pidfile: "unbound.pid" + module-config: "validator python iterator" + +# Python config section +python: + # Script file to load + python-script: "./examples/inplace_callbacks.py" diff -Nru unbound-1.5.8/services/cache/dns.c unbound-1.6.0/services/cache/dns.c --- unbound-1.5.8/services/cache/dns.c 2015-10-14 08:02:14.000000000 +0000 +++ unbound-1.6.0/services/cache/dns.c 2016-11-22 10:50:53.000000000 +0000 @@ -194,6 +194,7 @@ k.qname_len = qnamelen; k.qtype = qtype; k.qclass = qclass; + k.local_alias = NULL; h = query_info_hash(&k, flags); e = slabhash_lookup(env->msg_cache, h, &k, wr); @@ -361,6 +362,7 @@ msg->qinfo.qname_len = qnamelen; msg->qinfo.qtype = qtype; msg->qinfo.qclass = qclass; + msg->qinfo.local_alias = NULL; /* non-packed reply_info, because it needs to grow the array */ msg->rep = (struct reply_info*)regional_alloc_zero(region, sizeof(struct reply_info)-sizeof(struct rrset_ref)); @@ -716,6 +718,7 @@ k.qname_len = qnamelen; k.qtype = qtype; k.qclass = qclass; + k.local_alias = NULL; h = query_info_hash(&k, flags); e = slabhash_lookup(env->msg_cache, h, &k, 0); if(e) { @@ -795,6 +798,12 @@ dname_remove_label(&k.qname, &k.qname_len); h = query_info_hash(&k, flags); e = slabhash_lookup(env->msg_cache, h, &k, 0); + if(!e && k.qtype != LDNS_RR_TYPE_A && + env->cfg->qname_minimisation) { + k.qtype = LDNS_RR_TYPE_A; + h = query_info_hash(&k, flags); + e = slabhash_lookup(env->msg_cache, h, &k, 0); + } if(e) { struct reply_info* data = (struct reply_info*)e->data; struct dns_msg* msg; @@ -810,7 +819,8 @@ } lock_rw_unlock(&e->lock); } - } + k.qtype = qtype; + } /* fill common RR types for ANY response to avoid requery */ if(qtype == LDNS_RR_TYPE_ANY) { diff -Nru unbound-1.5.8/services/listen_dnsport.c unbound-1.6.0/services/listen_dnsport.c --- unbound-1.5.8/services/listen_dnsport.c 2016-02-17 08:02:32.000000000 +0000 +++ unbound-1.6.0/services/listen_dnsport.c 2016-09-13 11:38:16.000000000 +0000 @@ -43,6 +43,9 @@ # include #endif #include +#ifdef USE_TCP_FASTOPEN +#include +#endif #include "services/listen_dnsport.h" #include "services/outside_network.h" #include "util/netevent.h" @@ -96,10 +99,11 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t addrlen, int v6only, int* inuse, int* noproto, - int rcv, int snd, int listen, int* reuseport, int transparent) + int rcv, int snd, int listen, int* reuseport, int transparent, + int freebind) { int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) +#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) int on=1; #endif #ifdef IPV6_MTU @@ -117,6 +121,9 @@ #if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) (void)transparent; #endif +#if !defined(IP_FREEBIND) + (void)freebind; +#endif if((s = socket(family, socktype, 0)) == -1) { *inuse = 0; #ifndef USE_WINSOCK @@ -190,12 +197,21 @@ #elif defined(IP_BINDANY) if (transparent && setsockopt(s, (family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), - IP_BINDANY, (void*)&on, (socklen_t)sizeof(on)) < 0) { - log_warn("setsockopt(.. IP_BINDANY ..) failed: %s", - strerror(errno)); + (family == AF_INET6? IPV6_BINDANY:IP_BINDANY), + (void*)&on, (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", + (family==AF_INET6?"V6":""), strerror(errno)); } #endif /* IP_TRANSPARENT || IP_BINDANY */ } +#ifdef IP_FREEBIND + if(freebind && + setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", + strerror(errno)); + } +#endif /* IP_FREEBIND */ if(rcv) { #ifdef SO_RCVBUF int got; @@ -490,15 +506,21 @@ int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss) + int* reuseport, int transparent, int mss, int freebind) { int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) +#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) int on = 1; #endif -#ifndef IP_TRANSPARENT +#ifdef USE_TCP_FASTOPEN + int qlen; +#endif +#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) (void)transparent; #endif +#if !defined(IP_FREEBIND) + (void)freebind; +#endif verbose_print_addr(addr); *noproto = 0; if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) { @@ -553,6 +575,13 @@ return -1; } #endif /* SO_REUSEADDR */ +#ifdef IP_FREEBIND + if (freebind && setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", + strerror(errno)); + } +#endif /* IP_FREEBIND */ #ifdef SO_REUSEPORT /* try to set SO_REUSEPORT so that incoming * connections are distributed evenly among the receiving threads. @@ -599,7 +628,15 @@ log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", strerror(errno)); } -#endif /* IP_TRANSPARENT */ +#elif defined(IP_BINDANY) + if (transparent && + setsockopt(s, (addr->ai_family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), + (addr->ai_family == AF_INET6? IPV6_BINDANY:IP_BINDANY), + (void*)&on, (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", + (addr->ai_family==AF_INET6?"V6":""), strerror(errno)); + } +#endif /* IP_TRANSPARENT || IP_BINDANY */ if(bind(s, addr->ai_addr, addr->ai_addrlen) != 0) { #ifndef USE_WINSOCK /* detect freebsd jail with no ipv6 permission */ @@ -638,6 +675,22 @@ #endif return -1; } +#ifdef USE_TCP_FASTOPEN + /* qlen specifies how many outstanding TFO requests to allow. Limit is a defense + against IP spoofing attacks as suggested in RFC7413 */ +#ifdef __APPLE__ + /* OS X implementation only supports qlen of 1 via this call. Actual + value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */ + qlen = 1; +#else + /* 5 is recommended on linux */ + qlen = 5; +#endif + if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, + sizeof(qlen))) == -1 ) { + log_err("Setting TCP Fast Open as server failed: %s", strerror(errno)); + } +#endif return s; } @@ -651,7 +704,7 @@ verbose(VERB_ALGO, "creating unix socket %s", path); #ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN /* this member exists on BSDs, not Linux */ - usock.sun_len = (socklen_t)sizeof(usock); + usock.sun_len = (unsigned)sizeof(usock); #endif usock.sun_family = AF_LOCAL; /* length is 92-108, 104 on FreeBSD */ @@ -704,7 +757,7 @@ static int make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss) + int* reuseport, int transparent, int tcp_mss, int freebind) { struct addrinfo *res = NULL; int r, s, inuse, noproto; @@ -732,7 +785,7 @@ s = create_udp_sock(res->ai_family, res->ai_socktype, (struct sockaddr*)res->ai_addr, res->ai_addrlen, v6only, &inuse, &noproto, (int)rcv, (int)snd, 1, - reuseport, transparent); + reuseport, transparent, freebind); if(s == -1 && inuse) { log_err("bind: address already in use"); } else if(s == -1 && noproto && hints->ai_family == AF_INET6){ @@ -740,7 +793,7 @@ } } else { s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, - transparent, tcp_mss); + transparent, tcp_mss, freebind); if(s == -1 && noproto && hints->ai_family == AF_INET6){ *noip6 = 1; } @@ -753,7 +806,7 @@ static int make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss) + int* reuseport, int transparent, int tcp_mss, int freebind) { char* s = strchr(ifname, '@'); if(s) { @@ -775,10 +828,10 @@ (void)strlcpy(p, s+1, sizeof(p)); p[strlen(s+1)]=0; return make_sock(stype, newif, p, hints, v6only, noip6, - rcv, snd, reuseport, transparent, tcp_mss); + rcv, snd, reuseport, transparent, tcp_mss, freebind); } return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, - reuseport, transparent, tcp_mss); + reuseport, transparent, tcp_mss, freebind); } /** @@ -874,13 +927,14 @@ * set to false on exit if reuseport failed due to no kernel support. * @param transparent: set IP_TRANSPARENT socket option. * @param tcp_mss: maximum segment size of tcp socket. default if zero. + * @param freebind: set IP_FREEBIND socket option. * @return: returns false on error. */ static int ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, struct addrinfo *hints, const char* port, struct listen_port** list, size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent, - int tcp_mss) + int tcp_mss, int freebind) { int s, noip6=0; if(!do_udp && !do_tcp) @@ -888,7 +942,7 @@ if(do_auto) { if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss)) == -1) { + tcp_mss, freebind)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -916,7 +970,7 @@ /* regular udp socket */ if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss)) == -1) { + tcp_mss, freebind)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -937,7 +991,8 @@ atoi(strchr(ifname, '@')+1) == ssl_port) || (!strchr(ifname, '@') && atoi(port) == ssl_port)); if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, - &noip6, 0, 0, reuseport, transparent, tcp_mss)) == -1) { + &noip6, 0, 0, reuseport, transparent, tcp_mss, + freebind)) == -1) { if(noip6) { /*log_warn("IPv6 protocol not available");*/ return 1; @@ -1095,7 +1150,7 @@ cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss)) { + cfg->tcp_mss, cfg->ip_freebind)) { listening_ports_free(list); return NULL; } @@ -1108,7 +1163,7 @@ cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss)) { + cfg->tcp_mss, cfg->ip_freebind)) { listening_ports_free(list); return NULL; } @@ -1123,7 +1178,7 @@ cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss)) { + cfg->tcp_mss, cfg->ip_freebind)) { listening_ports_free(list); return NULL; } @@ -1136,7 +1191,7 @@ cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss)) { + cfg->tcp_mss, cfg->ip_freebind)) { listening_ports_free(list); return NULL; } diff -Nru unbound-1.5.8/services/listen_dnsport.h unbound-1.6.0/services/listen_dnsport.h --- unbound-1.5.8/services/listen_dnsport.h 2016-01-05 10:03:59.000000000 +0000 +++ unbound-1.6.0/services/listen_dnsport.h 2016-03-15 09:35:48.000000000 +0000 @@ -190,11 +190,12 @@ * @param reuseport: if nonNULL and true, try to set SO_REUSEPORT on * listening UDP port. Set to false on return if it failed to do so. * @param transparent: set IP_TRANSPARENT socket option. + * @param freebind: set IP_FREEBIND socket option. * @return: the socket. -1 on error. */ int create_udp_sock(int family, int socktype, struct sockaddr* addr, socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv, - int snd, int listen, int* reuseport, int transparent); + int snd, int listen, int* reuseport, int transparent, int freebind); /** * Create and bind TCP listening socket @@ -205,10 +206,11 @@ * listening UDP port. Set to false on return if it failed to do so. * @param transparent: set IP_TRANSPARENT socket option. * @param mss: maximum segment size of the socket. if zero, leaves the default. + * @param freebind: set IP_FREEBIND socket option. * @return: the socket. -1 on error. */ int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss); + int* reuseport, int transparent, int mss, int freebind); /** * Create and bind local listening socket diff -Nru unbound-1.5.8/services/localzone.c unbound-1.6.0/services/localzone.c --- unbound-1.5.8/services/localzone.c 2016-02-09 13:25:59.000000000 +0000 +++ unbound-1.6.0/services/localzone.c 2016-12-06 13:42:51.000000000 +0000 @@ -52,6 +52,11 @@ #include "util/data/msgreply.h" #include "util/data/msgparse.h" #include "util/as112.h" +#include "util/config_file.h" + +/* maximum RRs in an RRset, to cap possible 'endless' list RRs. + * with 16 bytes for an A record, a 64K packet has about 4000 max */ +#define LOCALZONE_RRSET_COUNT_MAX 4096 struct local_zones* local_zones_create(void) @@ -94,6 +99,7 @@ lock_rw_destroy(&z->lock); regional_destroy(z->region); free(z->name); + free(z->taglist); free(z); } @@ -153,7 +159,7 @@ z->namelen = len; z->namelabs = labs; lock_rw_init(&z->lock); - z->region = regional_create(); + z->region = regional_create_custom(sizeof(struct regional)); if(!z->region) { free(z); return NULL; @@ -171,6 +177,7 @@ { struct local_zone* z = local_zone_create(nm, len, labs, t, c); if(!z) { + free(nm); log_err("out of memory"); return NULL; } @@ -179,11 +186,18 @@ lock_rw_wrlock(&zones->lock); lock_rw_wrlock(&z->lock); if(!rbtree_insert(&zones->ztree, &z->node)) { + struct local_zone* oldz; log_warn("duplicate local-zone"); lock_rw_unlock(&z->lock); - local_zone_delete(z); + /* save zone name locally before deallocation, + * otherwise, nm is gone if we zone_delete now. */ + oldz = z; + /* find the correct zone, so not an error for duplicate */ + z = local_zones_find(zones, nm, len, labs, c); + lock_rw_wrlock(&z->lock); lock_rw_unlock(&zones->lock); - return NULL; + local_zone_delete(oldz); + return z; } lock_rw_unlock(&zones->lock); return z; @@ -270,16 +284,20 @@ * Find an rrset in local data structure. * @param data: local data domain name structure. * @param type: type to look for (host order). + * @param alias_ok: 1 if matching a non-exact, alias type such as CNAME is + * allowed. otherwise 0. * @return rrset pointer or NULL if not found. */ static struct local_rrset* -local_data_find_type(struct local_data* data, uint16_t type) +local_data_find_type(struct local_data* data, uint16_t type, int alias_ok) { struct local_rrset* p; type = htons(type); for(p = data->rrsets; p; p = p->next) { if(p->rrset->rk.type == type) return p; + if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) + return p; } return NULL; } @@ -337,13 +355,18 @@ /** insert RR into RRset data structure; Wastes a couple of bytes */ static int insert_rr(struct regional* region, struct packed_rrset_data* pd, - uint8_t* rdata, size_t rdata_len, time_t ttl) + uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) { size_t* oldlen = pd->rr_len; time_t* oldttl = pd->rr_ttl; uint8_t** olddata = pd->rr_data; /* add RR to rrset */ + if(pd->count > LOCALZONE_RRSET_COUNT_MAX) { + log_warn("RRset '%s' has more than %d records, record ignored", + rrstr, LOCALZONE_RRSET_COUNT_MAX); + return 1; + } pd->count++; pd->rr_len = regional_alloc(region, sizeof(*pd->rr_len)*pd->count); pd->rr_ttl = regional_alloc(region, sizeof(*pd->rr_ttl)*pd->count); @@ -454,7 +477,23 @@ log_assert(node); free(nm); - rrset = local_data_find_type(node, rrtype); + /* Reject it if we would end up having CNAME and other data (including + * another CNAME) for a redirect zone. */ + if(z->type == local_zone_redirect && node->rrsets) { + const char* othertype = NULL; + if (rrtype == LDNS_RR_TYPE_CNAME) + othertype = "other"; + else if (node->rrsets->rrset->rk.type == + htons(LDNS_RR_TYPE_CNAME)) { + othertype = "CNAME"; + } + if(othertype) { + log_err("local-data '%s' in redirect zone must not " + "coexist with %s local-data", rrstr, othertype); + return 0; + } + } + rrset = local_data_find_type(node, rrtype, 0); if(!rrset) { rrset = new_local_rrset(z->region, node, rrtype, rrclass); if(!rrset) @@ -474,7 +513,7 @@ verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr); return 1; } - return insert_rr(z->region, pd, rdata, rdata_len, ttl); + return insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr); } /** enter a data RR into auth data; a zone for it must exist */ @@ -506,6 +545,123 @@ return r; } +/** enter tagstring into zone */ +static int +lz_enter_zone_tag(struct local_zones* zones, char* zname, uint8_t* list, + size_t len, uint16_t rr_class) +{ + uint8_t dname[LDNS_MAX_DOMAINLEN+1]; + size_t dname_len = sizeof(dname); + int dname_labs, r = 0; + struct local_zone* z; + + if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) { + log_err("cannot parse zone name in local-zone-tag: %s", zname); + return 0; + } + dname_labs = dname_count_labels(dname); + + lock_rw_rdlock(&zones->lock); + z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class); + if(!z) { + lock_rw_unlock(&zones->lock); + log_err("no local-zone for tag %s", zname); + return 0; + } + lock_rw_wrlock(&z->lock); + lock_rw_unlock(&zones->lock); + free(z->taglist); + z->taglist = memdup(list, len); + z->taglen = len; + if(z->taglist) + r = 1; + lock_rw_unlock(&z->lock); + return r; +} + +/** enter override into zone */ +static int +lz_enter_override(struct local_zones* zones, char* zname, char* netblock, + char* type, uint16_t rr_class) +{ + uint8_t dname[LDNS_MAX_DOMAINLEN+1]; + size_t dname_len = sizeof(dname); + int dname_labs; + struct sockaddr_storage addr; + int net; + socklen_t addrlen; + struct local_zone* z; + enum localzone_type t; + + /* parse zone name */ + if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) { + log_err("cannot parse zone name in local-zone-override: %s %s", + zname, netblock); + return 0; + } + dname_labs = dname_count_labels(dname); + + /* parse netblock */ + if(!netblockstrtoaddr(netblock, UNBOUND_DNS_PORT, &addr, &addrlen, + &net)) { + log_err("cannot parse netblock in local-zone-override: %s %s", + zname, netblock); + return 0; + } + + /* parse zone type */ + if(!local_zone_str2type(type, &t)) { + log_err("cannot parse type in local-zone-override: %s %s %s", + zname, netblock, type); + return 0; + } + + /* find localzone entry */ + lock_rw_rdlock(&zones->lock); + z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class); + if(!z) { + lock_rw_unlock(&zones->lock); + log_err("no local-zone for local-zone-override %s", zname); + return 0; + } + lock_rw_wrlock(&z->lock); + lock_rw_unlock(&zones->lock); + + /* create netblock addr_tree if not present yet */ + if(!z->override_tree) { + z->override_tree = (struct rbtree_t*)regional_alloc_zero( + z->region, sizeof(*z->override_tree)); + if(!z->override_tree) { + lock_rw_unlock(&z->lock); + log_err("out of memory"); + return 0; + } + addr_tree_init(z->override_tree); + } + /* add new elem to tree */ + if(z->override_tree) { + struct local_zone_override* n; + n = (struct local_zone_override*)regional_alloc_zero( + z->region, sizeof(*n)); + if(!n) { + lock_rw_unlock(&z->lock); + log_err("out of memory"); + return 0; + } + n->type = t; + if(!addr_tree_insert(z->override_tree, + (struct addr_tree_node*)n, &addr, addrlen, net)) { + lock_rw_unlock(&z->lock); + log_err("duplicate local-zone-override %s %s", + zname, netblock); + return 1; + } + } + + lock_rw_unlock(&z->lock); + return 1; +} + /** parse local-zone: statements */ static int lz_enter_zones(struct local_zones* zones, struct config_file* cfg) @@ -684,6 +840,19 @@ return 1; } +/** parse local-zone-override: statements */ +static int +lz_enter_overrides(struct local_zones* zones, struct config_file* cfg) +{ + struct config_str3list* p; + for(p = cfg->local_zone_overrides; p; p = p->next) { + if(!lz_enter_override(zones, p->str, p->str2, p->str3, + LDNS_RR_CLASS_IN)) + return 0; + } + return 1; +} + /** setup parent pointers, so that a lookup can be done for closest match */ static void init_parents(struct local_zones* zones) @@ -713,6 +882,9 @@ break; } prev = node; + + if(node->override_tree) + addr_tree_init_parents(node->override_tree); lock_rw_unlock(&node->lock); } lock_rw_unlock(&zones->lock); @@ -800,6 +972,22 @@ return 1; } +/** enter local-zone-tag info */ +static int +lz_enter_zone_tags(struct local_zones* zones, struct config_file* cfg) +{ + struct config_strbytelist* p; + int c = 0; + for(p = cfg->local_zone_tags; p; p = p->next) { + if(!lz_enter_zone_tag(zones, p->str, p->str2, p->str2len, + LDNS_RR_CLASS_IN)) + return 0; + c++; + } + if(c) verbose(VERB_ALGO, "applied tags to %d local zones", c); + return 1; +} + /** enter auth data */ static int lz_enter_data(struct local_zones* zones, struct config_file* cfg) @@ -835,6 +1023,10 @@ if(!lz_enter_defaults(zones, cfg)) { return 0; } + /* enter local zone overrides */ + if(!lz_enter_overrides(zones, cfg)) { + return 0; + } /* create implicit transparent zone from data. */ if(!lz_setup_implicit(zones, cfg)) { return 0; @@ -842,6 +1034,10 @@ /* setup parent ptrs for lookup during data entry */ init_parents(zones); + /* insert local zone tags */ + if(!lz_enter_zone_tags(zones, cfg)) { + return 0; + } /* insert local data */ if(!lz_enter_data(zones, cfg)) { return 0; @@ -855,33 +1051,41 @@ local_zones_lookup(struct local_zones* zones, uint8_t* name, size_t len, int labs, uint16_t dclass) { + return local_zones_tags_lookup(zones, name, len, labs, + dclass, NULL, 0, 1); +} + +struct local_zone* +local_zones_tags_lookup(struct local_zones* zones, + uint8_t* name, size_t len, int labs, uint16_t dclass, + uint8_t* taglist, size_t taglen, int ignoretags) +{ rbnode_t* res = NULL; struct local_zone *result; struct local_zone key; + int m; key.node.key = &key; key.dclass = dclass; key.name = name; key.namelen = len; key.namelabs = labs; - if(rbtree_find_less_equal(&zones->ztree, &key, &res)) { - /* exact */ - return (struct local_zone*)res; - } else { - /* smaller element (or no element) */ - int m; - result = (struct local_zone*)res; - if(!result || result->dclass != dclass) - return NULL; - /* count number of labels matched */ - (void)dname_lab_cmp(result->name, result->namelabs, key.name, - key.namelabs, &m); - while(result) { /* go up until qname is subdomain of zone */ - if(result->namelabs <= m) - break; - result = result->parent; - } - return result; + rbtree_find_less_equal(&zones->ztree, &key, &res); + result = (struct local_zone*)res; + /* exact or smaller element (or no element) */ + if(!result || result->dclass != dclass) + return NULL; + /* count number of labels matched */ + (void)dname_lab_cmp(result->name, result->namelabs, key.name, + key.namelabs, &m); + while(result) { /* go up until qname is zone or subdomain of zone */ + if(result->namelabs <= m) + if(ignoretags || !result->taglist || + taglist_intersect(result->taglist, + result->taglen, taglist, taglen)) + break; + result = result->parent; } + return result; } struct local_zone* @@ -953,6 +1157,18 @@ log_nametypeclass(0, "inform_deny zone", z->name, 0, z->dclass); break; + case local_zone_always_transparent: + log_nametypeclass(0, "always_transparent zone", + z->name, 0, z->dclass); + break; + case local_zone_always_refuse: + log_nametypeclass(0, "always_refuse zone", + z->name, 0, z->dclass); + break; + case local_zone_always_nxdomain: + log_nametypeclass(0, "always_nxdomain zone", + z->name, 0, z->dclass); + break; default: log_nametypeclass(0, "badtyped zone", z->name, 0, z->dclass); @@ -966,8 +1182,8 @@ /** encode answer consisting of 1 rrset */ static int -local_encode(struct query_info* qinfo, struct edns_data* edns, - sldns_buffer* buf, struct regional* temp, +local_encode(struct query_info* qinfo, struct module_env* env, + struct edns_data* edns, sldns_buffer* buf, struct regional* temp, struct ub_packed_rrset_key* rrset, int ansec, int rcode) { struct reply_info rep; @@ -986,22 +1202,127 @@ edns->udp_size = EDNS_ADVERTISED_SIZE; edns->ext_rcode = 0; edns->bits &= EDNS_DO; - if(!reply_info_answer_encode(qinfo, &rep, + if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, temp) + || !reply_info_answer_encode(qinfo, &rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), - buf, 0, 0, temp, udpsize, edns, + buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), - sldns_buffer_read_u16_at(buf, 2), edns); + sldns_buffer_read_u16_at(buf, 2), edns); return 1; } +/** find local data tag string match for the given type in the list */ +static int +find_tag_datas(struct query_info* qinfo, struct config_strlist* list, + struct ub_packed_rrset_key* r, struct regional* temp) +{ + struct config_strlist* p; + char buf[65536]; + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t len; + int res; + struct packed_rrset_data* d; + for(p=list; p; p=p->next) { + uint16_t rdr_type; + + len = sizeof(rr); + /* does this element match the type? */ + snprintf(buf, sizeof(buf), ". %s", p->str); + res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, + NULL, 0, NULL, 0); + if(res != 0) + /* parse errors are already checked before, in + * acllist check_data, skip this for robustness */ + continue; + if(len < 1 /* . */ + 8 /* typeclassttl*/ + 2 /*rdatalen*/) + continue; + rdr_type = sldns_wirerr_get_type(rr, len, 1); + if(rdr_type != qinfo->qtype && rdr_type != LDNS_RR_TYPE_CNAME) + continue; + + /* do we have entries already? if not setup key */ + if(r->rk.dname == NULL) { + r->entry.key = r; + r->rk.dname = qinfo->qname; + r->rk.dname_len = qinfo->qname_len; + r->rk.type = htons(rdr_type); + r->rk.rrset_class = htons(qinfo->qclass); + r->rk.flags = 0; + d = (struct packed_rrset_data*)regional_alloc_zero( + temp, sizeof(struct packed_rrset_data) + + sizeof(size_t) + sizeof(uint8_t*) + + sizeof(time_t)); + if(!d) return 0; /* out of memory */ + r->entry.data = d; + d->ttl = sldns_wirerr_get_ttl(rr, len, 1); + d->rr_len = (size_t*)((uint8_t*)d + + sizeof(struct packed_rrset_data)); + d->rr_data = (uint8_t**)&(d->rr_len[1]); + d->rr_ttl = (time_t*)&(d->rr_data[1]); + } + d = (struct packed_rrset_data*)r->entry.data; + /* add entry to the data */ + if(d->count != 0) { + size_t* oldlen = d->rr_len; + uint8_t** olddata = d->rr_data; + time_t* oldttl = d->rr_ttl; + /* increase arrays for lookup */ + /* this is of course slow for very many records, + * but most redirects are expected with few records */ + d->rr_len = (size_t*)regional_alloc_zero(temp, + (d->count+1)*sizeof(size_t)); + d->rr_data = (uint8_t**)regional_alloc_zero(temp, + (d->count+1)*sizeof(uint8_t*)); + d->rr_ttl = (time_t*)regional_alloc_zero(temp, + (d->count+1)*sizeof(time_t)); + if(!d->rr_len || !d->rr_data || !d->rr_ttl) + return 0; /* out of memory */ + /* first one was allocated after struct d, but new + * ones get their own array increment alloc, so + * copy old content */ + memmove(d->rr_len, oldlen, d->count*sizeof(size_t)); + memmove(d->rr_data, olddata, d->count*sizeof(uint8_t*)); + memmove(d->rr_ttl, oldttl, d->count*sizeof(time_t)); + } + + d->rr_len[d->count] = sldns_wirerr_get_rdatalen(rr, len, 1)+2; + d->rr_ttl[d->count] = sldns_wirerr_get_ttl(rr, len, 1); + d->rr_data[d->count] = regional_alloc_init(temp, + sldns_wirerr_get_rdatawl(rr, len, 1), + d->rr_len[d->count]); + if(!d->rr_data[d->count]) + if(!d) return 0; /* out of memory */ + d->count++; + } + /* If we've found a non-exact alias type of local data, make a shallow + * copy of the RRset and remember it in qinfo to complete the alias + * chain later. */ + if(r->rk.dname && qinfo->qtype != LDNS_RR_TYPE_CNAME && + r->rk.type == htons(LDNS_RR_TYPE_CNAME)) { + qinfo->local_alias = + regional_alloc_zero(temp, sizeof(struct local_rrset)); + if(!qinfo->local_alias) + return 0; /* out of memory */ + qinfo->local_alias->rrset = + regional_alloc_init(temp, r, sizeof(*r)); + if(!qinfo->local_alias->rrset) + return 0; /* out of memory */ + } + if(r->rk.dname) + return 1; + return 0; +} + /** answer local data match */ static int -local_data_answer(struct local_zone* z, struct query_info* qinfo, - struct edns_data* edns, sldns_buffer* buf, struct regional* temp, - int labs, struct local_data** ldp) +local_data_answer(struct local_zone* z, struct module_env* env, + struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, + struct regional* temp, int labs, struct local_data** ldp, + enum localzone_type lz_type, int tag, struct config_strlist** tag_datas, + size_t tag_datas_size, char** tagname, int num_tags) { struct local_data key; struct local_data* ld; @@ -1010,58 +1331,96 @@ key.name = qinfo->qname; key.namelen = qinfo->qname_len; key.namelabs = labs; - if(z->type == local_zone_redirect) { + if(lz_type == local_zone_redirect) { key.name = z->name; key.namelen = z->namelen; key.namelabs = z->namelabs; + if(tag != -1 && (size_t)taglocal_alias) + return 1; + return local_encode(qinfo, env, edns, buf, temp, + &r, 1, LDNS_RCODE_NOERROR); + } + } } ld = (struct local_data*)rbtree_search(&z->data, &key.node); *ldp = ld; if(!ld) { return 0; } - lr = local_data_find_type(ld, qinfo->qtype); + lr = local_data_find_type(ld, qinfo->qtype, 1); if(!lr) return 0; - if(z->type == local_zone_redirect) { + + /* Special case for alias matching. See local_data_answer(). */ + if(lz_type == local_zone_redirect && + qinfo->qtype != LDNS_RR_TYPE_CNAME && + lr->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) { + qinfo->local_alias = + regional_alloc_zero(temp, sizeof(struct local_rrset)); + if(!qinfo->local_alias) + return 0; /* out of memory */ + qinfo->local_alias->rrset = + regional_alloc_init(temp, lr->rrset, sizeof(*lr->rrset)); + if(!qinfo->local_alias->rrset) + return 0; /* out of memory */ + qinfo->local_alias->rrset->rk.dname = qinfo->qname; + qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len; + return 1; + } + if(lz_type == local_zone_redirect) { /* convert rrset name to query name; like a wildcard */ struct ub_packed_rrset_key r = *lr->rrset; r.rk.dname = qinfo->qname; r.rk.dname_len = qinfo->qname_len; - return local_encode(qinfo, edns, buf, temp, &r, 1, + return local_encode(qinfo, env, edns, buf, temp, &r, 1, LDNS_RCODE_NOERROR); } - return local_encode(qinfo, edns, buf, temp, lr->rrset, 1, + return local_encode(qinfo, env, edns, buf, temp, lr->rrset, 1, LDNS_RCODE_NOERROR); } /** * answer in case where no exact match is found * @param z: zone for query + * @param env: module environment * @param qinfo: query * @param edns: edns from query * @param buf: buffer for answer. * @param temp: temp region for encoding * @param ld: local data, if NULL, no such name exists in localdata. + * @param lz_type: type of the local zone * @return 1 if a reply is to be sent, 0 if not. */ static int -lz_zone_answer(struct local_zone* z, struct query_info* qinfo, - struct edns_data* edns, sldns_buffer* buf, struct regional* temp, - struct local_data* ld) +lz_zone_answer(struct local_zone* z, struct module_env* env, + struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, + struct regional* temp, struct local_data* ld, enum localzone_type lz_type) { - if(z->type == local_zone_deny || z->type == local_zone_inform_deny) { + if(lz_type == local_zone_deny || lz_type == local_zone_inform_deny) { /** no reply at all, signal caller by clearing buffer. */ sldns_buffer_clear(buf); sldns_buffer_flip(buf); return 1; - } else if(z->type == local_zone_refuse) { + } else if(lz_type == local_zone_refuse + || lz_type == local_zone_always_refuse) { error_encode(buf, (LDNS_RCODE_REFUSED|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); return 1; - } else if(z->type == local_zone_static || - z->type == local_zone_redirect) { + } else if(lz_type == local_zone_static || + lz_type == local_zone_redirect || + lz_type == local_zone_always_nxdomain) { /* for static, reply nodata or nxdomain * for redirect, reply nodata */ /* no additional section processing, @@ -1069,26 +1428,28 @@ * or using closest match for NSEC. * or using closest match for returning delegation downwards */ - int rcode = ld?LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; + int rcode = (ld || lz_type == local_zone_redirect)? + LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; if(z->soa) - return local_encode(qinfo, edns, buf, temp, + return local_encode(qinfo, env, edns, buf, temp, z->soa, 0, rcode); error_encode(buf, (rcode|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); return 1; - } else if(z->type == local_zone_typetransparent) { + } else if(lz_type == local_zone_typetransparent + || lz_type == local_zone_always_transparent) { /* no NODATA or NXDOMAINS for this zone type */ return 0; } - /* else z->type == local_zone_transparent */ + /* else lz_type == local_zone_transparent */ /* if the zone is transparent and the name exists, but the type * does not, then we should make this noerror/nodata */ if(ld && ld->rrsets) { int rcode = LDNS_RCODE_NOERROR; if(z->soa) - return local_encode(qinfo, edns, buf, temp, + return local_encode(qinfo, env, edns, buf, temp, z->soa, 0, rcode); error_encode(buf, (rcode|BIT_AA), qinfo, *(uint16_t*)sldns_buffer_begin(buf), @@ -1115,44 +1476,125 @@ log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); } +static enum localzone_type +lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2, + uint8_t *tagactions, size_t tagactionssize, enum localzone_type lzt, + struct comm_reply* repinfo, struct rbtree_t* override_tree, int* tag, + char** tagname, int num_tags) +{ + size_t i, j; + uint8_t tagmatch; + struct local_zone_override* lzo; + if(repinfo && override_tree) { + lzo = (struct local_zone_override*)addr_tree_lookup( + override_tree, &repinfo->addr, repinfo->addrlen); + if(lzo && lzo->type) { + verbose(VERB_ALGO, "local zone override to type %s", + local_zone_type2str(lzo->type)); + return lzo->type; + } + } + if(!taglist || !taglist2) + return lzt; + for(i=0; i0; j++) { + if((tagmatch & 0x1)) { + *tag = (int)(i*8+j); + verbose(VERB_ALGO, "matched tag [%d] %s", + *tag, (*tag>= 1; + } + } + return lzt; +} + int -local_zones_answer(struct local_zones* zones, struct query_info* qinfo, - struct edns_data* edns, sldns_buffer* buf, struct regional* temp, - struct comm_reply* repinfo) +local_zones_answer(struct local_zones* zones, struct module_env* env, + struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, + struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist, + size_t taglen, uint8_t* tagactions, size_t tagactionssize, + struct config_strlist** tag_datas, size_t tag_datas_size, + char** tagname, int num_tags, struct view* view) { /* see if query is covered by a zone, * if so: - try to match (exact) local data * - look at zone type for negative response. */ int labs = dname_count_labels(qinfo->qname); - struct local_data* ld; - struct local_zone* z; - int r; - lock_rw_rdlock(&zones->lock); - z = local_zones_lookup(zones, qinfo->qname, - qinfo->qname_len, labs, qinfo->qclass); + struct local_data* ld = NULL; + struct local_zone* z = NULL; + enum localzone_type lzt = local_zone_transparent; + int r, tag = -1; + + if(view) { + lock_rw_rdlock(&view->lock); + if(view->local_zones && + (z = local_zones_lookup(view->local_zones, + qinfo->qname, qinfo->qname_len, labs, + qinfo->qclass))) { + verbose(VERB_ALGO, + "using localzone from view: %s", + view->name); + lock_rw_rdlock(&z->lock); + lzt = z->type; + } + if(!z && !view->isfirst){ + lock_rw_unlock(&view->lock); + return 0; + } + lock_rw_unlock(&view->lock); + } if(!z) { + /* try global local_zones tree */ + lock_rw_rdlock(&zones->lock); + if(!(z = local_zones_tags_lookup(zones, qinfo->qname, + qinfo->qname_len, labs, qinfo->qclass, taglist, + taglen, 0))) { + lock_rw_unlock(&zones->lock); + return 0; + } + lock_rw_rdlock(&z->lock); + + lzt = lz_type(taglist, taglen, z->taglist, z->taglen, + tagactions, tagactionssize, z->type, repinfo, + z->override_tree, &tag, tagname, num_tags); lock_rw_unlock(&zones->lock); - return 0; } - lock_rw_rdlock(&z->lock); - lock_rw_unlock(&zones->lock); - - if((z->type == local_zone_inform || z->type == local_zone_inform_deny) + if((lzt == local_zone_inform || lzt == local_zone_inform_deny) && repinfo) lz_inform_print(z, qinfo, repinfo); - if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) { + if(lzt != local_zone_always_refuse + && lzt != local_zone_always_transparent + && lzt != local_zone_always_nxdomain + && local_data_answer(z, env, qinfo, edns, buf, temp, labs, &ld, lzt, + tag, tag_datas, tag_datas_size, tagname, num_tags)) { lock_rw_unlock(&z->lock); - return 1; + /* We should tell the caller that encode is deferred if we found + * a local alias. */ + return !qinfo->local_alias; } - r = lz_zone_answer(z, qinfo, edns, buf, temp, ld); + r = lz_zone_answer(z, env, qinfo, edns, buf, temp, ld, lzt); lock_rw_unlock(&z->lock); - return r; + return r && !qinfo->local_alias; /* see above */ } const char* local_zone_type2str(enum localzone_type t) { switch(t) { + case local_zone_unset: return "unset"; case local_zone_deny: return "deny"; case local_zone_refuse: return "refuse"; case local_zone_redirect: return "redirect"; @@ -1162,6 +1604,9 @@ case local_zone_nodefault: return "nodefault"; case local_zone_inform: return "inform"; case local_zone_inform_deny: return "inform_deny"; + case local_zone_always_transparent: return "always_transparent"; + case local_zone_always_refuse: return "always_refuse"; + case local_zone_always_nxdomain: return "always_nxdomain"; } return "badtyped"; } @@ -1184,6 +1629,12 @@ *t = local_zone_inform; else if(strcmp(type, "inform_deny") == 0) *t = local_zone_inform_deny; + else if(strcmp(type, "always_transparent") == 0) + *t = local_zone_always_transparent; + else if(strcmp(type, "always_refuse") == 0) + *t = local_zone_always_refuse; + else if(strcmp(type, "always_nxdomain") == 0) + *t = local_zone_always_nxdomain; else return 0; return 1; } @@ -1220,7 +1671,10 @@ { /* create */ struct local_zone* z = local_zone_create(name, len, labs, tp, dclass); - if(!z) return NULL; + if(!z) { + free(name); + return NULL; + } lock_rw_wrlock(&z->lock); /* find the closest parent */ diff -Nru unbound-1.5.8/services/localzone.h unbound-1.6.0/services/localzone.h --- unbound-1.5.8/services/localzone.h 2015-04-16 08:23:06.000000000 +0000 +++ unbound-1.6.0/services/localzone.h 2016-12-06 13:42:51.000000000 +0000 @@ -43,6 +43,9 @@ #define SERVICES_LOCALZONE_H #include "util/rbtree.h" #include "util/locks.h" +#include "util/storage/dnstree.h" +#include "util/module.h" +#include "services/view.h" struct ub_packed_rrset_key; struct regional; struct config_file; @@ -50,6 +53,7 @@ struct query_info; struct sldns_buffer; struct comm_reply; +struct config_strlist; /** * Local zone type @@ -57,8 +61,10 @@ * local-data directly. */ enum localzone_type { + /** unset type, used for unset tag_action elements */ + local_zone_unset = 0, /** drop query */ - local_zone_deny = 0, + local_zone_deny, /** answer with error */ local_zone_refuse, /** answer nxdomain or nodata */ @@ -75,7 +81,13 @@ /** log client address, but no block (transparent) */ local_zone_inform, /** log client address, and block (drop) */ - local_zone_inform_deny + local_zone_inform_deny, + /** resolve normally, even when there is local data */ + local_zone_always_transparent, + /** answer with error, even when there is local data */ + local_zone_always_refuse, + /** answer with nxdomain, even when there is local data */ + local_zone_always_nxdomain }; /** @@ -115,6 +127,13 @@ /** how to process zone */ enum localzone_type type; + /** tag bitlist */ + uint8_t* taglist; + /** length of the taglist (in bytes) */ + size_t taglen; + /** netblock addr_tree with struct local_zone_override information + * or NULL if there are no override elements */ + struct rbtree_t* override_tree; /** in this region the zone's data is allocated. * the struct local_zone itself is malloced. */ @@ -154,6 +173,16 @@ }; /** + * Local zone override information + */ +struct local_zone_override { + /** node in addrtree */ + struct addr_tree_node node; + /** override for local zone type */ + enum localzone_type type; +}; + +/** * Create local zones storage * @return new struct or NULL on error. */ @@ -198,6 +227,24 @@ void local_zone_delete(struct local_zone* z); /** + * Lookup zone that contains the given name, class and taglist. + * User must lock the tree or result zone. + * @param zones: the zones tree + * @param name: dname to lookup + * @param len: length of name. + * @param labs: labelcount of name. + * @param dclass: class to lookup. + * @param taglist: taglist to lookup. + * @param taglen: lenth of taglist. + * @param ignoretags: lookup zone by name and class, regardless the + * local-zone's tags. + * @return closest local_zone or NULL if no covering zone is found. + */ +struct local_zone* local_zones_tags_lookup(struct local_zones* zones, + uint8_t* name, size_t len, int labs, uint16_t dclass, + uint8_t* taglist, size_t taglen, int ignoretags); + +/** * Lookup zone that contains the given name, class. * User must lock the tree or result zone. * @param zones: the zones tree @@ -221,18 +268,39 @@ * Answer authoritatively for local zones. * Takes care of locking. * @param zones: the stored zones (shared, read only). + * @param env: the module environment. * @param qinfo: query info (parsed). * @param edns: edns info (parsed). * @param buf: buffer with query ID and flags, also for reply. * @param temp: temporary storage region. * @param repinfo: source address for checks. may be NULL. + * @param taglist: taglist for checks. May be NULL. + * @param taglen: length of the taglist. + * @param tagactions: local zone actions for tags. May be NULL. + * @param tagactionssize: length of the tagactions. + * @param tag_datas: array per tag of strlist with rdata strings. or NULL. + * @param tag_datas_size: size of tag_datas array. + * @param tagname: array of tag name strings (for debug output). + * @param num_tags: number of items in tagname array. + * @param view: answer using this view. May be NULL. * @return true if answer is in buffer. false if query is not answered * by authority data. If the reply should be dropped altogether, the return * value is true, but the buffer is cleared (empty). - */ -int local_zones_answer(struct local_zones* zones, struct query_info* qinfo, - struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp, - struct comm_reply* repinfo); + * It can also return true if a non-exact alias answer is found. In this + * case qinfo->local_alias points to the corresponding alias RRset but the + * answer is NOT encoded in buffer. It's the caller's responsibility to + * complete the alias chain (if needed) and encode the final set of answer. + * Data pointed to by qinfo->local_alias is allocated in 'temp' or refers to + * configuration data. So the caller will need to make a deep copy of it + * if it needs to keep it beyond the lifetime of 'temp' or a dynamic update + * to local zone data. + */ +int local_zones_answer(struct local_zones* zones, struct module_env* env, + struct query_info* qinfo, struct edns_data* edns, struct sldns_buffer* buf, + struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist, + size_t taglen, uint8_t* tagactions, size_t tagactionssize, + struct config_strlist** tag_datas, size_t tag_datas_size, + char** tagname, int num_tags, struct view* view); /** * Parse the string into localzone type. diff -Nru unbound-1.5.8/services/mesh.c unbound-1.6.0/services/mesh.c --- unbound-1.5.8/services/mesh.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/services/mesh.c 2016-12-06 13:42:51.000000000 +0000 @@ -56,6 +56,9 @@ #include "util/alloc.h" #include "util/config_file.h" #include "sldns/sbuffer.h" +#include "sldns/wire2str.h" +#include "services/localzone.h" +#include "util/data/dname.h" /** subtract timers and the values do not overflow or become negative */ static void @@ -127,6 +130,11 @@ struct mesh_state* a = (struct mesh_state*)ap; struct mesh_state* b = (struct mesh_state*)bp; + if(a->unique < b->unique) + return -1; + if(a->unique > b->unique) + return 1; + if(a->s.is_priming && !b->s.is_priming) return -1; if(!a->s.is_priming && b->s.is_priming) @@ -282,10 +290,13 @@ uint16_t qflags, struct edns_data* edns, struct comm_reply* rep, uint16_t qid) { - struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + struct mesh_state* s = NULL; + int unique = edns_unique_mesh_state(edns->opt_list, mesh->env); int was_detached = 0; int was_noreply = 0; int added = 0; + if(!unique) + s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); /* does this create a new reply state? */ if(!s || s->list_select == mesh_no_list) { if(!mesh_make_new_space(mesh, rep->c->buffer)) { @@ -315,11 +326,32 @@ s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); if(!s) { log_err("mesh_state_create: out of memory; SERVFAIL"); + if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, + LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch)) + edns->opt_list = NULL; error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); comm_point_send_reply(rep); return; } + if(unique) + mesh_state_make_unique(s); + /* copy the edns options we got from the front */ + if(edns->opt_list) { + s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list, + s->s.region); + if(!s->s.edns_opts_front_in) { + log_err("mesh_state_create: out of memory; SERVFAIL"); + if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, + NULL, LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch)) + edns->opt_list = NULL; + error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL, + qinfo, qid, qflags, edns); + comm_point_send_reply(rep); + return; + } + } + #ifdef UNBOUND_DEBUG n = #else @@ -336,8 +368,11 @@ if(!s->reply_list && !s->cb_list) was_noreply = 1; /* add reply to s */ - if(!mesh_state_add_reply(s, edns, rep, qid, qflags, qinfo->qname)) { + if(!mesh_state_add_reply(s, edns, rep, qid, qflags, qinfo)) { log_err("mesh_new_client: out of memory; SERVFAIL"); + if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s, + NULL, LDNS_RCODE_SERVFAIL, edns, mesh->env->scratch)) + edns->opt_list = NULL; error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); comm_point_send_reply(rep); @@ -376,10 +411,13 @@ uint16_t qflags, struct edns_data* edns, sldns_buffer* buf, uint16_t qid, mesh_cb_func_t cb, void* cb_arg) { - struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + struct mesh_state* s = NULL; + int unique = edns_unique_mesh_state(edns->opt_list, mesh->env); int was_detached = 0; int was_noreply = 0; int added = 0; + if(!unique) + s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); /* there are no limits on the number of callbacks */ /* see if it already exists, if not, create one */ @@ -391,6 +429,15 @@ if(!s) { return 0; } + if(unique) + mesh_state_make_unique(s); + if(edns->opt_list) { + s->s.edns_opts_front_in = edns_opt_copy_region(edns->opt_list, + s->s.region); + if(!s->s.edns_opts_front_in) { + return 0; + } + } #ifdef UNBOUND_DEBUG n = #else @@ -429,7 +476,8 @@ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway) { - struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), + 0, 0); #ifdef UNBOUND_DEBUG struct rbnode_t* n; #endif @@ -448,6 +496,7 @@ mesh->stats_dropped ++; return; } + s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); if(!s) { log_err("prefetch mesh_state_create: out of memory"); @@ -521,9 +570,11 @@ rbtree_init(&mstate->super_set, &mesh_state_ref_compare); rbtree_init(&mstate->sub_set, &mesh_state_ref_compare); mstate->num_activated = 0; + mstate->unique = NULL; /* init module qstate */ mstate->s.qinfo.qtype = qinfo->qtype; mstate->s.qinfo.qclass = qinfo->qclass; + mstate->s.qinfo.local_alias = NULL; mstate->s.qinfo.qname_len = qinfo->qname_len; mstate->s.qinfo.qname = regional_alloc_init(region, qinfo->qname, qinfo->qname_len); @@ -543,14 +594,34 @@ mstate->s.env = env; mstate->s.mesh_info = mstate; mstate->s.prefetch_leeway = 0; + mstate->s.no_cache_lookup = 0; + mstate->s.no_cache_store = 0; /* init modules */ for(i=0; imesh->mods.num; i++) { mstate->s.minfo[i] = NULL; mstate->s.ext_state[i] = module_state_initial; } + /* init edns option lists */ + mstate->s.edns_opts_front_in = NULL; + mstate->s.edns_opts_back_out = NULL; + mstate->s.edns_opts_back_in = NULL; + mstate->s.edns_opts_front_out = NULL; + return mstate; } +int +mesh_state_is_unique(struct mesh_state* mstate) +{ + return mstate->unique != NULL; +} + +void +mesh_state_make_unique(struct mesh_state* mstate) +{ + mstate->unique = mstate; +} + void mesh_state_cleanup(struct mesh_state* mstate) { @@ -685,8 +756,7 @@ { /* find it, if not, create it */ struct mesh_area* mesh = qstate->env->mesh; - struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime, - valrec); + struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime, valrec); int was_detached; if(mesh_detect_cycle_found(qstate, sub)) { verbose(VERB_ALGO, "attach failed, cycle detected"); @@ -697,8 +767,7 @@ struct rbnode_t* n; #endif /* create a new one */ - sub = mesh_state_create(qstate->env, qinfo, qflags, prime, - valrec); + sub = mesh_state_create(qstate->env, qinfo, qflags, prime, valrec); if(!sub) { log_err("mesh_attach_sub: out of memory"); return 0; @@ -800,6 +869,15 @@ } /* send the reply */ if(rcode) { + if(rcode == LDNS_RCODE_SERVFAIL) { + if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, + rep, rcode, &r->edns, m->s.region)) + r->edns.opt_list = NULL; + } else { + if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, + &r->edns, m->s.region)) + r->edns.opt_list = NULL; + } fptr_ok(fptr_whitelist_mesh_cb(r->cb)); (*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL); } else { @@ -809,7 +887,10 @@ r->edns.udp_size = EDNS_ADVERTISED_SIZE; r->edns.ext_rcode = 0; r->edns.bits &= EDNS_DO; - if(!reply_info_answer_encode(&m->s.qinfo, rep, r->qid, + + if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, + LDNS_RCODE_NOERROR, &r->edns, m->s.region) || + !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r->buf, 0, 1, m->s.env->scratch, udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO), secure)) @@ -842,6 +923,9 @@ struct timeval end_time; struct timeval duration; int secure; + /* Copy the client's EDNS for later restore, to make sure the edns + * compare is with the correct edns options. */ + struct edns_data edns_bak = r->edns; /* examine security status */ if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || m->s.env->cfg->ignore_cd) && rep && @@ -856,10 +940,18 @@ if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; /* send the reply */ + /* We don't reuse the encoded answer if either the previous or current + * response has a local alias. We could compare the alias records + * and still reuse the previous answer if they are the same, but that + * would be complicated and error prone for the relatively minor case. + * So we err on the side of safety. */ if(prev && prev->qflags == r->qflags && + !prev->local_alias && !r->local_alias && prev->edns.edns_present == r->edns.edns_present && prev->edns.bits == r->edns.bits && - prev->edns.udp_size == r->edns.udp_size) { + prev->edns.udp_size == r->edns.udp_size && + edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list) + == 0) { /* if the previous reply is identical to this one, fix ID */ if(prev->query_reply.c->buffer != r->query_reply.c->buffer) sldns_buffer_copy(r->query_reply.c->buffer, @@ -871,6 +963,16 @@ comm_point_send_reply(&r->query_reply); } else if(rcode) { m->s.qinfo.qname = r->qname; + m->s.qinfo.local_alias = r->local_alias; + if(rcode == LDNS_RCODE_SERVFAIL) { + if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, + rep, rcode, &r->edns, m->s.region)) + r->edns.opt_list = NULL; + } else { + if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, + &r->edns, m->s.region)) + r->edns.opt_list = NULL; + } error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo, r->qid, r->qflags, &r->edns); comm_point_send_reply(&r->query_reply); @@ -881,15 +983,22 @@ r->edns.ext_rcode = 0; r->edns.bits &= EDNS_DO; m->s.qinfo.qname = r->qname; - if(!reply_info_answer_encode(&m->s.qinfo, rep, r->qid, + m->s.qinfo.local_alias = r->local_alias; + if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, + LDNS_RCODE_NOERROR, &r->edns, m->s.region) || + !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r->query_reply.c->buffer, 0, 1, m->s.env->scratch, udp_size, &r->edns, (int)(r->edns.bits & EDNS_DO), secure)) { + if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, + rep, LDNS_RCODE_SERVFAIL, &r->edns, m->s.region)) + r->edns.opt_list = NULL; error_encode(r->query_reply.c->buffer, LDNS_RCODE_SERVFAIL, &m->s.qinfo, r->qid, r->qflags, &r->edns); } + r->edns = edns_bak; comm_point_send_reply(&r->query_reply); } /* account */ @@ -955,6 +1064,10 @@ key.s.is_valrec = valrec; key.s.qinfo = *qinfo; key.s.query_flags = qflags; + /* We are searching for a similar mesh state when we DO want to + * aggregate the state. Thus unique is set to NULL. (default when we + * desire aggregation).*/ + key.unique = NULL; result = (struct mesh_state*)rbtree_search(&mesh->all, &key); return result; @@ -973,6 +1086,12 @@ r->cb = cb; r->cb_arg = cb_arg; r->edns = *edns; + if(edns->opt_list) { + r->edns.opt_list = edns_opt_copy_region(edns->opt_list, + s->s.region); + if(!r->edns.opt_list) + return 0; + } r->qid = qid; r->qflags = qflags; r->next = s->cb_list; @@ -982,7 +1101,8 @@ } int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, - struct comm_reply* rep, uint16_t qid, uint16_t qflags, uint8_t* qname) + struct comm_reply* rep, uint16_t qid, uint16_t qflags, + const struct query_info* qinfo) { struct mesh_reply* r = regional_alloc(s->s.region, sizeof(struct mesh_reply)); @@ -990,17 +1110,74 @@ return 0; r->query_reply = *rep; r->edns = *edns; + if(edns->opt_list) { + r->edns.opt_list = edns_opt_copy_region(edns->opt_list, + s->s.region); + if(!r->edns.opt_list) + return 0; + } r->qid = qid; r->qflags = qflags; r->start_time = *s->s.env->now_tv; r->next = s->reply_list; - r->qname = regional_alloc_init(s->s.region, qname, + r->qname = regional_alloc_init(s->s.region, qinfo->qname, s->s.qinfo.qname_len); if(!r->qname) return 0; + + /* Data related to local alias stored in 'qinfo' (if any) is ephemeral + * and can be different for different original queries (even if the + * replaced query name is the same). So we need to make a deep copy + * and store the copy for each reply info. */ + if(qinfo->local_alias) { + struct packed_rrset_data* d; + struct packed_rrset_data* dsrc; + r->local_alias = regional_alloc_zero(s->s.region, + sizeof(*qinfo->local_alias)); + if(!r->local_alias) + return 0; + r->local_alias->rrset = regional_alloc_init(s->s.region, + qinfo->local_alias->rrset, + sizeof(*qinfo->local_alias->rrset)); + if(!r->local_alias->rrset) + return 0; + dsrc = qinfo->local_alias->rrset->entry.data; + + /* In the current implementation, a local alias must be + * a single CNAME RR (see worker_handle_request()). */ + log_assert(!qinfo->local_alias->next && dsrc->count == 1 && + qinfo->local_alias->rrset->rk.type == + htons(LDNS_RR_TYPE_CNAME)); + /* Technically, we should make a local copy for the owner + * name of the RRset, but in the case of the first (and + * currently only) local alias RRset, the owner name should + * point to the qname of the corresponding query, which should + * be valid throughout the lifetime of this mesh_reply. So + * we can skip copying. */ + log_assert(qinfo->local_alias->rrset->rk.dname == + sldns_buffer_at(rep->c->buffer, LDNS_HEADER_SIZE)); + + d = regional_alloc_init(s->s.region, dsrc, + sizeof(struct packed_rrset_data) + + sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)); + if(!d) + return 0; + r->local_alias->rrset->entry.data = d; + d->rr_len = (size_t*)((uint8_t*)d + + sizeof(struct packed_rrset_data)); + d->rr_data = (uint8_t**)&(d->rr_len[1]); + d->rr_ttl = (time_t*)&(d->rr_data[1]); + d->rr_len[0] = dsrc->rr_len[0]; + d->rr_ttl[0] = dsrc->rr_ttl[0]; + d->rr_data[0] = regional_alloc_init(s->s.region, + dsrc->rr_data[0], d->rr_len[0]); + if(!d->rr_data[0]) + return 0; + } else + r->local_alias = NULL; + s->reply_list = r; return 1; - } /** @@ -1050,6 +1227,12 @@ *ev = module_event_pass; return 1; } + if(s == module_wait_subquery && mstate->sub_set.count == 0) { + log_err("module cannot wait for subquery, subquery list empty"); + log_query_info(VERB_QUERY, "pass error for qstate", + &mstate->s.qinfo); + s = module_error; + } if(s == module_error && mstate->s.return_rcode == LDNS_RCODE_NOERROR) { /* error is bad, handle pass back up below */ mstate->s.return_rcode = LDNS_RCODE_SERVFAIL; @@ -1187,8 +1370,9 @@ uint16_t flags, int prime, int valrec) { struct mesh_area* mesh = qstate->env->mesh; - struct mesh_state* dep_m = mesh_area_find(mesh, qinfo, flags, prime, - valrec); + struct mesh_state* dep_m = NULL; + if(!mesh_state_is_unique(qstate->mesh_info)) + dep_m = mesh_area_find(mesh, qinfo, flags, prime, valrec); return mesh_detect_cycle_found(qstate, dep_m); } diff -Nru unbound-1.5.8/services/mesh.h unbound-1.6.0/services/mesh.h --- unbound-1.5.8/services/mesh.h 2014-11-18 15:15:57.000000000 +0000 +++ unbound-1.6.0/services/mesh.h 2016-12-06 13:42:51.000000000 +0000 @@ -180,6 +180,8 @@ /** if this state is in the forever list, jostle list, or neither */ enum mesh_list_select { mesh_no_list, mesh_forever_list, mesh_jostle_list } list_select; + /** pointer to this state for uniqueness or NULL */ + struct mesh_state* unique; /** true if replies have been sent out (at end for alignment) */ uint8_t replies_sent; @@ -214,6 +216,8 @@ uint16_t qflags; /** qname from this query. len same as mesh qinfo. */ uint8_t* qname; + /** same as that in query_info. */ + struct local_rrset* local_alias; }; /** @@ -415,6 +419,21 @@ struct query_info* qinfo, uint16_t qflags, int prime, int valrec); /** + * Check if the mesh state is unique. + * A unique mesh state uses it's unique member to point to itself, else NULL. + * @param mstate: mesh state to check. + * @return true if the mesh state is unique, false otherwise. + */ +int mesh_state_is_unique(struct mesh_state* mstate); + +/** + * Make a mesh state unique. + * A unique mesh state uses it's unique member to point to itself. + * @param mstate: mesh state to check. + */ +void mesh_state_make_unique(struct mesh_state* mstate); + +/** * Cleanup a mesh state and its query state. Does not do rbtree or * reference cleanup. * @param mstate: mesh state to cleanup. Its pointer may no longer be used @@ -459,11 +478,12 @@ * @param rep: comm point reply info. * @param qid: ID of reply. * @param qflags: original query flags. - * @param qname: original query name. + * @param qinfo: original query info. * @return: 0 on alloc error. */ -int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, - struct comm_reply* rep, uint16_t qid, uint16_t qflags, uint8_t* qname); +int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, + struct comm_reply* rep, uint16_t qid, uint16_t qflags, + const struct query_info* qinfo); /** * Create new callback structure and attach it to a mesh state. diff -Nru unbound-1.5.8/services/modstack.c unbound-1.6.0/services/modstack.c --- unbound-1.5.8/services/modstack.c 2014-10-13 09:23:12.000000000 +0000 +++ unbound-1.6.0/services/modstack.c 2016-04-14 14:50:18.000000000 +0000 @@ -50,6 +50,9 @@ #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" #endif +#ifdef USE_CACHEDB +#include "cachedb/cachedb.h" +#endif /** count number of modules (words) in the string */ static int @@ -121,6 +124,9 @@ #ifdef WITH_PYTHONMODULE "python", #endif +#ifdef USE_CACHEDB + "cachedb", +#endif "validator", "iterator", NULL}; @@ -139,6 +145,9 @@ #ifdef WITH_PYTHONMODULE &pythonmod_get_funcblock, #endif +#ifdef USE_CACHEDB + &cachedb_get_funcblock, +#endif &val_get_funcblock, &iter_get_funcblock, NULL}; diff -Nru unbound-1.5.8/services/outside_network.c unbound-1.6.0/services/outside_network.c --- unbound-1.5.8/services/outside_network.c 2016-01-05 10:08:37.000000000 +0000 +++ unbound-1.6.0/services/outside_network.c 2016-12-06 13:42:51.000000000 +0000 @@ -122,6 +122,8 @@ } if((r = query_dname_compare(q1->qbuf+10, q2->qbuf+10)) != 0) return r; + if((r = edns_opt_list_compare(q1->opt_list, q2->opt_list)) != 0) + return r; return sockaddr_cmp(&q1->addr, q1->addrlen, &q2->addr, q2->addrlen); } @@ -241,7 +243,33 @@ return 0; fd_set_nonblock(s); +#ifdef USE_OSX_MSG_FASTOPEN + /* API for fast open is different here. We use a connectx() function and + then writes can happen as normal even using SSL.*/ + /* connectx requires that the len be set in the sockaddr struct*/ + struct sockaddr_in *addr_in = (struct sockaddr_in *)&w->addr; + addr_in->sin_len = w->addrlen; + sa_endpoints_t endpoints; + endpoints.sae_srcif = 0; + endpoints.sae_srcaddr = NULL; + endpoints.sae_srcaddrlen = 0; + endpoints.sae_dstaddr = (struct sockaddr *)&w->addr; + endpoints.sae_dstaddrlen = w->addrlen; + if (connectx(s, &endpoints, SAE_ASSOCID_ANY, + CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE, + NULL, 0, NULL, NULL) == -1) { +#else /* USE_OSX_MSG_FASTOPEN*/ +#ifdef USE_MSG_FASTOPEN + pend->c->tcp_do_fastopen = 1; + /* Only do TFO for TCP in which case no connect() is required here. + Don't combine client TFO with SSL, since OpenSSL can't + currently support doing a handshake on fd that already isn't connected*/ + if (w->outnet->sslctx && w->ssl_upstream) { + if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) { +#else /* USE_MSG_FASTOPEN*/ if(connect(s, (struct sockaddr*)&w->addr, w->addrlen) == -1) { +#endif /* USE_MSG_FASTOPEN*/ +#endif /* USE_OSX_MSG_FASTOPEN*/ #ifndef USE_WINSOCK #ifdef EINPROGRESS if(errno != EINPROGRESS) { @@ -261,6 +289,9 @@ return 0; } } +#ifdef USE_MSG_FASTOPEN + } +#endif /* USE_MSG_FASTOPEN */ if(w->outnet->sslctx && w->ssl_upstream) { pend->c->ssl = outgoing_ssl_fd(w->outnet->sslctx, s); if(!pend->c->ssl) { @@ -589,7 +620,9 @@ pif->avail_ports = (int*)memdup(avail, (size_t)numavail*sizeof(int)); if(!pif->avail_ports) return 0; - if(!ipstrtoaddr(addrstr, UNBOUND_DNS_PORT, &pif->addr, &pif->addrlen)) + if(!ipstrtoaddr(addrstr, UNBOUND_DNS_PORT, &pif->addr, &pif->addrlen) && + !netblockstrtoaddr(addrstr, UNBOUND_DNS_PORT, + &pif->addr, &pif->addrlen, &pif->pfxlen)) return 0; pif->maxout = (int)numfd; pif->inuse = 0; @@ -757,6 +790,7 @@ struct service_callback* p = sq->cblist, *np; free(sq->qbuf); free(sq->zone); + edns_opt_list_free(sq->opt_list); while(p) { np = p->next; free(p); @@ -890,32 +924,55 @@ free(p); } +static void +sai6_putrandom(struct sockaddr_in6 *sa, int pfxlen, struct ub_randstate *rnd) +{ + int i, last; + if(!(pfxlen > 0 && pfxlen < 128)) + return; + for(i = 0; i < (128 - pfxlen) / 8; i++) { + sa->sin6_addr.s6_addr[15-i] = (uint8_t)ub_random_max(rnd, 256); + } + last = pfxlen & 7; + if(last != 0) { + sa->sin6_addr.s6_addr[15-i] |= + ((0xFF >> last) & ub_random_max(rnd, 256)); + } +} + /** * Try to open a UDP socket for outgoing communication. * Sets sockets options as needed. * @param addr: socket address. * @param addrlen: length of address. + * @param pfxlen: length of network prefix (for address randomisation). * @param port: port override for addr. * @param inuse: if -1 is returned, this bool means the port was in use. + * @param rnd: random state (for address randomisation). * @return fd or -1 */ static int -udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int port, - int* inuse) +udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen, + int port, int* inuse, struct ub_randstate* rnd) { int fd, noproto; if(addr_is_ip6(addr, addrlen)) { - struct sockaddr_in6* sa = (struct sockaddr_in6*)addr; - sa->sin6_port = (in_port_t)htons((uint16_t)port); + int freebind = 0; + struct sockaddr_in6 sa = *(struct sockaddr_in6*)addr; + sa.sin6_port = (in_port_t)htons((uint16_t)port); + if(pfxlen != 0) { + freebind = 1; + sai6_putrandom(&sa, pfxlen, rnd); + } fd = create_udp_sock(AF_INET6, SOCK_DGRAM, - (struct sockaddr*)addr, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL, 0); + (struct sockaddr*)&sa, addrlen, 1, inuse, &noproto, + 0, 0, 0, NULL, 0, freebind); } else { struct sockaddr_in* sa = (struct sockaddr_in*)addr; sa->sin_port = (in_port_t)htons((uint16_t)port); fd = create_udp_sock(AF_INET, SOCK_DGRAM, (struct sockaddr*)addr, addrlen, 1, inuse, &noproto, - 0, 0, 0, NULL, 0); + 0, 0, 0, NULL, 0, 0); } return fd; } @@ -975,7 +1032,8 @@ /* try to open new port, if fails, loop to try again */ log_assert(pif->inuse < pif->maxout); portno = pif->avail_ports[my_port - pif->inuse]; - fd = udp_sockport(&pif->addr, pif->addrlen, portno, &inuse); + fd = udp_sockport(&pif->addr, pif->addrlen, pif->pfxlen, + portno, &inuse, outnet->rnd); if(fd == -1 && !inuse) { /* nonrecoverable error making socket */ return 0; @@ -1219,7 +1277,8 @@ /** lookup serviced query in serviced query rbtree */ static struct serviced_query* lookup_serviced(struct outside_network* outnet, sldns_buffer* buff, int dnssec, - struct sockaddr_storage* addr, socklen_t addrlen) + struct sockaddr_storage* addr, socklen_t addrlen, + struct edns_option* opt_list) { struct serviced_query key; key.node.key = &key; @@ -1229,6 +1288,7 @@ memcpy(&key.addr, addr, addrlen); key.addrlen = addrlen; key.outnet = outnet; + key.opt_list = opt_list; return (struct serviced_query*)rbtree_search(outnet->serviced, &key); } @@ -1237,7 +1297,7 @@ serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec, int want_dnssec, int nocaps, int tcp_upstream, int ssl_upstream, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, - size_t zonelen, int qtype) + size_t zonelen, int qtype, struct edns_option* opt_list) { struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq)); #ifdef UNBOUND_DEBUG @@ -1267,6 +1327,16 @@ sq->ssl_upstream = ssl_upstream; memcpy(&sq->addr, addr, addrlen); sq->addrlen = addrlen; + sq->opt_list = NULL; + if(opt_list) { + sq->opt_list = edns_opt_copy_alloc(opt_list); + if(!sq->opt_list) { + free(sq->zone); + free(sq->qbuf); + free(sq); + return NULL; + } + } sq->outnet = outnet; sq->cblist = NULL; sq->pending = NULL; @@ -1346,6 +1416,7 @@ long int random = 0; int bits = 0; log_assert(len >= 10 + 5 /* offset qname, root, qtype, qclass */); + (void)len; lablen = *d++; while(lablen) { while(lablen--) { @@ -1394,6 +1465,7 @@ edns.edns_present = 1; edns.ext_rcode = 0; edns.edns_version = EDNS_ADVERTISED_VERSION; + edns.opt_list = sq->opt_list; if(sq->status == serviced_query_UDP_EDNS_FRAG) { if(addr_is_ip6(&sq->addr, sq->addrlen)) { if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE) @@ -1527,7 +1599,10 @@ sq->to_be_deleted = 1; verbose(VERB_ALGO, "svcd callbacks start"); if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c && - !sq->nocaps) { + !sq->nocaps && sq->qtype != LDNS_RR_TYPE_PTR) { + /* for type PTR do not check perturbed name in answer, + * compatibility with cisco dns guard boxes that mess up + * reverse queries 0x20 contents */ /* noerror and nxdomain must have a qname in reply */ if(sldns_buffer_read_u16_at(c->buffer, 4) == 0 && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) @@ -1708,6 +1783,44 @@ return sq->pending != NULL; } +/* see if packet is edns malformed; got zeroes at start. + * This is from servers that return malformed packets to EDNS0 queries, + * but they return good packets for nonEDNS0 queries. + * We try to detect their output; without resorting to a full parse or + * check for too many bytes after the end of the packet. */ +static int +packet_edns_malformed(struct sldns_buffer* buf, int qtype) +{ + size_t len; + if(sldns_buffer_limit(buf) < LDNS_HEADER_SIZE) + return 1; /* malformed */ + /* they have NOERROR rcode, 1 answer. */ + if(LDNS_RCODE_WIRE(sldns_buffer_begin(buf)) != LDNS_RCODE_NOERROR) + return 0; + /* one query (to skip) and answer records */ + if(LDNS_QDCOUNT(sldns_buffer_begin(buf)) != 1 || + LDNS_ANCOUNT(sldns_buffer_begin(buf)) == 0) + return 0; + /* skip qname */ + len = dname_valid(sldns_buffer_at(buf, LDNS_HEADER_SIZE), + sldns_buffer_limit(buf)-LDNS_HEADER_SIZE); + if(len == 0) + return 0; + if(len == 1 && qtype == 0) + return 0; /* we asked for '.' and type 0 */ + /* and then 4 bytes (type and class of query) */ + if(sldns_buffer_limit(buf) < LDNS_HEADER_SIZE + len + 4 + 3) + return 0; + + /* and start with 11 zeroes as the answer RR */ + /* so check the qtype of the answer record, qname=0, type=0 */ + if(sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[0] == 0 && + sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[1] == 0 && + sldns_buffer_at(buf, LDNS_HEADER_SIZE+len+4)[2] == 0) + return 1; + return 0; +} + int serviced_udp_callback(struct comm_point* c, void* arg, int error, struct comm_reply* rep) @@ -1766,7 +1879,7 @@ return 0; } #ifdef USE_DNSTAP - if(outnet->dtenv && + if(error == NETEVENT_NOERROR && outnet->dtenv && (outnet->dtenv->log_resolver_response_messages || outnet->dtenv->log_forwarder_response_messages)) dt_msg_send_outside_response(outnet->dtenv, &sq->addr, c->type, @@ -1778,7 +1891,9 @@ ||sq->status == serviced_query_UDP_EDNS_FRAG) && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE( - sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL)) { + sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL + || packet_edns_malformed(c->buffer, sq->qtype) + )) { /* try to get an answer by falling back without EDNS */ verbose(VERB_ALGO, "serviced query: attempt without EDNS"); sq->status = serviced_query_UDP_EDNS_fallback; @@ -1871,17 +1986,22 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - int tcp_upstream, int ssl_upstream, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, - comm_point_callback_t* callback, void* callback_arg, - sldns_buffer* buff) + struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, + int nocaps, int tcp_upstream, int ssl_upstream, + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, + size_t zonelen, struct module_qstate* qstate, + comm_point_callback_t* callback, void* callback_arg, sldns_buffer* buff, + struct module_env* env) { struct serviced_query* sq; struct service_callback* cb; - serviced_gen_query(buff, qname, qnamelen, qtype, qclass, flags); - sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen); + if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen, + qstate, qstate->region)) + return NULL; + serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype, + qinfo->qclass, flags); + sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen, + qstate->edns_opts_back_out); /* duplicate entries are included in the callback list, because * there is a counterpart registration by our caller that needs to * be doubly-removed (with callbacks perhaps). */ @@ -1891,7 +2011,7 @@ /* make new serviced query entry */ sq = serviced_create(outnet, buff, dnssec, want_dnssec, nocaps, tcp_upstream, ssl_upstream, addr, addrlen, zone, - zonelen, (int)qtype); + zonelen, (int)qinfo->qtype, qstate->edns_opts_back_out); if(!sq) { free(cb); return NULL; @@ -1948,13 +2068,7 @@ callback_list_remove(sq, cb_arg); /* if callbacks() routine scheduled deletion, let it do that */ if(!sq->cblist && !sq->to_be_deleted) { -#ifdef UNBOUND_DEBUG - rbnode_t* rem = -#else - (void) -#endif - rbtree_delete(sq->outnet->serviced, sq); - log_assert(rem); /* should be present */ + (void)rbtree_delete(sq->outnet->serviced, sq); serviced_delete(sq); } } diff -Nru unbound-1.5.8/services/outside_network.h unbound-1.6.0/services/outside_network.h --- unbound-1.5.8/services/outside_network.h 2016-01-05 10:08:37.000000000 +0000 +++ unbound-1.6.0/services/outside_network.h 2016-12-06 13:42:51.000000000 +0000 @@ -58,6 +58,10 @@ struct sldns_buffer; struct serviced_query; struct dt_env; +struct edns_option; +struct module_env; +struct module_qstate; +struct query_info; /** * Send queries to outside servers and wait for answers from servers. @@ -164,6 +168,10 @@ /** length of addr field */ socklen_t addrlen; + /** prefix length of network address (in bits), for randomisation. + * if 0, no randomisation. */ + int pfxlen; + /** the available ports array. These are unused. * Only the first total-inuse part is filled. */ int* avail_ports; @@ -367,6 +375,8 @@ int last_rtt; /** do we know edns probe status already, for UDP_EDNS queries */ int edns_lame_known; + /** edns options to use for sending upstream packet */ + struct edns_option* opt_list; /** outside network this is part of */ struct outside_network* outnet; /** list of interested parties that need callback on results. */ @@ -464,10 +474,7 @@ * Perform a serviced query to the authoritative servers. * Duplicate efforts are detected, and EDNS, TCP and UDP retry is performed. * @param outnet: outside network, with rbtree of serviced queries. - * @param qname: what qname to query. - * @param qnamelen: length of qname in octets including 0 root label. - * @param qtype: rrset type to query (host format) - * @param qclass: query class. (host format) + * @param qinfo: query info. * @param flags: flags u16 (host format), includes opcode, CD bit. * @param dnssec: if set, DO bit is set in EDNS queries. * If the value includes BIT_CD, CD bit is set when in EDNS queries. @@ -477,25 +484,28 @@ * @param nocaps: ignore use_caps_for_id and use unperturbed qname. * @param tcp_upstream: use TCP for upstream queries. * @param ssl_upstream: use SSL for upstream queries. - * @param callback: callback function. - * @param callback_arg: user argument to callback function. * @param addr: to which server to send the query. * @param addrlen: length of addr. * @param zone: name of the zone of the delegation point. wireformat dname. This is the delegation point name for which the server is deemed authoritative. * @param zonelen: length of zone. + * @param qstate: module qstate. Mainly for inspecting the available + * edns_opts_lists. + * @param callback: callback function. + * @param callback_arg: user argument to callback function. * @param buff: scratch buffer to create query contents in. Empty on exit. + * @param env: the module environment. * @return 0 on error, or pointer to serviced query that is used to answer * this serviced query may be shared with other callbacks as well. */ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - int tcp_upstream, int ssl_upstream, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, + struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, + int nocaps, int tcp_upstream, int ssl_upstream, + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, + size_t zonelen, struct module_qstate* qstate, comm_point_callback_t* callback, void* callback_arg, - struct sldns_buffer* buff); + struct sldns_buffer* buff, struct module_env* env); /** * Remove service query callback. diff -Nru unbound-1.5.8/services/view.c unbound-1.6.0/services/view.c --- unbound-1.5.8/services/view.c 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/services/view.c 2016-11-29 15:28:25.000000000 +0000 @@ -0,0 +1,207 @@ +/* + * services/view.c - named views containing local zones authority service. + * + * Copyright (c) 2016, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions to enable named views that can hold local zone + * authority service. + */ +#include "config.h" +#include "services/view.h" +#include "services/localzone.h" +#include "util/config_file.h" + +int +view_cmp(const void* v1, const void* v2) +{ + struct view* a = (struct view*)v1; + struct view* b = (struct view*)v2; + + return strcmp(a->name, b->name); +} + +struct views* +views_create(void) +{ + struct views* v = (struct views*)calloc(1, + sizeof(*v)); + if(!v) + return NULL; + rbtree_init(&v->vtree, &view_cmp); + lock_rw_init(&v->lock); + lock_protect(&v->lock, &v->vtree, sizeof(v->vtree)); + return v; +} + +void +view_delete(struct view* v) +{ + if(!v) + return; + lock_rw_destroy(&v->lock); + local_zones_delete(v->local_zones); + free(v->name); + free(v); +} + +static void +delviewnode(rbnode_t* n, void* ATTR_UNUSED(arg)) +{ + struct view* v = (struct view*)n; + view_delete(v); +} + +void +views_delete(struct views* v) +{ + if(!v) + return; + lock_rw_destroy(&v->lock); + traverse_postorder(&v->vtree, delviewnode, NULL); + free(v); +} + +/** create a new view */ +static struct view* +view_create(char* name) +{ + struct view* v = (struct view*)calloc(1, sizeof(*v)); + if(!v) + return NULL; + v->node.key = v; + if(!(v->name = strdup(name))) { + free(v); + return NULL; + } + lock_rw_init(&v->lock); + lock_protect(&v->lock, &v->name, sizeof(*v)-sizeof(rbnode_t)); + return v; +} + +/** enter a new view returns with WRlock */ +static struct view* +views_enter_view_name(struct views* vs, char* name) +{ + struct view* v = view_create(name); + if(!v) { + log_err("out of memory"); + return NULL; + } + + /* add to rbtree */ + lock_rw_wrlock(&vs->lock); + lock_rw_wrlock(&v->lock); + if(!rbtree_insert(&vs->vtree, &v->node)) { + log_warn("duplicate view: %s", name); + lock_rw_unlock(&v->lock); + view_delete(v); + lock_rw_unlock(&vs->lock); + return NULL; + } + lock_rw_unlock(&vs->lock); + return v; +} + +int +views_apply_cfg(struct views* vs, struct config_file* cfg) +{ + struct config_view* cv; + struct view* v; + struct config_file lz_cfg; + /* Check existence of name in first view (last in config). Rest of + * views are already checked when parsing config. */ + if(cfg->views && !cfg->views->name) { + log_err("view without a name"); + return 0; + } + for(cv = cfg->views; cv; cv = cv->next) { + /* create and enter view */ + if(!(v = views_enter_view_name(vs, cv->name))) + return 0; + v->isfirst = cv->isfirst; + if(cv->local_zones || cv->local_data) { + if(!(v->local_zones = local_zones_create())){ + lock_rw_unlock(&v->lock); + return 0; + } + memset(&lz_cfg, 0, sizeof(lz_cfg)); + lz_cfg.local_zones = cv->local_zones; + lz_cfg.local_data = cv->local_data; + lz_cfg.local_zones_nodefault = + cv->local_zones_nodefault; + if(!local_zones_apply_cfg(v->local_zones, &lz_cfg)){ + lock_rw_unlock(&v->lock); + return 0; + } + /* local_zones, local_zones_nodefault and local_data + * are free'd from config_view by local_zones_apply_cfg. + * Set pointers to NULL. */ + cv->local_zones = NULL; + cv->local_data = NULL; + cv->local_zones_nodefault = NULL; + } + lock_rw_unlock(&v->lock); + } + return 1; +} + +/** find a view by name */ +struct view* +views_find_view(struct views* vs, const char* name, int write) +{ + struct view* v; + struct view key; + key.node.key = &v; + key.name = (char *)name; + lock_rw_rdlock(&vs->lock); + if(!(v = (struct view*)rbtree_search(&vs->vtree, &key.node))) { + lock_rw_unlock(&vs->lock); + return 0; + } + if(write) { + lock_rw_wrlock(&v->lock); + } else { + lock_rw_rdlock(&v->lock); + } + lock_rw_unlock(&vs->lock); + return v; +} + +void views_print(struct views* v) +{ + /* TODO implement print */ + (void)v; +} diff -Nru unbound-1.5.8/services/view.h unbound-1.6.0/services/view.h --- unbound-1.5.8/services/view.h 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/services/view.h 2016-10-05 09:36:25.000000000 +0000 @@ -0,0 +1,135 @@ +/* + * services/view.h - named views containing local zones authority service. + * + * Copyright (c) 2016, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions to enable named views that can hold local zone + * authority service. + */ + +#ifndef SERVICES_VIEW_H +#define SERVICES_VIEW_H +#include "util/rbtree.h" +#include "util/locks.h" +struct regional; +struct config_file; +struct config_view; + + +/** + * Views storage, shared. + */ +struct views { + /** lock on the view tree */ + lock_rw_t lock; + /** rbtree of struct view */ + rbtree_t vtree; +}; + +/** + * View. Named structure holding local authority zones. + */ +struct view { + /** rbtree node, key is name */ + rbnode_t node; + /** view name. + * Has to be right after rbnode_t due to pointer arithmatic in + * view_create's lock protect */ + char* name; + /** view specific local authority zones */ + struct local_zones* local_zones; + /** Fallback to global local_zones when there is no match in the view + * specific tree. 1 for yes, 0 for no */ + int isfirst; + /** lock on the data in the structure + * For the node and name you + * need to also hold the views_tree lock to change them (or to + * delete this view) */ + lock_rw_t lock; +}; + + +/** + * Create views storage + * @return new struct or NULL on error. + */ +struct views* views_create(void); + +/** + * Delete views storage + * @param v: views to delete. + */ +void views_delete(struct views* v); + +/** + * Apply config settings; + * Takes care of locking. + * @param v: view is set up. + * @param cfg: config data. + * @return false on error. + */ +int views_apply_cfg(struct views* v, struct config_file* cfg); + +/** + * Compare two view entries in rbtree. Sort canonical. + * @param v1: view 1 + * @param v2: view 2 + * @return: negative, positive or 0 comparison value. + */ +int view_cmp(const void* v1, const void* v2); + +/** + * Delete one view + * @param v: view to delete. + */ +void view_delete(struct view* v); + +/** + * Debug helper. Print all views + * Takes care of locking. + * @param v: the views tree + */ +void views_print(struct views* v); + +/* Find a view by name. + * @param vs: views + * @param name: name of the view we are looking for + * @param write: 1 for obtaining write lock on found view, 0 for read lock + * @return: locked view or NULL. + */ +struct view* views_find_view(struct views* vs, const char* name, int write); + +#endif /* SERVICES_VIEW_H */ diff -Nru unbound-1.5.8/sldns/keyraw.c unbound-1.6.0/sldns/keyraw.c --- unbound-1.5.8/sldns/keyraw.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/sldns/keyraw.c 2016-09-15 14:40:42.000000000 +0000 @@ -23,6 +23,15 @@ #ifdef HAVE_OPENSSL_ENGINE_H # include #endif +#ifdef HAVE_OPENSSL_BN_H +#include +#endif +#ifdef HAVE_OPENSSL_RSA_H +#include +#endif +#ifdef HAVE_OPENSSL_DSA_H +#include +#endif #endif /* HAVE_SSL */ size_t @@ -206,7 +215,6 @@ offset += length; Y = BN_bin2bn(key+offset, (int)length, NULL); - offset += length; /* create the key and set its properties */ if(!Q || !P || !G || !Y || !(dsa = DSA_new())) { @@ -216,6 +224,7 @@ BN_free(Y); return NULL; } +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S dsa->p = P; dsa->q = Q; @@ -223,6 +232,25 @@ dsa->pub_key = Y; #endif /* splint */ +#else /* OPENSSL_VERSION_NUMBER */ + if (!DSA_set0_pqg(dsa, P, Q, G)) { + /* QPG not yet attached, need to free */ + BN_free(Q); + BN_free(P); + BN_free(G); + + DSA_free(dsa); + BN_free(Y); + return NULL; + } + if (!DSA_set0_key(dsa, Y, NULL)) { + /* QPG attached, cleaned up by DSA_fre() */ + DSA_free(dsa); + BN_free(Y); + return NULL; + } +#endif + return dsa; } @@ -274,11 +302,21 @@ BN_free(modulus); return NULL; } +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S rsa->n = modulus; rsa->e = exponent; #endif /* splint */ +#else /* OPENSSL_VERSION_NUMBER */ + if (!RSA_set0_key(rsa, modulus, exponent, NULL)) { + BN_free(exponent); + BN_free(modulus); + RSA_free(rsa); + return NULL; + } +#endif + return rsa; } diff -Nru unbound-1.5.8/sldns/parseutil.c unbound-1.6.0/sldns/parseutil.c --- unbound-1.5.8/sldns/parseutil.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/sldns/parseutil.c 2016-04-29 15:02:00.000000000 +0000 @@ -637,7 +637,7 @@ target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ]; target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ]; target[o+3] = pad64; - i += 2; + /* i += 2; */ o += 4; break; case 1: @@ -646,7 +646,7 @@ target[o+1] = b64[ ((src[i]&0x03)<<4) ]; target[o+2] = pad64; target[o+3] = pad64; - i += 1; + /* i += 1; */ o += 4; break; case 0: diff -Nru unbound-1.5.8/sldns/rrdef.h unbound-1.6.0/sldns/rrdef.h --- unbound-1.5.8/sldns/rrdef.h 2016-02-08 16:13:03.000000000 +0000 +++ unbound-1.6.0/sldns/rrdef.h 2016-08-08 07:36:20.000000000 +0000 @@ -195,7 +195,7 @@ LDNS_RR_TYPE_TALINK = 58, LDNS_RR_TYPE_CDS = 59, /** RFC 7344 */ LDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */ - LDNS_RR_TYPE_OPENPGPKEY = 61, /* draft-ietf-dane-openpgpkey */ + LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -420,7 +420,8 @@ LDNS_EDNS_DAU = 5, /* RFC6975 */ LDNS_EDNS_DHU = 6, /* RFC6975 */ LDNS_EDNS_N3U = 7, /* RFC6975 */ - LDNS_EDNS_CLIENT_SUBNET = 8 /* draft-vandergaast-edns-client-subnet */ + LDNS_EDNS_CLIENT_SUBNET = 8, /* draft-vandergaast-edns-client-subnet */ + LDNS_EDNS_PADDING = 12 /* RFC7830 */ }; typedef enum sldns_enum_edns_option sldns_edns_option; diff -Nru unbound-1.5.8/sldns/str2wire.c unbound-1.6.0/sldns/str2wire.c --- unbound-1.5.8/sldns/str2wire.c 2016-01-14 08:28:46.000000000 +0000 +++ unbound-1.6.0/sldns/str2wire.c 2016-12-08 08:49:12.000000000 +0000 @@ -328,7 +328,7 @@ /** find delimiters for type */ static const char* -rrinternal_get_delims(sldns_rdf_type rdftype, uint16_t r_cnt, uint16_t r_max) +rrinternal_get_delims(sldns_rdf_type rdftype, size_t r_cnt, size_t r_max) { switch(rdftype) { case LDNS_RDF_TYPE_B64 : @@ -463,7 +463,7 @@ static int rrinternal_parse_rdf(sldns_buffer* strbuf, char* token, size_t token_len, uint8_t* rr, size_t rr_len, size_t* rr_cur_len, sldns_rdf_type rdftype, - uint16_t rr_type, uint16_t r_cnt, uint16_t r_max, size_t dname_len, + uint16_t rr_type, size_t r_cnt, size_t r_max, size_t dname_len, uint8_t* origin, size_t origin_len) { size_t len; @@ -613,7 +613,7 @@ uint8_t* origin, size_t origin_len) { const sldns_rr_descriptor *desc = sldns_rr_descript((uint16_t)rr_type); - uint16_t r_cnt, r_min, r_max; + size_t r_cnt, r_min, r_max; size_t rr_cur_len = dname_len + 10, pre_data_pos, token_strlen; int was_unknown_rr_format = 0, parens = 0, status, quoted; const char* delimiters; @@ -693,7 +693,7 @@ sldns_buffer_position(strbuf)); } /* write rdata length */ - sldns_write_uint16(rr+dname_len+8, rr_cur_len-dname_len-10); + sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10)); *rr_len = rr_cur_len; return LDNS_WIREPARSE_ERR_OK; } @@ -892,10 +892,10 @@ parse_state?parse_state->default_ttl:0, (parse_state&&parse_state->origin_len)? parse_state->origin:NULL, - parse_state->origin_len, + parse_state?parse_state->origin_len:0, (parse_state&&parse_state->prev_rr_len)? parse_state->prev_rr:NULL, - parse_state->prev_rr_len); + parse_state?parse_state->prev_rr_len:0); } return LDNS_WIREPARSE_ERR_OK; } @@ -1369,7 +1369,7 @@ if (tm.tm_sec < 0 || tm.tm_sec > 59) return LDNS_WIREPARSE_ERR_SYNTAX_TIME; - sldns_write_uint32(rd, sldns_mktime_from_utc(&tm)); + sldns_write_uint32(rd, (uint32_t)sldns_mktime_from_utc(&tm)); } else { /* handle it as 32 bits timestamp */ char *end; @@ -1932,7 +1932,7 @@ if(!isalnum((unsigned char)*ptr)) return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TAG, ptr-str); } - rd[0] = slen; + rd[0] = (uint8_t)slen; memmove(rd+1, str, slen); *len = slen+1; return LDNS_WIREPARSE_ERR_OK; @@ -2000,7 +2000,7 @@ return RET_ERR_SHIFT(e, s-(char*)str); if(pklen > 65535) return RET_ERR(LDNS_WIREPARSE_ERR_LABEL_OVERFLOW, s-(char*)str+65535); - sldns_write_uint16(rd+2, pklen); + sldns_write_uint16(rd+2, (uint16_t)pklen); *len = 4 + hitlen + pklen; return LDNS_WIREPARSE_ERR_OK; diff -Nru unbound-1.5.8/sldns/wire2str.c unbound-1.6.0/sldns/wire2str.c --- unbound-1.5.8/sldns/wire2str.c 2015-10-15 09:51:30.000000000 +0000 +++ unbound-1.6.0/sldns/wire2str.c 2016-12-08 08:49:12.000000000 +0000 @@ -165,6 +165,7 @@ { 6, "DHU" }, { 7, "N3U" }, { 8, "edns-client-subnet" }, + { 12, "Padding" }, { 0, NULL} }; sldns_lookup_table* sldns_edns_options = sldns_edns_options_data; @@ -666,7 +667,7 @@ uint8_t* origd = *d; char* origs = *s; size_t origdlen = *dlen, origslen = *slen; - uint16_t r_cnt, r_max; + size_t r_cnt, r_max; sldns_rdf_type rdftype; int w = 0, n; @@ -787,8 +788,9 @@ } /* spool label characters, end with '.' */ - if(in_buf && *dlen < labellen) labellen = *dlen; - else if(!in_buf && pos+labellen > pkt+pktlen) + if(in_buf && *dlen < (size_t)labellen) + labellen = (uint8_t)*dlen; + else if(!in_buf && pos+(size_t)labellen > pkt+pktlen) labellen = (uint8_t)(pkt + pktlen - pos); for(i=0; i<(unsigned)labellen; i++) { w += dname_char_print(s, slen, *pos++); @@ -1864,6 +1866,9 @@ case LDNS_EDNS_CLIENT_SUBNET: w += sldns_wire2str_edns_subnet_print(s, sl, optdata, optlen); break; + case LDNS_EDNS_PADDING: + w += print_hex_buf(s, sl, optdata, optlen); + break; default: /* unknown option code */ w += print_hex_buf(s, sl, optdata, optlen); @@ -1956,10 +1961,10 @@ w += sldns_str_print(str, str_len, " ; udp: %u", (unsigned)udpsize); if(rdatalen) { - if(*data_len < rdatalen) { + if((size_t)*data_len < rdatalen) { w += sldns_str_print(str, str_len, " ; Error EDNS rdata too short; "); - rdatalen = *data_len; + rdatalen = (uint16_t)*data_len; } w += print_edns_opts(str, str_len, *data, rdatalen); (*data) += rdatalen; diff -Nru unbound-1.5.8/sldns/wire2str.h unbound-1.6.0/sldns/wire2str.h --- unbound-1.5.8/sldns/wire2str.h 2014-02-06 10:57:42.000000000 +0000 +++ unbound-1.6.0/sldns/wire2str.h 2016-09-05 07:14:56.000000000 +0000 @@ -118,7 +118,7 @@ * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_pkt_buf(uint8_t* data, size_t data_len, char* str, size_t str_len); @@ -351,7 +351,7 @@ * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str, size_t str_len); @@ -369,7 +369,7 @@ * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str, size_t str_len); @@ -389,7 +389,7 @@ * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len, char* str, size_t str_len); @@ -406,7 +406,7 @@ * silently truncate the output to fit in the buffer. * @param rrtype: rr type of the data * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, size_t str_len, uint16_t rrtype); @@ -417,7 +417,7 @@ * @param str: the string to write to. * @param len: length of str. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len); @@ -427,7 +427,7 @@ * @param str: the string to write to. * @param len: length of str. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len); @@ -437,7 +437,7 @@ * @param str: the string to write to. * @param len: length of str. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_rcode_buf(int rcode, char* str, size_t len); @@ -448,7 +448,7 @@ * @param str: the string to write to. * @param len: length of string. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int sldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, size_t len); diff -Nru unbound-1.5.8/smallapp/unbound-anchor.c unbound-1.6.0/smallapp/unbound-anchor.c --- unbound-1.5.8/smallapp/unbound-anchor.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/smallapp/unbound-anchor.c 2016-10-17 15:17:15.000000000 +0000 @@ -37,7 +37,8 @@ * \file * * This file checks to see that the current 5011 keys work to prime the - * current root anchor. If not a certificate is used to update the anchor. + * current root anchor. If not a certificate is used to update the anchor, + * with RFC7958 https xml fetch. * * This is a concept solution for distribution of the DNSSEC root * trust anchor. It is a small tool, called "unbound-anchor", that @@ -47,7 +48,7 @@ * Management-Abstract: * * first run: fill root.key file with hardcoded DS record. * * mostly: use RFC5011 tracking, quick . DNSKEY UDP query. - * * failover: use builtin certificate, do https and update. + * * failover: use RFC7958 builtin certificate, do https and update. * Special considerations: * * 30-days RFC5011 timer saves a lot of https traffic. * * DNSKEY probe must be NOERROR, saves a lot of https traffic. @@ -77,7 +78,7 @@ * the file contains a list of normal DNSKEY/DS records, and uses that to * bootstrap 5011 (the KSK is made VALID). * - * The certificate update is done by fetching root-anchors.xml and + * The certificate RFC7958 update is done by fetching root-anchors.xml and * root-anchors.p7s via SSL. The HTTPS certificate can be logged but is * not validated (https for channel security; the security comes from the * certificate). The 'data.iana.org' domain name A and AAAA are resolved @@ -171,7 +172,7 @@ /** Give unbound-anchor usage, and exit (1). */ static void -usage() +usage(void) { printf("Usage: unbound-anchor [opts]\n"); printf(" Setup or update root anchor. " @@ -419,8 +420,14 @@ { const char* builtin_cert = get_builtin_cert(); STACK_OF(X509)* sk; - BIO *bio = BIO_new_mem_buf((void*)builtin_cert, - (int)strlen(builtin_cert)); + BIO *bio; + char* d = strdup(builtin_cert); /* to avoid const warnings in the + changed prototype of BIO_new_mem_buf */ + if(!d) { + if(verb) printf("out of memory\n"); + exit(0); + } + bio = BIO_new_mem_buf(d, (int)strlen(d)); if(!bio) { if(verb) printf("out of memory\n"); exit(0); @@ -431,6 +438,7 @@ exit(0); } BIO_free(bio); + free(d); return sk; } @@ -1836,7 +1844,7 @@ #ifdef HAVE_FSYNC fsync(fileno(out)); #else - FlushFileBuffers((HANDLE)_fileno(out)); + FlushFileBuffers((HANDLE)_get_osfhandle(_fileno(out))); #endif fclose(out); } @@ -1868,7 +1876,7 @@ #ifdef HAVE_FSYNC fsync(fileno(out)); #else - FlushFileBuffers((HANDLE)_fileno(out)); + FlushFileBuffers((HANDLE)_get_osfhandle(_fileno(out))); #endif fclose(out); } @@ -2310,10 +2318,22 @@ if(argc != 0) usage(); +#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); +#endif ERR_load_SSL_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(0, NULL); +#endif if(dolist) do_list_builtin(); diff -Nru unbound-1.5.8/smallapp/unbound-checkconf.c unbound-1.6.0/smallapp/unbound-checkconf.c --- unbound-1.5.8/smallapp/unbound-checkconf.c 2015-12-01 09:12:30.000000000 +0000 +++ unbound-1.6.0/smallapp/unbound-checkconf.c 2016-12-06 13:42:51.000000000 +0000 @@ -72,7 +72,7 @@ /** Give checkconf usage, and exit (1). */ static void -usage() +usage(void) { printf("Usage: unbound-checkconf [file]\n"); printf(" Checks unbound configuration file for errors.\n"); @@ -97,7 +97,10 @@ print_option(struct config_file* cfg, const char* opt, int final) { if(strcmp(opt, "pidfile") == 0 && final) { - printf("%s\n", fname_after_chroot(cfg->pidfile, cfg, 1)); + char *p = fname_after_chroot(cfg->pidfile, cfg, 1); + if(!p) fatal_exit("out of memory"); + printf("%s\n", p); + free(p); return; } if(!config_get_option(cfg, opt, config_print_func, stdout)) @@ -115,12 +118,15 @@ env.scratch_buffer = sldns_buffer_new(BUFSIZ); if(!env.scratch || !env.scratch_buffer) fatal_exit("out of memory"); + if(!edns_known_options_init(&env)) + fatal_exit("out of memory"); if(!(*fb->init)(&env, 0)) { fatal_exit("bad config for %s module", fb->name); } (*fb->deinit)(&env, 0); sldns_buffer_free(env.scratch_buffer); regional_destroy(env.scratch); + edns_known_options_delete(&env); } /** check localzones */ @@ -161,6 +167,7 @@ static void interfacechecks(struct config_file* cfg) { + int d; struct sockaddr_storage a; socklen_t alen; int i, j; @@ -177,8 +184,8 @@ } } for(i=0; inum_out_ifs; i++) { - if(!ipstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, - &a, &alen)) { + if(!ipstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen) && + !netblockstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen, &d)) { fatal_exit("cannot parse outgoing-interface " "specified as '%s'", cfg->out_ifs[i]); } @@ -330,6 +337,8 @@ fatal_exit("num_threads value weird"); if(!cfg->do_ip4 && !cfg->do_ip6) fatal_exit("ip4 and ip6 are both disabled, pointless"); + if(!cfg->do_ip6 && cfg->prefer_ip6) + fatal_exit("cannot prefer and disable ip6, pointless"); if(!cfg->do_udp && !cfg->do_tcp) fatal_exit("udp and tcp are both disabled, pointless"); if(cfg->edns_buffer_size > cfg->msg_buffer_size) @@ -412,6 +421,21 @@ && strcmp(cfg->module_conf, "python dns64 iterator") != 0 && strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 #endif +#ifdef USE_CACHEDB + && strcmp(cfg->module_conf, "validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 cachedb iterator") != 0 + && strcmp(cfg->module_conf, "python dns64 cachedb iterator") != 0 + && strcmp(cfg->module_conf, "python dns64 validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 python cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 python validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "python cachedb iterator") != 0 + && strcmp(cfg->module_conf, "python validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "cachedb python iterator") != 0 + && strcmp(cfg->module_conf, "validator cachedb python iterator") != 0 + && strcmp(cfg->module_conf, "validator python cachedb iterator") != 0 +#endif ) { fatal_exit("module conf '%s' is not known to work", cfg->module_conf); @@ -421,7 +445,9 @@ if(cfg->username && cfg->username[0]) { if(getpwnam(cfg->username) == NULL) fatal_exit("user '%s' does not exist.", cfg->username); +# ifdef HAVE_ENDPWENT endpwent(); +# endif } #endif if(cfg->remote_control_enable && cfg->remote_control_use_cert) { @@ -466,14 +492,22 @@ static void checkconf(const char* cfgfile, const char* opt, int final) { + char oldwd[4096]; struct config_file* cfg = config_create(); if(!cfg) fatal_exit("out of memory"); + oldwd[0] = 0; + if(!getcwd(oldwd, sizeof(oldwd))) { + log_err("cannot getcwd: %s", strerror(errno)); + oldwd[0] = 0; + } if(!config_read(cfg, cfgfile, NULL)) { /* config_read prints messages to stderr */ config_delete(cfg); exit(1); } + if(oldwd[0] && chdir(oldwd) == -1) + log_err("cannot chdir(%s): %s", oldwd, strerror(errno)); if(opt) { print_option(cfg, opt, final); config_delete(cfg); diff -Nru unbound-1.5.8/smallapp/unbound-control.c unbound-1.6.0/smallapp/unbound-control.c --- unbound-1.5.8/smallapp/unbound-control.c 2015-12-08 08:15:55.000000000 +0000 +++ unbound-1.6.0/smallapp/unbound-control.c 2016-11-30 11:22:29.000000000 +0000 @@ -65,7 +65,7 @@ /** Give unbound-control usage, and exit (1). */ static void -usage() +usage(void) { printf("Usage: unbound-control [options] command\n"); printf(" Remote control utility for unbound server.\n"); @@ -102,7 +102,7 @@ printf(" flush_negative flush all negative data\n"); printf(" flush_stats flush statistics, make zero\n"); printf(" flush_requestlist drop queries that are worked on\n"); - printf(" dump_requestlist show what is worked on\n"); + printf(" dump_requestlist show what is worked on by first thread\n"); printf(" flush_infra [all | ip] remove ping, edns for one IP or all\n"); printf(" dump_infra show ping and edns entries\n"); printf(" set_option opt: val set option to value, no reload\n"); @@ -176,7 +176,10 @@ free(c_cert); } else { /* Use ciphers that don't require authentication */ - if(!SSL_CTX_set_cipher_list(ctx, "aNULL")) +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + SSL_CTX_set_security_level(ctx, 0); +#endif + if(!SSL_CTX_set_cipher_list(ctx, "aNULL, eNULL")) ssl_err("Error setting NULL cipher!"); } return ctx; @@ -212,7 +215,7 @@ struct sockaddr_un* usock = (struct sockaddr_un *) &addr; usock->sun_family = AF_LOCAL; #ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN - usock->sun_len = (socklen_t)sizeof(usock); + usock->sun_len = (unsigned)sizeof(usock); #endif (void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path)); addrlen = (socklen_t)sizeof(struct sockaddr_un); @@ -300,6 +303,15 @@ } } +/** send end-of-file marker to server */ +static void +send_eof(SSL* ssl) +{ + char e[] = {0x04, 0x0a}; + if(SSL_write(ssl, e, (int)sizeof(e)) <= 0) + ssl_err("could not SSL_write end-of-file marker"); +} + /** send command and display result */ static int go_cmd(SSL* ssl, int quiet, int argc, char* argv[]) @@ -325,6 +337,13 @@ if(argc == 1 && strcmp(argv[0], "load_cache") == 0) { send_file(ssl, stdin, buf, sizeof(buf)); } + else if(argc == 1 && (strcmp(argv[0], "local_zones") == 0 || + strcmp(argv[0], "local_zones_remove") == 0 || + strcmp(argv[0], "local_datas") == 0 || + strcmp(argv[0], "local_datas_remove") == 0)) { + send_file(ssl, stdin, buf, sizeof(buf)); + send_eof(ssl); + } while(1) { ERR_clear_error(); @@ -418,10 +437,22 @@ cfgfile = CONFIGFILE; #endif +#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); +#endif ERR_load_SSL_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(0, NULL); +#endif if(!RAND_status()) { /* try to seed it */ diff -Nru unbound-1.5.8/smallapp/unbound-host.c unbound-1.6.0/smallapp/unbound-host.c --- unbound-1.5.8/smallapp/unbound-host.c 2016-02-19 12:17:03.000000000 +0000 +++ unbound-1.6.0/smallapp/unbound-host.c 2016-09-05 07:23:23.000000000 +0000 @@ -72,7 +72,7 @@ /** Give unbound-host usage, and exit (1). */ static void -usage() +usage(void) { printf("Usage: unbound-host [-vdhr46] [-c class] [-t type] hostname\n"); printf(" [-y key] [-f keyfile] [-F namedkeyfile]\n"); @@ -91,7 +91,7 @@ printf(" -F keyfile read named.conf-style trust anchors.\n"); printf(" -C config use the specified unbound.conf (none read by default)\n"); printf(" -r read forwarder information from /etc/resolv.conf\n"); - printf(" breaks validation if the fwder does not do DNSSEC.\n"); + printf(" breaks validation if the forwarder does not do DNSSEC.\n"); printf(" -v be more verbose, shows nodata and security.\n"); printf(" -d debug, traces the action, -d -d shows more.\n"); printf(" -4 use ipv4 network, avoid ipv6.\n"); diff -Nru unbound-1.5.8/smallapp/worker_cb.c unbound-1.6.0/smallapp/worker_cb.c --- unbound-1.5.8/smallapp/worker_cb.c 2014-06-24 08:24:28.000000000 +0000 +++ unbound-1.6.0/smallapp/worker_cb.c 2016-12-06 13:42:51.000000000 +0000 @@ -99,13 +99,13 @@ log_assert(0); } -struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname), - size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), - uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), +struct outbound_entry* worker_send_query( + struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), + int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q)) + size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), + struct module_qstate* ATTR_UNUSED(q)) { log_assert(0); return 0; @@ -131,13 +131,13 @@ log_assert(0); } -struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname), - size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), - uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), +struct outbound_entry* libworker_send_query( + struct query_info* ATTR_UNUSED(qinfo), uint16_t ATTR_UNUSED(flags), int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), - int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), + int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), - size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q)) + size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), + struct module_qstate* ATTR_UNUSED(q)) { log_assert(0); return 0; @@ -223,8 +223,8 @@ int order_lock_cmp(const void* e1, const void* e2) { - struct order_id* o1 = (struct order_id*)e1; - struct order_id* o2 = (struct order_id*)e2; + const struct order_id* o1 = e1; + const struct order_id* o2 = e2; if(o1->thr < o2->thr) return -1; if(o1->thr > o2->thr) return 1; if(o1->instance < o2->instance) return -1; @@ -235,7 +235,7 @@ int codeline_cmp(const void* a, const void* b) { - return strcmp((const char*)a, (const char*)b); + return strcmp(a, b); } int replay_var_compare(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) diff -Nru unbound-1.5.8/testcode/asynclook.c unbound-1.6.0/testcode/asynclook.c --- unbound-1.5.8/testcode/asynclook.c 2016-02-24 14:52:28.000000000 +0000 +++ unbound-1.6.0/testcode/asynclook.c 2016-10-05 09:56:05.000000000 +0000 @@ -470,7 +470,7 @@ return 1; } - /* perform asyncronous calls */ + /* perform asynchronous calls */ num_wait = argc; for(i=0; ibase; struct fake_pending* pend = (struct fake_pending*)calloc(1, @@ -1050,7 +1050,7 @@ char z[256]; log_assert(pend); log_nametypeclass(VERB_OPS, "pending serviced query", - qname, qtype, qclass); + qinfo->qname, qinfo->qtype, qinfo->qclass); dname_str(zone, z); verbose(VERB_OPS, "pending serviced query zone %s flags%s%s%s%s", z, (flags&BIT_RD)?" RD":"", (flags&BIT_CD)?" CD":"", @@ -1065,9 +1065,9 @@ sldns_buffer_write_u16(pend->buffer, 0); /* ancount */ sldns_buffer_write_u16(pend->buffer, 0); /* nscount */ sldns_buffer_write_u16(pend->buffer, 0); /* arcount */ - sldns_buffer_write(pend->buffer, qname, qnamelen); - sldns_buffer_write_u16(pend->buffer, qtype); - sldns_buffer_write_u16(pend->buffer, qclass); + sldns_buffer_write(pend->buffer, qinfo->qname, qinfo->qname_len); + sldns_buffer_write_u16(pend->buffer, qinfo->qtype); + sldns_buffer_write_u16(pend->buffer, qinfo->qclass); sldns_buffer_flip(pend->buffer); if(1) { /* add edns */ @@ -1077,6 +1077,7 @@ edns.edns_version = EDNS_ADVERTISED_VERSION; edns.udp_size = EDNS_ADVERTISED_SIZE; edns.bits = 0; + edns.opt_list = qstate->edns_opts_back_out; if(dnssec) edns.bits = EDNS_DO; attach_edns_record(pend->buffer, &edns); @@ -1085,7 +1086,7 @@ pend->addrlen = addrlen; pend->zone = memdup(zone, zonelen); pend->zonelen = zonelen; - pend->qtype = (int)qtype; + pend->qtype = (int)qinfo->qtype; log_assert(pend->zone); pend->callback = callback; pend->cb_arg = callback_arg; @@ -1129,6 +1130,7 @@ while(p) { if(p == pend) { log_assert(p->cb_arg == cb_arg); + (void)cb_arg; log_info("serviced pending delete"); if(prev) prev->next = p->next; @@ -1387,7 +1389,7 @@ (void)start_acc; } -struct event_base* comm_base_internal(struct comm_base* ATTR_UNUSED(b)) +struct ub_event_base* comm_base_internal(struct comm_base* ATTR_UNUSED(b)) { /* no pipe comm possible in testbound */ return NULL; diff -Nru unbound-1.5.8/testcode/lock_verify.c unbound-1.6.0/testcode/lock_verify.c --- unbound-1.5.8/testcode/lock_verify.c 2015-10-28 10:37:53.000000000 +0000 +++ unbound-1.6.0/testcode/lock_verify.c 2016-09-05 07:23:23.000000000 +0000 @@ -105,7 +105,7 @@ /** print program usage help */ static void -usage() +usage(void) { printf("lock_verify \n"); } diff -Nru unbound-1.5.8/testcode/memstats.c unbound-1.6.0/testcode/memstats.c --- unbound-1.5.8/testcode/memstats.c 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/testcode/memstats.c 2016-11-22 15:50:07.000000000 +0000 @@ -66,7 +66,7 @@ /** print usage and exit */ static void -usage() +usage(void) { printf("usage: memstats \n"); printf("statistics are printed on stdout.\n"); @@ -236,6 +236,7 @@ int main(int argc, const char* argv[]) { rbtree_t* tree = 0; + log_init(NULL, 0, 0); if(argc != 2) { usage(); } diff -Nru unbound-1.5.8/testcode/perf.c unbound-1.6.0/testcode/perf.c --- unbound-1.5.8/testcode/perf.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/testcode/perf.c 2016-10-18 13:18:20.000000000 +0000 @@ -487,6 +487,7 @@ qinfo.qname = sldns_str2wire_dname(nm, &qinfo.qname_len); if(!qinfo.qname) return 0; + qinfo.local_alias = NULL; qinfo_query_encode(buf, &qinfo); sldns_buffer_write_u16_at(buf, 0, 0); /* zero ID */ if(rec) LDNS_RD_SET(sldns_buffer_begin(buf)); diff -Nru unbound-1.5.8/testcode/petal.c unbound-1.6.0/testcode/petal.c --- unbound-1.5.8/testcode/petal.c 2015-07-21 14:37:15.000000000 +0000 +++ unbound-1.6.0/testcode/petal.c 2016-09-15 12:03:10.000000000 +0000 @@ -70,7 +70,7 @@ /** Give petal usage, and exit (1). */ static void -usage() +usage(void) { printf("Usage: petal [opts]\n"); printf(" https daemon serves files from ./'host'/filename\n"); @@ -429,6 +429,7 @@ provide_file_chunked(SSL* ssl, char* fname) { char buf[16384]; + char* tmpbuf = NULL; char* at = buf; size_t avail = sizeof(buf); size_t r; @@ -471,9 +472,13 @@ } do { - char tmpbuf[sizeof(buf)]; + size_t red; + free(tmpbuf); + tmpbuf = malloc(avail-16); + if(!tmpbuf) + break; /* read chunk; space-16 for xxxxCRLF..CRLF0CRLFCRLF (3 spare)*/ - size_t red = in?fread(tmpbuf, 1, avail-16, in):0; + red = in?fread(tmpbuf, 1, avail-16, in):0; /* prepare chunk */ snprintf(at, avail, "%x\r\n", (unsigned)red); r = strlen(at); @@ -514,6 +519,7 @@ avail = sizeof(buf); } while(in && !feof(in) && !ferror(in)); + free(tmpbuf); if(in) fclose(in); } @@ -634,16 +640,30 @@ #ifdef SIGPIPE (void)signal(SIGPIPE, SIG_IGN); #endif +#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); +#endif ERR_load_SSL_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(0, NULL); +#endif do_service(addr, port, key, cert); +#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); +#endif +#ifdef HAVE_ERR_FREE_STRINGS ERR_free_strings(); - RAND_cleanup(); +#endif return 0; } diff -Nru unbound-1.5.8/testcode/signit.c unbound-1.6.0/testcode/signit.c --- unbound-1.5.8/testcode/signit.c 2014-07-03 09:07:38.000000000 +0000 +++ unbound-1.6.0/testcode/signit.c 2016-09-05 07:23:23.000000000 +0000 @@ -63,7 +63,7 @@ /** print usage and exit */ static void -usage() +usage(void) { printf("usage: signit expi ince keytag owner keyfile\n"); printf("present rrset data on stdin.\n"); diff -Nru unbound-1.5.8/testcode/streamtcp.c unbound-1.6.0/testcode/streamtcp.c --- unbound-1.5.8/testcode/streamtcp.c 2016-01-26 09:15:22.000000000 +0000 +++ unbound-1.6.0/testcode/streamtcp.c 2016-10-18 13:18:20.000000000 +0000 @@ -128,6 +128,9 @@ qinfo.qtype = sldns_get_rr_type_by_name(strtype); qinfo.qclass = sldns_get_rr_class_by_name(strclass); + /* clear local alias */ + qinfo.local_alias = NULL; + /* make query */ qinfo_query_encode(buf, &qinfo); sldns_buffer_write_u16_at(buf, 0, id); @@ -406,8 +409,18 @@ } if(usessl) { ERR_load_SSL_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); - SSL_library_init(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(0, NULL); +#endif } send_em(svr, udp, usessl, noanswer, argc, argv); checklock_stop(); diff -Nru unbound-1.5.8/testcode/testbound.c unbound-1.6.0/testcode/testbound.c --- unbound-1.5.8/testcode/testbound.c 2016-01-14 08:28:46.000000000 +0000 +++ unbound-1.6.0/testcode/testbound.c 2016-09-05 07:23:23.000000000 +0000 @@ -67,7 +67,7 @@ /** give commandline usage for testbound. */ static void -testbound_usage() +testbound_usage(void) { printf("usage: testbound [options]\n"); printf("\ttest the unbound daemon.\n"); diff -Nru unbound-1.5.8/testcode/testpkts.c unbound-1.6.0/testcode/testpkts.c --- unbound-1.5.8/testcode/testpkts.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/testcode/testpkts.c 2016-09-05 07:23:23.000000000 +0000 @@ -239,7 +239,7 @@ } /** create new entry */ -static struct entry* new_entry() +static struct entry* new_entry(void) { struct entry* e = (struct entry*)malloc(sizeof(struct entry)); if(!e) error("out of memory"); diff -Nru unbound-1.5.8/testcode/unitmain.c unbound-1.6.0/testcode/unitmain.c --- unbound-1.5.8/testcode/unitmain.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/testcode/unitmain.c 2016-09-02 09:59:09.000000000 +0000 @@ -380,6 +380,28 @@ unit_assert( cfg_parse_memsize("0 Gb", &v) && v==0*1024*1024); } +/** test config_file: test tag code */ +static void +config_tag_test(void) +{ + unit_show_func("util/config_file.c", "taglist_intersect"); + unit_assert( taglist_intersect( + (uint8_t*)"\000\000\000", 3, (uint8_t*)"\001\000\001", 3 + ) == 0); + unit_assert( taglist_intersect( + (uint8_t*)"\000\000\001", 3, (uint8_t*)"\001\000\001", 3 + ) == 1); + unit_assert( taglist_intersect( + (uint8_t*)"\001\000\000", 3, (uint8_t*)"\001\000\001", 3 + ) == 1); + unit_assert( taglist_intersect( + (uint8_t*)"\001", 1, (uint8_t*)"\001\000\001", 3 + ) == 1); + unit_assert( taglist_intersect( + (uint8_t*)"\001\000\001", 3, (uint8_t*)"\001", 1 + ) == 1); +} + #include "util/rtt.h" /** test RTT code */ static void @@ -546,6 +568,9 @@ printf("test %s functions\n", feature); } +#ifdef USE_ECDSA_EVP_WORKAROUND +void ecdsa_evp_workaround_init(void); +#endif /** * Main unit test program. Setup, teardown and report errors. * @param argc: arg count. @@ -563,13 +588,15 @@ } printf("Start of %s unit test.\n", PACKAGE_STRING); #ifdef HAVE_SSL +# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); -# ifdef HAVE_OPENSSL_CONFIG - OPENSSL_config("unbound"); # endif # ifdef USE_GOST (void)sldns_key_EVP_load_gost_id(); # endif +# ifdef USE_ECDSA_EVP_WORKAROUND + ecdsa_evp_workaround_init(); +# endif #elif defined(HAVE_NSS) if(NSS_NoDB_Init(".") != SECSuccess) fatal_exit("could not init NSS"); @@ -580,6 +607,7 @@ verify_test(); net_test(); config_memsize_test(); + config_tag_test(); dname_test(); rtt_test(); anchors_test(); @@ -597,14 +625,21 @@ sldns_key_EVP_unload_gost(); # endif # ifdef HAVE_OPENSSL_CONFIG +# ifdef HAVE_EVP_CLEANUP EVP_cleanup(); +# endif ENGINE_cleanup(); CONF_modules_free(); # endif +# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); +# endif +# ifdef HAVE_ERR_FREE_STRINGS ERR_free_strings(); +# endif +# ifdef HAVE_RAND_CLEANUP RAND_cleanup(); +# endif #elif defined(HAVE_NSS) if(NSS_Shutdown() != SECSuccess) fatal_exit("could not shutdown NSS"); diff -Nru unbound-1.5.8/testcode/unitverify.c unbound-1.6.0/testcode/unitverify.c --- unbound-1.5.8/testcode/unitverify.c 2015-11-17 13:31:22.000000000 +0000 +++ unbound-1.6.0/testcode/unitverify.c 2016-03-23 08:19:49.000000000 +0000 @@ -497,12 +497,14 @@ { unit_show_feature("signature verify"); verifytest_file("testdata/test_signatures.1", "20070818005004"); +#ifdef USE_DSA verifytest_file("testdata/test_signatures.2", "20080414005004"); verifytest_file("testdata/test_signatures.3", "20080416005004"); verifytest_file("testdata/test_signatures.4", "20080416005004"); verifytest_file("testdata/test_signatures.5", "20080416005004"); verifytest_file("testdata/test_signatures.6", "20080416005004"); verifytest_file("testdata/test_signatures.7", "20070829144150"); +#endif /* USE_DSA */ verifytest_file("testdata/test_signatures.8", "20070829144150"); #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) verifytest_file("testdata/test_sigs.rsasha256", "20070829144150"); Binary files /tmp/tmpfQ2ho3/zzyxSVb8Ya/unbound-1.5.8/testdata/04-checkconf.tpkg and /tmp/tmpfQ2ho3/_uDKBmJkBQ/unbound-1.6.0/testdata/04-checkconf.tpkg differ Binary files /tmp/tmpfQ2ho3/zzyxSVb8Ya/unbound-1.5.8/testdata/09-unbound-control.tpkg and /tmp/tmpfQ2ho3/_uDKBmJkBQ/unbound-1.6.0/testdata/09-unbound-control.tpkg differ diff -Nru unbound-1.5.8/testdata/iter_resolve_minimised_nx.rpl unbound-1.6.0/testdata/iter_resolve_minimised_nx.rpl --- unbound-1.5.8/testdata/iter_resolve_minimised_nx.rpl 2015-12-01 08:36:26.000000000 +0000 +++ unbound-1.6.0/testdata/iter_resolve_minimised_nx.rpl 2016-06-13 13:06:35.000000000 +0000 @@ -30,7 +30,7 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -com. IN NS +com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL @@ -46,8 +46,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -com. IN NS -SECTION ANSWER +com. IN A +SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 @@ -58,7 +58,7 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -example.com. IN NS +example.com. IN A SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL @@ -74,8 +74,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -example.com. IN NS -SECTION ANSWER +example.com. IN A +SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 @@ -86,7 +86,7 @@ ADJUST copy_id REPLY QR NXDOMAIN SECTION QUESTION -ent.example.com. IN NS +ent.example.com. IN A SECTION AUTHORITY example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 ENTRY_END diff -Nru unbound-1.5.8/testdata/iter_resolve_minimised_refused.rpl unbound-1.6.0/testdata/iter_resolve_minimised_refused.rpl --- unbound-1.5.8/testdata/iter_resolve_minimised_refused.rpl 2015-12-03 12:09:45.000000000 +0000 +++ unbound-1.6.0/testdata/iter_resolve_minimised_refused.rpl 2016-06-13 13:06:35.000000000 +0000 @@ -30,7 +30,7 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -com. IN NS +com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL @@ -46,8 +46,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -com. IN NS -SECTION ANSWER +com. IN A +SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 @@ -58,7 +58,7 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -example.com. IN NS +example.com. IN A SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL @@ -74,7 +74,7 @@ ADJUST copy_id REPLY QR REFUSED SECTION QUESTION -refused.example.com. IN NS +refused.example.com. IN A ENTRY_END ENTRY_BEGIN @@ -82,7 +82,7 @@ ADJUST copy_id REPLY QR REFUSED SECTION QUESTION -www.refused.example.com. IN NS +www.refused.example.com. IN A ENTRY_END ENTRY_BEGIN @@ -90,9 +90,9 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -www.refused.example.com. IN A +www.refused.example.com. IN AAAA SECTION ANSWER -www.refused.example.com. IN A 10.20.30.40 +www.refused.example.com. IN AAAA ::1 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL @@ -104,7 +104,7 @@ ENTRY_BEGIN REPLY RD SECTION QUESTION -www.refused.example.com. IN A +www.refused.example.com. IN AAAA ENTRY_END STEP 20 CHECK_ANSWER @@ -112,9 +112,9 @@ MATCH all REPLY QR RD RA NOERROR SECTION QUESTION -www.refused.example.com. IN A +www.refused.example.com. IN AAAA SECTION ANSWER -www.refused.example.com. IN A 10.20.30.40 +www.refused.example.com. IN AAAA ::1 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL diff -Nru unbound-1.5.8/testdata/iter_resolve_minimised.rpl unbound-1.6.0/testdata/iter_resolve_minimised.rpl --- unbound-1.5.8/testdata/iter_resolve_minimised.rpl 2015-12-01 08:36:26.000000000 +0000 +++ unbound-1.6.0/testdata/iter_resolve_minimised.rpl 2016-06-13 13:06:35.000000000 +0000 @@ -30,7 +30,7 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -com. IN NS +com. IN A SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL @@ -46,8 +46,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -com. IN NS -SECTION ANSWER +com. IN A +SECTION AUTHORITY com. IN NS a.gtld-servers.net. SECTION ADDITIONAL a.gtld-servers.net. IN A 192.5.6.30 @@ -58,7 +58,7 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -example.com. IN NS +example.com. IN A SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL @@ -74,8 +74,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -example.com. IN NS -SECTION ANSWER +example.com. IN A +SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 @@ -86,8 +86,8 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -www.example.com. IN NS -SECTION ANSWER +www.example.com. IN A +SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 @@ -98,9 +98,9 @@ ADJUST copy_id REPLY QR NOERROR SECTION QUESTION -www.example.com. IN A +www.example.com. IN AAAA SECTION ANSWER -www.example.com. IN A 10.20.30.40 +www.example.com. IN AAAA ::123 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL @@ -112,35 +112,35 @@ ENTRY_BEGIN REPLY RD SECTION QUESTION -www.example.com. IN A +www.example.com. IN AAAA ENTRY_END STEP 20 CHECK_OUT_QUERY ENTRY_BEGIN MATCH qname qtype opcode SECTION QUESTION -com. IN NS +com. IN A ENTRY_END STEP 30 CHECK_OUT_QUERY ENTRY_BEGIN MATCH qname qtype opcode SECTION QUESTION -example.com. IN NS +example.com. IN A ENTRY_END STEP 40 CHECK_OUT_QUERY ENTRY_BEGIN MATCH qname qtype opcode SECTION QUESTION -www.example.com. IN NS +www.example.com. IN A ENTRY_END STEP 50 CHECK_OUT_QUERY ENTRY_BEGIN MATCH qname qtype opcode SECTION QUESTION -www.example.com. IN A +www.example.com. IN AAAA ENTRY_END STEP 60 CHECK_ANSWER @@ -148,9 +148,9 @@ MATCH all REPLY QR RD RA NOERROR SECTION QUESTION -www.example.com. IN A +www.example.com. IN AAAA SECTION ANSWER -www.example.com. IN A 10.20.30.40 +www.example.com. IN AAAA ::123 SECTION AUTHORITY example.com. IN NS ns.example.com. SECTION ADDITIONAL diff -Nru unbound-1.5.8/testdata/iter_resolve_minimised_timeout.rpl unbound-1.6.0/testdata/iter_resolve_minimised_timeout.rpl --- unbound-1.5.8/testdata/iter_resolve_minimised_timeout.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/iter_resolve_minimised_timeout.rpl 2016-06-14 12:36:22.000000000 +0000 @@ -0,0 +1,152 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test iterative qname minimised resolve of www.example.com. Simulate broken nameserver that drops QTYPE=A queries. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. IN AAAA ::123 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END + +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +com. IN A +ENTRY_END + +STEP 30 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +example.com. IN A +ENTRY_END + +STEP 40 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 41 TIMEOUT +STEP 42 TIMEOUT +STEP 43 TIMEOUT + +STEP 50 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. IN AAAA ::123 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff -Nru unbound-1.5.8/testdata/local_acl_override.rpl unbound-1.6.0/testdata/local_acl_override.rpl --- unbound-1.5.8/testdata/local_acl_override.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/local_acl_override.rpl 2016-06-24 19:08:58.000000000 +0000 @@ -0,0 +1,93 @@ +; config options +server: + local-zone: "1.example." transparent + local-zone: "2.example." transparent + access-control: 10.10.10.0/24 allow + + local-zone-override: "1.example." 10.10.10.20/32 refuse + local-zone-override: "2.example." 10.10.10.30/32 refuse + local-zone-override: "2.example." 10.10.10.40/32 always_nxdomain + +forward-zone: + name: "example." + forward-addr: 1.2.3.4 + +CONFIG_END +SCENARIO_BEGIN Test local data queries + +RANGE_BEGIN 0 100 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +1.example. IN TXT +SECTION ANSWER +1.example. IN TXT "data 1" +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +2.example. IN TXT +SECTION ANSWER +2.example. IN TXT "data 2" +ENTRY_END +RANGE_END + +STEP 1 QUERY ADDRESS 10.10.10.10 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +1.example. IN TXT +ENTRY_END +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +1.example. IN TXT +SECTION ANSWER +1.example. IN TXT "data 1" +ENTRY_END + +STEP 3 QUERY ADDRESS 10.10.10.20 +ENTRY_BEGIN +SECTION QUESTION +1.example. IN TXT +ENTRY_END +STEP 4 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA REFUSED +SECTION QUESTION +1.example. IN TXT +ENTRY_END + +STEP 5 QUERY ADDRESS 10.10.10.30 +ENTRY_BEGIN +SECTION QUESTION +2.example. IN TXT +ENTRY_END +STEP 6 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA REFUSED +SECTION QUESTION +2.example. IN TXT +ENTRY_END + +STEP 7 QUERY ADDRESS 10.10.10.40 +ENTRY_BEGIN +SECTION QUESTION +2.example. IN TXT +ENTRY_END +STEP 8 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NXDOMAIN +SECTION QUESTION +2.example. IN TXT +ENTRY_END +SCENARIO_END diff -Nru unbound-1.5.8/testdata/local_acl_taglist_action.rpl unbound-1.6.0/testdata/local_acl_taglist_action.rpl --- unbound-1.5.8/testdata/local_acl_taglist_action.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/local_acl_taglist_action.rpl 2016-07-07 10:20:05.000000000 +0000 @@ -0,0 +1,125 @@ +; config options +server: + define-tag: "tag1 tag2 tag3" + local-zone: "example." static + local-data: 'example. IN TXT "data 0"' + + local-zone-tag: "example." "tag1 tag2 tag3" + + access-control: 10.10.10.0/24 allow + access-control-tag: 10.10.10.10/32 "tag1" + access-control-tag: 10.10.10.20/32 "tag2 tag3" + access-control-tag: 10.10.10.30/32 "tag3" + access-control-tag: 10.10.10.40/32 "tag3" + access-control-tag: 10.10.10.50/32 "tag3" + + access-control-tag-action: 10.10.10.10/32 tag1 always_refuse + access-control-tag-action: 10.10.10.20/32 tag2 always_nxdomain + access-control-tag-action: 10.10.10.30/32 tag3 always_refuse + access-control-tag-action: 10.10.10.50/32 tag3 always_transparent + +forward-zone: + name: "example." + forward-addr: 1.2.3.4 + +CONFIG_END +SCENARIO_BEGIN Test local data queries + +RANGE_BEGIN 0 100 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN TXT +SECTION ANSWER +example. IN TXT "data 1" +ENTRY_END +RANGE_END + +STEP 1 QUERY ADDRESS 10.10.10.10 +ENTRY_BEGIN +SECTION QUESTION +example. IN TXT +ENTRY_END +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA REFUSED +SECTION QUESTION +example. IN TXT +ENTRY_END + +STEP 3 QUERY ADDRESS 10.10.10.20 +ENTRY_BEGIN +SECTION QUESTION +example. IN TXT +ENTRY_END +STEP 4 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NXDOMAIN +SECTION QUESTION +example. IN TXT +ENTRY_END + +STEP 5 QUERY ADDRESS 10.10.10.30 +ENTRY_BEGIN +SECTION QUESTION +example. IN TXT +ENTRY_END +STEP 6 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA REFUSED +SECTION QUESTION +example. IN TXT +ENTRY_END + +STEP 7 QUERY ADDRESS 10.10.10.40 +ENTRY_BEGIN +SECTION QUESTION +example. IN TXT +ENTRY_END +STEP 8 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +example. IN TXT +SECTION ANSWER +example. IN TXT "data 0" +ENTRY_END + +STEP 9 QUERY ADDRESS 10.10.10.50 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN TXT +ENTRY_END +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +example. IN TXT +SECTION ANSWER +example. IN TXT "data 1" +ENTRY_END + +STEP 11 QUERY ADDRESS 10.10.10.60 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN TXT +ENTRY_END +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +example. IN TXT +SECTION ANSWER +example. IN TXT "data 1" +ENTRY_END +SCENARIO_END diff -Nru unbound-1.5.8/testdata/local_acl_taglist.rpl unbound-1.6.0/testdata/local_acl_taglist.rpl --- unbound-1.5.8/testdata/local_acl_taglist.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/local_acl_taglist.rpl 2016-07-07 10:20:05.000000000 +0000 @@ -0,0 +1,169 @@ +; config options +server: + define-tag: "tag1 tag2 tag3" + define-tag: "tag4" + local-zone: "example." redirect + local-data: 'example. IN TXT "data 0"' + local-zone: "d.example." static + local-data: 'd.example. IN TXT "data 1"' + local-zone: "c.d.example." redirect + local-data: 'c.d.example. IN TXT "data 2"' + local-zone: "b.c.d.example." redirect + local-data: 'b.c.d.example. IN TXT "data 3"' + local-zone: "foo." redirect + local-data: 'foo. IN TXT "data plain 4"' + + ; no tags for local-zones example. and c.d.example. + local-zone-tag: "d.example." "tag1 tag2" + local-zone-tag: "b.c.d.example." "tag3" + local-zone-tag: "foo." "tag4" + + access-control: 10.10.10.0/24 allow + access-control-tag: 10.10.10.20/32 "tag1" + access-control-tag: 10.10.10.30/32 "tag2 tag3" + access-control-tag: 10.10.10.40/32 "tag3" + + access-control-tag: 10.10.10.50/32 "tag4" + access-control-tag-data: 10.10.10.50/32 "tag4" 'TXT "data tag4"' + access-control-tag: 10.10.10.60/32 "tag4" + + +CONFIG_END +SCENARIO_BEGIN Test local data queries + +STEP 1 QUERY ADDRESS 10.10.10.10 +ENTRY_BEGIN +SECTION QUESTION +d.example. IN TXT +ENTRY_END +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +d.example. IN TXT +SECTION ANSWER +d.example. IN TXT "data 0" +ENTRY_END + +STEP 3 QUERY ADDRESS 10.10.10.20 +ENTRY_BEGIN +SECTION QUESTION +d.example. IN TXT +ENTRY_END +STEP 4 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +d.example. IN TXT +SECTION ANSWER +d.example. IN TXT "data 1" +ENTRY_END + +STEP 5 QUERY ADDRESS 10.10.10.30 +ENTRY_BEGIN +SECTION QUESTION +d.example. IN TXT +ENTRY_END +STEP 6 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +d.example. IN TXT +SECTION ANSWER +d.example. IN TXT "data 1" +ENTRY_END + +STEP 7 QUERY ADDRESS 10.10.10.40 +ENTRY_BEGIN +SECTION QUESTION +d.example. IN TXT +ENTRY_END +STEP 8 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +d.example. IN TXT +SECTION ANSWER +d.example. IN TXT "data 0" +ENTRY_END + +STEP 9 QUERY ADDRESS 10.10.10.20 +ENTRY_BEGIN +SECTION QUESTION +c.d.example. IN TXT +ENTRY_END +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +c.d.example. IN TXT +SECTION ANSWER +c.d.example. IN TXT "data 2" +ENTRY_END + +STEP 11 QUERY ADDRESS 10.10.10.20 +ENTRY_BEGIN +SECTION QUESTION +a.b.c.d.example. IN TXT +ENTRY_END +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +a.b.c.d.example. IN TXT +SECTION ANSWER +a.b.c.d.example. IN TXT "data 2" +ENTRY_END + +STEP 13 QUERY ADDRESS 10.10.10.30 +ENTRY_BEGIN +SECTION QUESTION +a.b.c.d.example. IN TXT +ENTRY_END +STEP 14 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +a.b.c.d.example. IN TXT +SECTION ANSWER +a.b.c.d.example. IN TXT "data 3" +ENTRY_END + +STEP 15 QUERY ADDRESS 10.10.10.50 +ENTRY_BEGIN +SECTION QUESTION +www.foo. IN TXT +ENTRY_END +STEP 16 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +www.foo. IN TXT +SECTION ANSWER +www.foo. IN TXT "data tag4" +ENTRY_END + +STEP 17 QUERY ADDRESS 10.10.10.60 +ENTRY_BEGIN +SECTION QUESTION +www.foo. IN TXT +ENTRY_END +STEP 18 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +www.foo. IN TXT +SECTION ANSWER +www.foo. IN TXT "data plain 4" +ENTRY_END + +SCENARIO_END diff -Nru unbound-1.5.8/testdata/local_cname.rpl unbound-1.6.0/testdata/local_cname.rpl --- unbound-1.5.8/testdata/local_cname.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/local_cname.rpl 2016-10-21 08:59:56.000000000 +0000 @@ -0,0 +1,491 @@ +; config options +server: + # put unbound.conf config options here. + + access-control: 127.0.0.1/32 allow_snoop #allow queries with RD bit + + # DNSSEC trust anchor taken from a real world example. Used for + # DNSSEC-signed CNAME target. + trust-anchor: "infoblox.com. 172800 IN DNSKEY 257 3 5 AwEAAerW6xQkJIb5wxm48RoHD/LE8r/GzmdIGOam0lQczIth+I9ctltV dDJXz5BH8j4TOaOH1gBRCXhsPDyPom/eLEkdUuXNuhV6QnWGHOtz1fuY EO+kBqaI79jR0K31OmevR/H/F3C8gi4T6//6G9qsftvcl6m7+V1vI2+c cgxiiOlMrZZb4YAhue1+tRw57f3aVOSNtcrONO/Jffgb9jbDTKRi33oT fDznyPa1lCWMbuybr/LaCU0LP6fG4BII/FDWFi5rQxMHygWfscdYX06c eGUzHqiuNNGL8Jze6johni71T/hJGtLMozkY7qxOLfWBXOu9kr1MBQh5 6hfibOZMZJM=" + # Use a fixed and faked date for DNSSEC validation to avoid run-time + # re-signing test signatures. + val-override-date: "20161001003725" + + define-tag: "cname cname2 nx servfail sec ambiguous" + access-control-tag: 127.0.0.1/32 "cname cname2 nx servfail sec" + + # Basic case: one CNAME whose target exists. + local-zone: example.com static + local-zone-tag: example.com "cname" + access-control-tag: 127.0.0.1/32 "cname" + access-control-tag-action: 127.0.0.1/32 "cname" redirect + access-control-tag-data: 127.0.0.1/32 "cname" "CNAME example.org." + + # Similar to the above, but different original query name. + local-zone: another.example.com static + local-zone-tag: another.example.com "cname2" + access-control-tag: 127.0.0.1/32 "cname2" + access-control-tag-action: 127.0.0.1/32 "cname2" redirect + access-control-tag-data: 127.0.0.1/32 "cname2" "CNAME example.org." + + # CNAME target is expected to be nonexistent. + local-zone: nx.example.com static + local-zone-tag: nx.example.com "nx" + access-control-tag: 127.0.0.1/32 "nx" + access-control-tag-action: 127.0.0.1/32 "nx" redirect + access-control-tag-data: 127.0.0.1/32 "nx" "CNAME nx.example.org." + + # Resolution of this CNAME target will result in SERVFAIL. + local-zone: servfail.example.com static + local-zone-tag: servfail.example.com "servfail" + access-control-tag-action: 127.0.0.1/32 "servfail" redirect + access-control-tag-data: 127.0.0.1/32 "servfail" "CNAME servfail.example.org." + + # CNAME target is supposed to be DNSSEC-signed. + local-zone: sec.example.com static + local-zone-tag: sec.example.com "sec" + access-control-tag-action: 127.0.0.1/32 "sec" redirect + access-control-tag-data: 127.0.0.1/32 "sec" "CNAME www.infoblox.com." + + # Test setup for non-tag based redirect + local-zone: example.net redirect + local-data: "example.net. IN CNAME cname.example.org." + + ### template zone and tag intended to be used for tests with CNAME and + ### other data. + ##local-zone: ambiguous.example.com redirect + ##@LOCALDATA1@ + ##@LOCALDATA2@ + ##local-zone-tag: ambiguous.example.com "ambiguous" + ##access-control-tag-action: 127.0.0.1/32 "ambiguous" redirect + ##@TAGDATA1@ + ##@TAGDATA2@ + + + + target-fetch-policy: "0 0 0 0 0" + +# send the queries to the test server (see the 10.0.10.3 entries below) +forward-zone: + name: "." + forward-addr: 10.0.10.3 +CONFIG_END + +; short one-line description of scenario: +SCENARIO_BEGIN Test local-data CNAME aliases + +; Specification of the answers that the upstream server provides to unbound +RANGE_BEGIN 0 1000 + ADDRESS 10.0.10.3 +; put entries here with answers to specific qname, qtype + +; infoblox.com +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +infoblox.com. IN DNSKEY +SECTION ANSWER +infoblox.com. 172800 IN DNSKEY 256 3 5 AwEAAbi2VnVHFm5rO2EiawNWhTTRPPzaA+VEdpGOc+CtwIZq86C4Ndbp 0M7XTi0wru0Pgh54oGZ3ty9WllYEnVfoA1rcGwFJmAln7KKAuQP+dlGE yHPJYduAjG/JFA6Qq0zj18AmWgks+qvethASMm3PtihQkNytjmQWjiL6 6h8cQwFP +infoblox.com. 172800 IN DNSKEY 257 3 5 AwEAAerW6xQkJIb5wxm48RoHD/LE8r/GzmdIGOam0lQczIth+I9ctltV dDJXz5BH8j4TOaOH1gBRCXhsPDyPom/eLEkdUuXNuhV6QnWGHOtz1fuY EO+kBqaI79jR0K31OmevR/H/F3C8gi4T6//6G9qsftvcl6m7+V1vI2+c cgxiiOlMrZZb4YAhue1+tRw57f3aVOSNtcrONO/Jffgb9jbDTKRi33oT fDznyPa1lCWMbuybr/LaCU0LP6fG4BII/FDWFi5rQxMHygWfscdYX06c eGUzHqiuNNGL8Jze6johni71T/hJGtLMozkY7qxOLfWBXOu9kr1MBQh5 6hfibOZMZJM= +infoblox.com. 172800 IN RRSIG DNSKEY 5 2 172800 20161004003725 20160930000830 31651 infoblox.com. Ds7LZY2W59fq9cWgqi3W6so1NGFa7JdjO8zlhK3hGu2a2WG1W/rVftom rCf0gdI5q4BZJnq2o0SdLd/U7he1uWz8ATntEETiNs9/8G7myNK17wQu AN/+3gol+qT4DX0CA3Boz7Z+xFQbTwnnJJvGASa/1jPMIYU8DiyNx3Pe SSh9lbyU/4YI0mshn5ZC2HCFChxr+aVJxk4UHjaPfHhWwVu9oM4IbEfn KD9x4ltKjjy0pXMYqVlNs9+tG2nXdwr/6Q4G+yfRBAcW+cWeW5w4igxf xYFq4Y5gkZetGOReoNODZ9YC9WvcxBo+qY/iUN2k+lEFq+oL8+DthAGH uA1krw== +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.infoblox.com. IN A +SECTION ANSWER +www.infoblox.com. 3600 IN A 161.47.10.70 +www.infoblox.com. 3600 IN RRSIG A 5 3 3600 20161003223322 20160929221122 14916 infoblox.com. WbO9ydRAoRTPvdK18atTdLEkkMGoOjuwbcb6vVI0d6Sea3xkcBMNmtst Wdzr+pKEJqO2bfm167X6uhcOHanHZRnirlTnEbuTdsP0HCiIEGQD5iHg UNH2FJSKGNYBmgZKJpuLhDca7oqtkl8EyGA+UEt6Rtq6aW8V0wpkhPHi Pug=' +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; example.org +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.org. IN A +SECTION ANSWER +example.org. IN A 192.0.2.1 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +cname.example.org. IN A +SECTION ANSWER +cname.example.org. IN A 192.0.2.2 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.org. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.org. hostmaster.example.org. 2016101900 28800 7200 604800 3600 +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +nx.example.org. IN A +SECTION ANSWER +SECTION AUTHORITY +example.org. IN SOA ns.example.org. hostmaster.example.org. 2016101900 28800 7200 604800 3600 +SECTION ADDITIONAL +ENTRY_END + +; for norec query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.org. IN NS +SECTION ANSWER +example.org. IN NS ns.example. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +servfail.example.org. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; end of entries with answers from upstream server +RANGE_END +; Steps where queries are sent, one at a time, to unbound. +; QUERY is what the downstream client sends to unbound. +; CHECK_ANSWER contains the response from unbound. + + +; Basic case: both exact and subdomain matches result in the same CNAME +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.com. IN CNAME +ENTRY_END + +; For type-CNAME queries, the CNAME itself will be returned +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +example.com. IN CNAME +SECTION ANSWER +example.com. IN CNAME example.org. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +alias.example.com. IN CNAME +ENTRY_END + +; For type-CNAME queries, the CNAME itself will be returned +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +alias.example.com. IN CNAME +SECTION ANSWER +alias.example.com. IN CNAME example.org. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; Basic case: both exact and subdomain matches result in the same CNAME +; For other types, a complete CNAME chain will have to be returned +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +example.com. IN A +SECTION ANSWER +example.com. IN CNAME example.org. +example.org. IN A 192.0.2.1 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +alias.example.com. IN A +ENTRY_END + +STEP 80 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +alias.example.com. IN A +SECTION ANSWER +alias.example.com. IN CNAME example.org. +example.org. IN A 192.0.2.1 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; Basic case: both exact and subdomain matches result in the same CNAME. +; The result is the same for non-recursive query as long as a +; complete chain is cached. +STEP 90 QUERY +ENTRY_BEGIN +REPLY +SECTION QUESTION +example.com. IN A +ENTRY_END + +STEP 100 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NOERROR +SECTION QUESTION +example.com. IN A +SECTION ANSWER +example.com. IN CNAME example.org. +example.org. IN A 192.0.2.1 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 110 QUERY +ENTRY_BEGIN +REPLY +SECTION QUESTION +alias.example.com. IN A +ENTRY_END + +STEP 120 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NOERROR +SECTION QUESTION +alias.example.com. IN A +SECTION ANSWER +alias.example.com. IN CNAME example.org. +example.org. IN A 192.0.2.1 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; Similar to the above, but these are local-zone redirect, instead of +; tag-based policies. +STEP 130 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.net. IN CNAME +ENTRY_END + +; For type-CNAME queries, the CNAME itself will be returned +STEP 140 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +example.net. IN CNAME +SECTION ANSWER +example.net. IN CNAME cname.example.org. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 150 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +alias.example.net. IN CNAME +ENTRY_END + +; For type-CNAME queries, the CNAME itself will be returned +STEP 160 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +alias.example.net. IN CNAME +SECTION ANSWER +alias.example.net. IN CNAME cname.example.org. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 170 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.net. IN A +ENTRY_END + +STEP 180 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +example.net. IN A +SECTION ANSWER +example.net. IN CNAME cname.example.org. +cname.example.org. IN A 192.0.2.2 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 190 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +alias.example.net. IN A +ENTRY_END + +STEP 200 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +alias.example.net. IN A +SECTION ANSWER +alias.example.net. IN CNAME cname.example.org. +cname.example.org. IN A 192.0.2.2 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + + +; Relatively minor cases follow + +; query type doesn't exist for the CNAME target. The original query +; succeeds with an "incomplete" chain only containing the CNAME. +STEP 210 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.com. IN AAAA +ENTRY_END + +STEP 220 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +example.com. IN AAAA +SECTION ANSWER +example.com. IN CNAME example.org. +SECTION AUTHORITY +example.org. 3600 IN SOA ns.example.org. hostmaster.example.org. 2016101900 28800 7200 604800 3600 +SECTION ADDITIONAL +ENTRY_END + +; The CNAME target name doesn't exist. NXDOMAIN with the CNAME will +; be returned. +STEP 230 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nx.example.com. IN A +ENTRY_END + +STEP 240 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +nx.example.com. IN A +SECTION ANSWER +nx.example.com. IN CNAME nx.example.org. +SECTION AUTHORITY +example.org. 3600 IN SOA ns.example.org. hostmaster.example.org. 2016101900 28800 7200 604800 3600 +SECTION ADDITIONAL +ENTRY_END + +; Resolution for the CNAME target will result in SERVFAIL. It will +; be forwarded to the original query. The answer section should be +; empty. +STEP 250 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +servfail.example.com. IN A +ENTRY_END + +STEP 260 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +servfail.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; The CNAME target is DNSSEC-signed and it's validated. If the original +; query enabled the DNSSEC, the RRSIGs will be included in the answer, +; but the response should have the AD bit off +STEP 270 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sec.example.com. IN A +ENTRY_END + +STEP 280 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD DO RA AA NOERROR +SECTION QUESTION +sec.example.com. IN A +SECTION ANSWER +sec.example.com. IN CNAME www.infoblox.com. +www.infoblox.com. 3600 IN A 161.47.10.70 +www.infoblox.com. 3600 IN RRSIG A 5 3 3600 20161003223322 20160929221122 14916 infoblox.com. WbO9ydRAoRTPvdK18atTdLEkkMGoOjuwbcb6vVI0d6Sea3xkcBMNmtst Wdzr+pKEJqO2bfm167X6uhcOHanHZRnirlTnEbuTdsP0HCiIEGQD5iHg UNH2FJSKGNYBmgZKJpuLhDca7oqtkl8EyGA+UEt6Rtq6aW8V0wpkhPHi Pug=' +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + + +SCENARIO_END diff -Nru unbound-1.5.8/testdata/stop_nxdomain_minimised.rpl unbound-1.6.0/testdata/stop_nxdomain_minimised.rpl --- unbound-1.5.8/testdata/stop_nxdomain_minimised.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/stop_nxdomain_minimised.rpl 2016-11-22 13:53:51.000000000 +0000 @@ -0,0 +1,110 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + harden-below-nxdomain: yes + qname-minimisation: yes + trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" + val-override-date: "20070916134226" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +stub-zone: + name: "anotherexample.local." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test stop cache search on nxdomain for QNAME minimised query + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN DNSKEY +SECTION ANSWER +. 3600 IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b} +. 3600 IN RRSIG DNSKEY 5 0 3600 20070926134150 20070829134150 30900 . BlVcSh8xSgm7ne+XVCJwNHQKjk5kTJgG4Fa3sOSfp3YUjb2YclmVWyIw7XEHl0/C6CN5gdy18idnM6vT6Hy42A== ;{id = 30900} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +local. IN A +SECTION AUTHORITY +. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400 +. 86400 IN RRSIG SOA 5 0 86400 20070926134150 20070829134150 30900 . bOYbFZZp7vWWC2oxV+kph+YXjoQj2f6QJktlgmzRI7oReFX9jy/LibTPQi/sW0SGHpLaj3G5p4IfIlBibne4DA== ;{id = 30900} +. 86400 IN NSEC ac. NS SOA RRSIG NSEC DNSKEY +. 86400 IN RRSIG NSEC 5 0 86400 20070926134150 20070829134150 30900 . U+/m5+FmczzkosEx1aTP7MK/F3PpcKWct8CzM1jhjwNe2RlnW7qFe0IH8SLzD/elvxDTQMpJSMlKOhUUdapB8g== ;{id = 30900} +lk. 86400 IN NSEC lr. NS DS RRSIG NSEC +lk. 86400 IN RRSIG NSEC 5 1 86400 20070926134150 20070829134150 30900 . j6Pw5Eu9vGHDJcckTSWa8YD1b7FV7c/Z8aVkLfJCH+iPcaa40/LSp784+t2PnAAXL8fgriNL6jF/ve1rti3ANQ== ;{id = 30900} +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +anotherexample.local. IN TXT +SECTION ANSWER +anotherexample.local. 86400 IN TXT "should not resolve this" +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.local. IN TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +example.local. IN TXT +SECTION AUTHORITY +. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400 +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +anotherexample.local. IN TXT +ENTRY_END + +; query should be answered using NXDOMAIN for local in cache +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +anotherexample.local. IN TXT +SECTION AUTHORITY +. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400 +ENTRY_END + +SCENARIO_END diff -Nru unbound-1.5.8/testdata/val_cnamewctonodata.rpl unbound-1.6.0/testdata/val_cnamewctonodata.rpl --- unbound-1.5.8/testdata/val_cnamewctonodata.rpl 2013-10-31 15:09:26.000000000 +0000 +++ unbound-1.6.0/testdata/val_cnamewctonodata.rpl 2016-12-07 12:58:47.000000000 +0000 @@ -11,7 +11,7 @@ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test validator with wilcard cname to nodata +SCENARIO_BEGIN Test validator with wildcard cname to nodata ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 diff -Nru unbound-1.5.8/testdata/val_deleg_nons.rpl unbound-1.6.0/testdata/val_deleg_nons.rpl --- unbound-1.5.8/testdata/val_deleg_nons.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/val_deleg_nons.rpl 2016-12-07 12:58:47.000000000 +0000 @@ -0,0 +1,268 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with unsigned delegation with no NS bit in NSEC + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns3.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.www.example.com. IN A +SECTION ANSWER +foo.www.example.com. IN A 1.2.3.4 +; unsigned, no delegation. +ENTRY_END + +; DS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +; NSEC3 here: 1 0 1 1234 +; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. +h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT +h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= + +;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC +;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; DS query for foo.www.example.com returns the referral without record. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.www.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +mipf0g23547qunto04vboegh9vadsrpo.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpq TXT +mipf0g23547qunto04vboegh9vadsrpo.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ADc6JrdKuTmIJe4sAjpKZSUZKdHdfhmREk2F5A5cftU9053b0/3ILQM= + +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} + + +;www.example.com. IN NS ns3.example.com. +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= +;SECTION ADDITIONAL +;ns3.example.com. IN A 1.2.3.5 + + +; NSEC3 here: 1 0 1 1234 +; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. +; *.www.example.com. -> cg2lpgpr8k7ck69h7bqu3od9pkht2o79. +; foo.www.example.com. -> mipf0g23547qunto04vboegh9vadsrpo. + +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= +;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. IN NSEC3 1 0 1 1234 cg2lpgpr8k7ck69h7bqu3od9pkht2o89 TXT +;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ACzxBHMyDB5tTrXijboPSsB0ws1lJe3/B62QNAMcZv7l9DYNDEDKsXY= +;mipf0g23547qunto04vboegh9vadsrph.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpp TXT +;mipf0g23547qunto04vboegh9vadsrph.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AG2B7lrIVtBgg+WIt0yNYekGDBKkY7xkKfI0GLQ8q3brGy/+jubxba0= + +;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC +;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= + +;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns3.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.www.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +foo.www.example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo.www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +foo.www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff -Nru unbound-1.5.8/testdata/val_ds_sha2.crpl unbound-1.6.0/testdata/val_ds_sha2.crpl --- unbound-1.5.8/testdata/val_ds_sha2.crpl 2013-10-31 15:09:26.000000000 +0000 +++ unbound-1.6.0/testdata/val_ds_sha2.crpl 2016-11-22 08:23:24.000000000 +0000 @@ -4,6 +4,7 @@ trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes stub-zone: name: "." diff -Nru unbound-1.5.8/testdata/val_ds_sha2_downgrade.crpl unbound-1.6.0/testdata/val_ds_sha2_downgrade.crpl --- unbound-1.5.8/testdata/val_ds_sha2_downgrade.crpl 2013-10-31 15:09:26.000000000 +0000 +++ unbound-1.6.0/testdata/val_ds_sha2_downgrade.crpl 2016-11-22 08:23:24.000000000 +0000 @@ -4,6 +4,7 @@ trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes stub-zone: name: "." diff -Nru unbound-1.5.8/testdata/val_nodata_failsig.rpl unbound-1.6.0/testdata/val_nodata_failsig.rpl --- unbound-1.5.8/testdata/val_nodata_failsig.rpl 2013-10-31 15:09:26.000000000 +0000 +++ unbound-1.6.0/testdata/val_nodata_failsig.rpl 2016-12-07 12:58:47.000000000 +0000 @@ -130,8 +130,10 @@ SECTION AUTHORITY ; SOA record is missing in reply. ; Denies A, note this is the end of the NSEC chain. +; this RRSIG is failed, we set to 0 base64 data to make this easy to detect www.example.com. IN NSEC example.com. RRSIG NSEC -www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854} +;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854} +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. ; Denies wildcard example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} diff -Nru unbound-1.5.8/testdata/val_nsec3_wcany_nodeny.rpl unbound-1.6.0/testdata/val_nsec3_wcany_nodeny.rpl --- unbound-1.5.8/testdata/val_nsec3_wcany_nodeny.rpl 2010-06-03 15:06:50.000000000 +0000 +++ unbound-1.6.0/testdata/val_nsec3_wcany_nodeny.rpl 2016-12-07 12:58:47.000000000 +0000 @@ -10,7 +10,7 @@ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test validator with NSEC3 wilcard qtype ANY without denial. +SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY without denial. ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 diff -Nru unbound-1.5.8/testdata/val_nsec3_wcany.rpl unbound-1.6.0/testdata/val_nsec3_wcany.rpl --- unbound-1.5.8/testdata/val_nsec3_wcany.rpl 2013-10-31 15:09:26.000000000 +0000 +++ unbound-1.6.0/testdata/val_nsec3_wcany.rpl 2016-12-07 12:58:47.000000000 +0000 @@ -10,7 +10,7 @@ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test validator with NSEC3 wilcard qtype ANY response. +SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY response. ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 diff -Nru unbound-1.5.8/testdata/views.rpl unbound-1.6.0/testdata/views.rpl --- unbound-1.5.8/testdata/views.rpl 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/testdata/views.rpl 2016-10-05 09:36:25.000000000 +0000 @@ -0,0 +1,210 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + + access-control: 10.10.10.0/24 allow + access-control-view: 10.10.10.10/32 "view1" + access-control-view: 10.10.10.20/32 "view2" + access-control-view: 10.10.10.30/32 "view3" + access-control-view: 10.10.10.40/32 "view4" + + local-zone: "example.com." redirect + local-data: 'example.com. IN TXT "global"' + +view: + name: "view1" + local-zone: "nomatch.example.com." redirect + local-data: 'nomatch.example.com. IN TXT "view 1"' + view-first: no + +view: + name: "view2" + local-zone: "example.com." redirect + local-data: 'example.com. IN TXT "view 2"' + ; view-first default = no + +view: + name: "view3" + local-zone: "nomatch.example.com." redirect + local-data: 'nomatch.example.com. IN TXT "view 3"' + view-first: yes + +view: + name: "view4" + local-zone: "example.com." redirect + local-data: 'example.com. IN TXT "view 4"' + view-first: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END +SCENARIO_BEGIN Test view specific local-zone and local-data elements + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN TXT +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN TXT +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN TXT +SECTION ANSWER +example.com. IN TXT "auth data" +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 1 QUERY ADDRESS 10.10.10.10 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.com. IN TXT +ENTRY_END +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA +SECTION QUESTION +example.com. IN TXT +SECTION ANSWER +example.com. IN TXT "auth data" +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 3 QUERY ADDRESS 10.10.10.20 +ENTRY_BEGIN +SECTION QUESTION +example.com. IN TXT +ENTRY_END +STEP 4 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +example.com. IN TXT +SECTION ANSWER +example.com. IN TXT "view 2" +ENTRY_END + +STEP 5 QUERY ADDRESS 10.10.10.30 +ENTRY_BEGIN +SECTION QUESTION +example.com. IN TXT +ENTRY_END +STEP 6 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +example.com. IN TXT +SECTION ANSWER +example.com. IN TXT "global" +ENTRY_END + +STEP 7 QUERY ADDRESS 10.10.10.40 +ENTRY_BEGIN +SECTION QUESTION +example.com. IN TXT +ENTRY_END +STEP 8 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +example.com. IN TXT +SECTION ANSWER +example.com. IN TXT "view 4" +ENTRY_END + +STEP 9 QUERY ADDRESS 10.10.10.50 +ENTRY_BEGIN +SECTION QUESTION +example.com. IN TXT +ENTRY_END +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA +SECTION QUESTION +example.com. IN TXT +SECTION ANSWER +example.com. IN TXT "global" +ENTRY_END + +SCENARIO_END diff -Nru unbound-1.5.8/util/alloc.c unbound-1.6.0/util/alloc.c --- unbound-1.5.8/util/alloc.c 2015-06-29 13:37:34.000000000 +0000 +++ unbound-1.6.0/util/alloc.c 2016-06-14 10:31:47.000000000 +0000 @@ -64,7 +64,7 @@ * @param alloc: the structure to fill up. */ static void -prealloc(struct alloc_cache* alloc) +prealloc_setup(struct alloc_cache* alloc) { alloc_special_t* p; int i; @@ -216,7 +216,7 @@ } } /* allocate new */ - prealloc(alloc); + prealloc_setup(alloc); if(!(p = (alloc_special_t*)malloc(sizeof(alloc_special_t)))) { log_err("alloc_special_obtain: out of memory"); return NULL; diff -Nru unbound-1.5.8/util/config_file.c unbound-1.6.0/util/config_file.c --- unbound-1.5.8/util/config_file.c 2016-02-23 10:43:10.000000000 +0000 +++ unbound-1.6.0/util/config_file.c 2016-11-04 12:07:52.000000000 +0000 @@ -105,6 +105,7 @@ cfg->ssl_port = 853; cfg->ssl_upstream = 0; cfg->use_syslog = 1; + cfg->log_identity = NULL; /* changed later with argv[0] */ cfg->log_time_ascii = 0; cfg->log_queries = 0; #ifndef USE_WINSOCK @@ -163,12 +164,14 @@ cfg->so_sndbuf = 0; cfg->so_reuseport = 0; cfg->ip_transparent = 0; + cfg->ip_freebind = 0; cfg->num_ifs = 0; cfg->ifs = NULL; cfg->num_out_ifs = 0; cfg->out_ifs = NULL; cfg->stubs = NULL; cfg->forwards = NULL; + cfg->views = NULL; cfg->acls = NULL; cfg->harden_short_bufsize = 0; cfg->harden_large_queries = 0; @@ -201,6 +204,7 @@ cfg->val_log_squelch = 0; cfg->val_permissive_mode = 0; cfg->ignore_cd = 0; + cfg->serve_expired = 0; cfg->add_holddown = 30*24*3600; cfg->del_holddown = 30*24*3600; cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */ @@ -211,6 +215,7 @@ cfg->local_zones = NULL; cfg->local_zones_nodefault = NULL; cfg->local_data = NULL; + cfg->local_zone_overrides = NULL; cfg->unblock_lan_zones = 0; cfg->insecure_lan_zones = 0; cfg->python_script = NULL; @@ -237,6 +242,7 @@ if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) goto error_exit; #endif + cfg->disable_dnssec_lame_check = 0; cfg->ratelimit = 0; cfg->ratelimit_slabs = 4; cfg->ratelimit_size = 4*1024*1024; @@ -244,6 +250,7 @@ cfg->ratelimit_below_domain = NULL; cfg->ratelimit_factor = 10; cfg->qname_minimisation = 0; + cfg->qname_minimisation_strict = 0; return cfg; error_exit: config_delete(cfg); @@ -364,6 +371,7 @@ log_set_time_asc(cfg->log_time_ascii); } else S_SIZET_NONZERO("max-udp-size:", max_udp_size) else S_YNO("use-syslog:", use_syslog) + else S_STR("log-identity:", log_identity) else S_YNO("extended-statistics:", stat_extended) else S_YNO("statistics-cumulative:", stat_cumulative) else S_YNO("do-ip4:", do_ip4) @@ -393,6 +401,7 @@ else S_MEMSIZE("so-sndbuf:", so_sndbuf) else S_YNO("so-reuseport:", so_reuseport) else S_YNO("ip-transparent:", ip_transparent) + else S_YNO("ip-freebind:", ip_freebind) else S_MEMSIZE("rrset-cache-size:", rrset_cache_size) else S_POW2("rrset-cache-slabs:", rrset_cache_slabs) else S_YNO("prefetch:", prefetch) @@ -449,6 +458,7 @@ else S_YNO("log-queries:", log_queries) else S_YNO("val-permissive-mode:", val_permissive_mode) else S_YNO("ignore-cd-flag:", ignore_cd) + else S_YNO("serve-expired:", serve_expired) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown) else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown) @@ -473,6 +483,7 @@ else S_STR("control-cert-file:", control_cert_file) else S_STR("module-config:", module_conf) else S_STR("python-script:", python_script) + else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check) else if(strcmp(opt, "ratelimit:") == 0) { IS_NUMBER_OR_ZERO; cfg->ratelimit = atoi(val); infra_dp_ratelimit=cfg->ratelimit; @@ -481,9 +492,12 @@ else S_POW2("ratelimit-slabs:", ratelimit_slabs) else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor) else S_YNO("qname-minimisation:", qname_minimisation) + else S_YNO("qname-minimisation-strict:", qname_minimisation_strict) + else if(strcmp(opt, "define-tag:") ==0) { + return config_add_tag(cfg, val); /* val_sig_skew_min and max are copied into val_env during init, * so this does not update val_env with set_option */ - else if(strcmp(opt, "val-sig-skew-min:") == 0) + } else if(strcmp(opt, "val-sig-skew-min:") == 0) { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); } else if(strcmp(opt, "val-sig-skew-max:") == 0) { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); } @@ -502,9 +516,11 @@ /* unknown or unsupported (from the set_option interface): * interface, outgoing-interface, access-control, * stub-zone, name, stub-addr, stub-host, stub-prime - * forward-first, stub-first, - * forward-zone, name, forward-addr, forward-host, - * ratelimit-for-domain, ratelimit-below-domain */ + * forward-first, stub-first, forward-ssl-upstream, + * stub-ssl-upstream, forward-zone, + * name, forward-addr, forward-host, + * ratelimit-for-domain, ratelimit-below-domain, + * local-zone-tag, access-control-view */ return 0; } return 1; @@ -628,9 +644,31 @@ /** compare and print list option */ #define O_LS2(opt, name, lst) if(strcmp(opt, name)==0) { \ struct config_str2list* p = cfg->lst; \ - for(p = cfg->lst; p; p = p->next) \ - snprintf(buf, len, "%s %s\n", p->str, p->str2); \ + for(p = cfg->lst; p; p = p->next) { \ + snprintf(buf, len, "%s %s", p->str, p->str2); \ func(buf, arg); \ + } \ + } +/** compare and print list option */ +#define O_LS3(opt, name, lst) if(strcmp(opt, name)==0) { \ + struct config_str3list* p = cfg->lst; \ + for(p = cfg->lst; p; p = p->next) { \ + snprintf(buf, len, "%s %s %s", p->str, p->str2, p->str3); \ + func(buf, arg); \ + } \ + } +/** compare and print taglist option */ +#define O_LTG(opt, name, lst) if(strcmp(opt, name)==0) { \ + char* tmpstr = NULL; \ + struct config_strbytelist *p = cfg->lst; \ + for(p = cfg->lst; p; p = p->next) {\ + tmpstr = config_taglist2str(cfg, p->str2, p->str2len); \ + if(tmpstr) {\ + snprintf(buf, len, "%s %s", p->str, tmpstr); \ + func(buf, arg); \ + free(tmpstr); \ + } \ + } \ } int @@ -645,6 +683,7 @@ else O_YNO(opt, "statistics-cumulative", stat_cumulative) else O_YNO(opt, "extended-statistics", stat_extended) else O_YNO(opt, "use-syslog", use_syslog) + else O_STR(opt, "log-identity", log_identity) else O_YNO(opt, "log-time-ascii", log_time_ascii) else O_DEC(opt, "num-threads", num_threads) else O_IFC(opt, "interface", num_ifs, ifs) @@ -664,6 +703,7 @@ else O_MEM(opt, "so-sndbuf", so_sndbuf) else O_YNO(opt, "so-reuseport", so_reuseport) else O_YNO(opt, "ip-transparent", ip_transparent) + else O_YNO(opt, "ip-freebind", ip_freebind) else O_MEM(opt, "rrset-cache-size", rrset_cache_size) else O_DEC(opt, "rrset-cache-slabs", rrset_cache_slabs) else O_YNO(opt, "prefetch-key", prefetch_key) @@ -717,6 +757,7 @@ else O_DEC(opt, "val-log-level", val_log_level) else O_YNO(opt, "val-permissive-mode", val_permissive_mode) else O_YNO(opt, "ignore-cd-flag", ignore_cd) + else O_YNO(opt, "serve-expired", serve_expired) else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations) else O_UNS(opt, "add-holddown", add_holddown) else O_UNS(opt, "del-holddown", del_holddown) @@ -750,6 +791,7 @@ else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones) else O_DEC(opt, "max-udp-size", max_udp_size) else O_STR(opt, "python-script", python_script) + else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check) else O_DEC(opt, "ratelimit", ratelimit) else O_MEM(opt, "ratelimit-size", ratelimit_size) else O_DEC(opt, "ratelimit-slabs", ratelimit_slabs) @@ -759,6 +801,14 @@ else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) else O_YNO(opt, "qname-minimisation", qname_minimisation) + else O_YNO(opt, "qname-minimisation-strict", qname_minimisation_strict) + else O_IFC(opt, "define-tag", num_tags, tagname) + else O_LTG(opt, "local-zone-tag", local_zone_tags) + else O_LTG(opt, "access-control-tag", acl_tags) + else O_LS3(opt, "local-zone-override", local_zone_overrides) + else O_LS3(opt, "access-control-tag-action", acl_tag_actions) + else O_LS3(opt, "access-control-tag-data", acl_tag_datas) + else O_LS2(opt, "access-control-view", acl_view) /* not here: * outgoing-permit, outgoing-avoid - have list of ports * local-zone - zones and nodefault variables @@ -911,6 +961,20 @@ } void +config_deltrplstrlist(struct config_str3list* p) +{ + struct config_str3list *np; + while(p) { + np = p->next; + free(p->str); + free(p->str2); + free(p->str3); + free(p); + p = np; + } +} + +void config_delstub(struct config_stub* p) { if(!p) return; @@ -931,6 +995,53 @@ } } +void +config_delview(struct config_view* p) +{ + if(!p) return; + free(p->name); + config_deldblstrlist(p->local_zones); + config_delstrlist(p->local_zones_nodefault); + config_delstrlist(p->local_data); + free(p); +} + +void +config_delviews(struct config_view* p) +{ + struct config_view* np; + while(p) { + np = p->next; + config_delview(p); + p = np; + } +} +/** delete string array */ +static void +config_del_strarray(char** array, int num) +{ + int i; + if(!array) + return; + for(i=0; inext; + free(p->str); + free(p->str2); + free(p); + p = np; + } +} + void config_delete(struct config_file* cfg) { @@ -943,20 +1054,12 @@ free(cfg->target_fetch_policy); free(cfg->ssl_service_key); free(cfg->ssl_service_pem); - if(cfg->ifs) { - int i; - for(i=0; inum_ifs; i++) - free(cfg->ifs[i]); - free(cfg->ifs); - } - if(cfg->out_ifs) { - int i; - for(i=0; inum_out_ifs; i++) - free(cfg->out_ifs[i]); - free(cfg->out_ifs); - } + free(cfg->log_identity); + config_del_strarray(cfg->ifs, cfg->num_ifs); + config_del_strarray(cfg->out_ifs, cfg->num_out_ifs); config_delstubs(cfg->stubs); config_delstubs(cfg->forwards); + config_delviews(cfg->views); config_delstrlist(cfg->donotqueryaddrs); config_delstrlist(cfg->root_hints); free(cfg->identity); @@ -978,6 +1081,12 @@ config_deldblstrlist(cfg->local_zones); config_delstrlist(cfg->local_zones_nodefault); config_delstrlist(cfg->local_data); + config_deltrplstrlist(cfg->local_zone_overrides); + config_del_strarray(cfg->tagname, cfg->num_tags); + config_del_strbytelist(cfg->local_zone_tags); + config_del_strbytelist(cfg->acl_tags); + config_deltrplstrlist(cfg->acl_tag_actions); + config_deltrplstrlist(cfg->acl_tag_datas); config_delstrlist(cfg->control_ifs); free(cfg->server_key_file); free(cfg->server_cert_file); @@ -1136,6 +1245,23 @@ } int +cfg_region_strlist_insert(struct regional* region, + struct config_strlist** head, char* item) +{ + struct config_strlist *s; + if(!item || !head) + return 0; + s = (struct config_strlist*)regional_alloc_zero(region, + sizeof(struct config_strlist)); + if(!s) + return 0; + s->str = item; + s->next = *head; + *head = s; + return 1; +} + +int cfg_strlist_insert(struct config_strlist** head, char* item) { struct config_strlist *s; @@ -1166,6 +1292,42 @@ return 1; } +int +cfg_str3list_insert(struct config_str3list** head, char* item, char* i2, + char* i3) +{ + struct config_str3list *s; + if(!item || !i2 || !i3 || !head) + return 0; + s = (struct config_str3list*)calloc(1, sizeof(struct config_str3list)); + if(!s) + return 0; + s->str = item; + s->str2 = i2; + s->str3 = i3; + s->next = *head; + *head = s; + return 1; +} + +int +cfg_strbytelist_insert(struct config_strbytelist** head, char* item, + uint8_t* i2, size_t i2len) +{ + struct config_strbytelist* s; + if(!item || !i2 || !head) + return 0; + s = (struct config_strbytelist*)calloc(1, sizeof(*s)); + if(!s) + return 0; + s->str = item; + s->str2 = i2; + s->str2len = i2len; + s->next = *head; + *head = s; + return 1; +} + time_t cfg_convert_timeval(const char* str) { @@ -1270,6 +1432,123 @@ return 1; } +int +find_tag_id(struct config_file* cfg, const char* tag) +{ + int i; + for(i=0; inum_tags; i++) { + if(strcmp(cfg->tagname[i], tag) == 0) + return i; + } + return -1; +} + +int +config_add_tag(struct config_file* cfg, const char* tag) +{ + char** newarray; + char* newtag; + if(find_tag_id(cfg, tag) != -1) + return 1; /* nothing to do */ + newarray = (char**)malloc(sizeof(char*)*(cfg->num_tags+1)); + if(!newarray) + return 0; + newtag = strdup(tag); + if(!newtag) { + free(newarray); + return 0; + } + if(cfg->tagname) { + memcpy(newarray, cfg->tagname, sizeof(char*)*cfg->num_tags); + free(cfg->tagname); + } + newarray[cfg->num_tags++] = newtag; + cfg->tagname = newarray; + return 1; +} + +/** set a bit in a bit array */ +static void +cfg_set_bit(uint8_t* bitlist, size_t len, int id) +{ + int pos = id/8; + log_assert((size_t)pos < len); + (void)len; + bitlist[pos] |= 1<<(id%8); +} + +uint8_t* config_parse_taglist(struct config_file* cfg, char* str, + size_t* listlen) +{ + uint8_t* taglist = NULL; + size_t len = 0; + char* p, *s; + + /* allocate */ + if(cfg->num_tags == 0) { + log_err("parse taglist, but no tags defined"); + return 0; + } + len = (size_t)(cfg->num_tags+7)/8; + taglist = calloc(1, len); + if(!taglist) { + log_err("out of memory"); + return 0; + } + + /* parse */ + s = str; + while((p=strsep(&s, " \t\n")) != NULL) { + if(*p) { + int id = find_tag_id(cfg, p); + /* set this bit in the bitlist */ + if(id == -1) { + log_err("unknown tag: %s", p); + free(taglist); + return 0; + } + cfg_set_bit(taglist, len, id); + } + } + + *listlen = len; + return taglist; +} + +char* config_taglist2str(struct config_file* cfg, uint8_t* taglist, + size_t taglen) +{ + char buf[10240]; + size_t i, j, len = 0; + buf[0] = 0; + for(i=0; itagname[id]); + len += strlen(buf+len); + } + } + } + return strdup(buf); +} + +int taglist_intersect(uint8_t* list1, size_t list1len, uint8_t* list2, + size_t list2len) +{ + size_t i; + if(!list1 || !list2) + return 0; + for(i=0; i 0 #define FLEX_BETA #endif @@ -143,7 +143,15 @@ /* Size of default input buffer. */ #ifndef YY_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k. + * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. + * Ditto for the __ia64__ case accordingly. + */ +#define YY_BUF_SIZE 32768 +#else #define YY_BUF_SIZE 16384 +#endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. @@ -176,7 +184,7 @@ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ + yy_size_t yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ @@ -346,11 +354,17 @@ int yylineno = 1; extern char *yytext; +#ifdef yytext_ptr +#undef yytext_ptr +#endif #define yytext_ptr yytext static yy_state_type yy_get_previous_state (void ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); static int yy_get_next_buffer (void ); +#if defined(__GNUC__) && __GNUC__ >= 3 +__attribute__((__noreturn__)) +#endif static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the @@ -364,8 +378,8 @@ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 179 -#define YY_END_OF_BUFFER 180 +#define YY_NUM_RULES 197 +#define YY_END_OF_BUFFER 198 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -373,209 +387,226 @@ flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[1800] = +static yyconst flex_int16_t yy_accept[1956] = { 0, - 1, 1, 161, 161, 165, 165, 169, 169, 173, 173, - 1, 1, 180, 177, 1, 159, 159, 178, 2, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 178, - 161, 162, 162, 163, 178, 165, 166, 166, 167, 178, - 172, 169, 170, 170, 171, 178, 173, 174, 174, 175, - 178, 176, 160, 2, 164, 176, 178, 177, 0, 1, - 2, 2, 2, 2, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 161, 0, 165, 0, - 172, 0, 169, 173, 0, 176, 0, 2, 2, 176, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 176, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 176, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 73, 177, 177, 177, 177, 177, 177, - 7, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 176, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 176, 177, 177, 177, 177, 177, 33, 177, 177, 177, - 177, 177, 177, 177, 177, 140, 177, 13, 14, 177, - 16, 15, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 133, 177, 177, 177, 177, 177, 177, 177, - 3, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 176, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 168, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 36, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 37, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 18, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 88, 168, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 87, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 71, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 23, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 34, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 35, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 25, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 153, - 177, 177, 177, 177, 177, 177, 29, 177, 30, 177, - 177, 177, 74, 177, 75, 177, 72, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 6, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 90, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 26, 177, 177, 177, 177, 177, 116, - 115, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 38, 177, 177, 177, - 177, 177, 177, 177, 177, 77, 76, 177, 177, 177, - 177, 177, 177, 177, 112, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 56, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 60, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 114, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 5, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 108, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 126, 177, 109, 177, 138, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 24, 177, 177, 177, - 177, 79, 177, 80, 78, 177, 177, 177, 177, 177, - 177, 177, 86, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 110, 177, 177, 177, 177, - 137, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 70, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 31, - - 177, 177, 20, 177, 177, 177, 17, 177, 95, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 45, 47, 177, 177, 177, 177, 177, - 177, 177, 177, 141, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 81, 177, 177, - 177, 177, 177, 177, 85, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 89, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 132, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 99, - 177, 103, 177, 177, 177, 177, 84, 177, 177, 66, - 177, 124, 177, 177, 177, 177, 139, 177, 177, 177, - 177, 177, 177, 177, 146, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 102, 177, 177, 177, - 177, 177, 48, 49, 177, 177, 32, 55, 104, 177, - 117, 113, 177, 177, 41, 177, 106, 177, 177, 177, - 177, 177, 8, 177, 177, 177, 69, 177, 177, 177, - 177, 155, 177, 123, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 91, 145, 177, 177, 177, 177, 177, 177, 177, - 177, 134, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 105, 177, 40, - 42, 177, 177, 177, 177, 177, 177, 177, 68, 177, - 177, 177, 177, 154, 177, 177, 177, 177, 128, 21, - 22, 177, 177, 177, 177, 177, 177, 177, 65, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 130, - 127, 177, 177, 177, 177, 177, 177, 177, 177, 39, - 177, 177, 177, 177, 177, 177, 177, 12, 177, 177, - - 177, 177, 177, 177, 177, 177, 177, 11, 177, 177, - 19, 177, 177, 177, 158, 177, 43, 177, 136, 129, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 98, 97, 177, 177, 131, 125, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 50, 177, 177, 135, 177, - 177, 177, 177, 177, 177, 177, 177, 44, 177, 177, - 177, 92, 94, 118, 177, 177, 177, 96, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 142, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - - 119, 177, 177, 27, 177, 177, 177, 4, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 144, 177, 177, 122, 177, 177, - 177, 177, 177, 177, 177, 53, 177, 28, 177, 10, - 177, 177, 177, 177, 177, 120, 57, 177, 177, 177, - 101, 177, 177, 177, 177, 177, 177, 177, 143, 82, - 177, 177, 177, 177, 59, 63, 58, 177, 51, 177, - 9, 177, 177, 156, 177, 177, 100, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 64, 62, 177, - 52, 177, 111, 177, 121, 177, 177, 93, 46, 177, - - 177, 177, 177, 177, 177, 83, 61, 54, 157, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 67, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 107, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 149, 177, 177, 177, 177, 177, 177, - 177, 177, 177, 177, 177, 177, 177, 147, 177, 150, - 151, 177, 177, 177, 177, 177, 148, 152, 0 - + 1, 1, 179, 179, 183, 183, 187, 187, 191, 191, + 1, 1, 198, 195, 1, 177, 177, 196, 2, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 196, + 179, 180, 180, 181, 196, 183, 184, 184, 185, 196, + 190, 187, 188, 188, 189, 196, 191, 192, 192, 193, + 196, 194, 178, 2, 182, 194, 196, 195, 0, 1, + 2, 2, 2, 2, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 179, 0, + 183, 0, 190, 0, 187, 191, 0, 194, 0, 2, + 2, 194, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 194, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 194, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 76, + 195, 195, 195, 195, 195, 195, 8, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 87, 194, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 194, 195, 195, + 195, 195, 195, 36, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 157, 195, 14, 15, 195, 18, + 17, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 143, 195, 195, 195, 195, + 195, 195, 195, 195, 3, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 194, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 186, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 39, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 40, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 20, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 95, 195, 186, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 111, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 94, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 74, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 25, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 37, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 38, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 27, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 171, 195, 195, 195, 195, 195, 195, 195, 31, 195, + 32, 195, 195, 195, 77, 195, 78, 195, 195, 75, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 7, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 150, 195, 195, 195, 195, 97, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 28, 195, 195, 195, 195, 195, 195, 126, 195, 125, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 16, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 41, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 80, 79, 195, + 195, 195, 195, 195, 195, 195, 195, 121, 195, 195, + 195, 195, 195, 195, 195, 88, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 59, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 63, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 35, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 124, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 6, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 117, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 136, 195, 118, 195, 195, 148, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 26, + 195, 195, 195, 195, 83, 195, 84, 195, 82, 195, + 195, 195, 195, 195, 195, 195, 93, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 119, + 195, 195, 195, 195, 195, 122, 195, 147, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 73, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 33, 195, 195, + 22, 195, 195, 195, 195, 19, 195, 102, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 48, 50, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 158, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 85, 195, 195, + 195, 195, 195, 195, 195, 92, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 96, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 142, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 110, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 106, 195, 112, 195, 195, 195, + 195, 195, 91, 195, 195, 69, 195, 134, 195, 195, + 195, 195, 195, 149, 195, 195, 195, 195, 195, 195, + 195, 163, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 109, 195, 195, 195, 195, 195, + 51, 52, 195, 195, 34, 58, 113, 195, 127, 195, + 151, 123, 195, 195, 44, 195, 115, 195, 195, 195, + 195, 195, 9, 195, 195, 195, 72, 195, 195, 195, + 195, 173, 195, 133, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 98, 162, 195, 195, 195, + 195, 195, 195, 195, 195, 144, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 114, 195, 195, 43, 45, 195, 195, 195, + 195, 195, 195, 195, 71, 195, 195, 195, 195, 172, + 195, 195, 195, 195, 138, 23, 24, 195, 195, 195, + 195, 195, 195, 195, 195, 68, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 140, 137, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 42, + + 195, 195, 195, 195, 195, 195, 195, 195, 13, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 12, + 195, 195, 21, 195, 195, 195, 176, 195, 46, 195, + 146, 139, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 105, 104, 195, 195, 195, 195, + 141, 135, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 53, 195, 195, 195, 145, 195, 195, 195, + 195, 195, 195, 195, 195, 47, 195, 195, 81, 195, + 99, 101, 128, 195, 195, 195, 103, 195, 195, 152, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 159, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 129, 195, 195, 195, 29, 195, + 195, 195, 195, 4, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 155, 195, 195, 195, 195, + 195, 195, 195, 195, 161, 195, 195, 132, 195, 195, + 195, 195, 195, 195, 195, 195, 56, 195, 30, 156, + 195, 11, 195, 195, 195, 195, 195, 195, 130, 60, + 195, 195, 195, 108, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 160, 89, 195, 86, 195, 195, + + 195, 62, 66, 61, 195, 54, 195, 10, 195, 195, + 195, 174, 195, 195, 107, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 67, 65, + 195, 55, 195, 120, 195, 195, 131, 195, 195, 195, + 195, 100, 49, 195, 195, 195, 195, 195, 195, 195, + 90, 64, 57, 195, 175, 195, 195, 195, 154, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 70, 195, + 153, 170, 195, 195, 195, 195, 195, 195, 5, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 116, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 166, + 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, + 195, 195, 195, 164, 195, 167, 168, 195, 195, 195, + 195, 195, 165, 169, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst YY_CHAR yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, @@ -607,7 +638,7 @@ 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[66] = +static yyconst YY_CHAR yy_meta[66] = { 0, 1, 2, 3, 4, 5, 1, 6, 1, 1, 1, 1, 7, 1, 1, 1, 1, 1, 1, 1, 1, @@ -618,415 +649,447 @@ 1, 1, 1, 1, 1 } ; -static yyconst flex_int16_t yy_base[1814] = +static yyconst flex_uint16_t yy_base[1970] = { 0, 0, 0, 63, 66, 69, 71, 77, 83, 88, 91, - 129, 135, 344, 303, 95, 5211, 5211, 5211, 107, 110, - 142, 180, 108, 50, 145, 172, 118, 148, 121, 181, - 197, 166, 241, 137, 225, 260, 233, 228, 257, 116, - 263, 5211, 5211, 5211, 94, 244, 5211, 5211, 5211, 96, - 221, 251, 5211, 5211, 5211, 304, 212, 5211, 5211, 5211, - 102, 208, 5211, 308, 5211, 268, 318, 206, 322, 111, - 0, 326, 0, 0, 201, 170, 217, 317, 193, 309, - 312, 307, 183, 310, 332, 313, 311, 328, 330, 245, - 336, 335, 358, 156, 347, 362, 376, 357, 355, 382, - - 363, 385, 373, 388, 372, 384, 391, 399, 411, 403, - 426, 404, 408, 418, 413, 419, 438, 429, 448, 434, - 439, 415, 460, 453, 445, 459, 164, 174, 141, 296, - 134, 498, 165, 122, 312, 115, 502, 508, 0, 475, - 494, 443, 491, 501, 488, 496, 492, 521, 515, 517, - 525, 569, 513, 510, 526, 527, 528, 538, 547, 542, - 552, 548, 555, 571, 579, 565, 570, 575, 594, 605, - 608, 600, 593, 612, 610, 622, 623, 617, 616, 619, - 613, 628, 626, 637, 641, 642, 643, 639, 652, 640, - 664, 667, 651, 663, 666, 680, 668, 676, 695, 681, - - 684, 700, 685, 686, 693, 708, 711, 710, 703, 707, - 709, 706, 736, 720, 344, 740, 748, 726, 735, 751, - 752, 746, 744, 743, 758, 760, 764, 768, 762, 769, - 781, 771, 797, 775, 770, 785, 792, 809, 807, 799, - 796, 805, 801, 812, 806, 844, 254, 826, 831, 827, - 841, 852, 481, 830, 854, 845, 858, 853, 839, 868, - 856, 862, 888, 870, 880, 889, 904, 897, 892, 890, - 894, 900, 903, 920, 960, 923, 930, 921, 924, 929, - 926, 908, 931, 957, 940, 953, 956, 958, 980, 964, - 970, 983, 1010, 973, 995, 996, 1000, 990, 1020, 998, - - 1004, 1026, 1019, 1025, 1029, 1023, 1002, 1013, 1036, 1040, - 1053, 1059, 1045, 1065, 1069, 1047, 1061, 1067, 1072, 1077, - 1082, 1062, 1089, 5211, 1097, 1080, 1092, 1075, 1088, 1106, - 5211, 1093, 1102, 1107, 1116, 1114, 1125, 1124, 1135, 1119, - 1117, 1115, 1134, 1140, 1142, 1144, 1149, 1195, 1150, 1153, - 1157, 1183, 1151, 1165, 1189, 1131, 1192, 1171, 1179, 1187, - 1205, 1182, 1220, 1199, 1214, 1212, 1230, 1209, 1228, 1219, - 1229, 1235, 1126, 1232, 1238, 1246, 1248, 1255, 1262, 1272, - 1253, 1274, 1279, 1257, 1283, 1286, 1291, 1267, 1287, 1293, - 1295, 1294, 1299, 1276, 1306, 1302, 1303, 1324, 1310, 1311, - - 1322, 1321, 1315, 1334, 1338, 1346, 1342, 1339, 1348, 1344, - 1364, 1361, 1375, 1355, 1380, 1373, 1366, 1382, 1368, 1385, - 1386, 1387, 1398, 1388, 1391, 1410, 1411, 1418, 1426, 1422, - 1408, 1428, 1414, 1415, 1425, 1419, 1446, 1431, 1441, 1416, - 1447, 1468, 1451, 1453, 1464, 1471, 1458, 1474, 1460, 1463, - 1473, 1477, 1483, 1487, 1500, 1502, 1490, 1509, 1503, 1504, - 1514, 1517, 1521, 1501, 1541, 1524, 5211, 1497, 1534, 1528, - 1535, 1529, 1536, 1532, 1580, 5211, 1551, 5211, 5211, 1556, - 5211, 5211, 1561, 1568, 1567, 1576, 1629, 1577, 1569, 1583, - 1588, 1579, 1598, 1610, 1607, 1612, 1618, 1624, 1637, 1625, - - 1626, 1640, 1635, 1654, 1650, 1658, 1656, 1590, 1670, 1682, - 1669, 1673, 1681, 1683, 1666, 1675, 1687, 1671, 1695, 1693, - 1708, 1686, 5211, 1703, 1706, 1716, 1709, 1724, 1711, 1734, - 5211, 1720, 1722, 1735, 1728, 1736, 1739, 1751, 1740, 1747, - 1750, 1761, 1762, 1767, 1757, 1771, 1766, 1783, 1785, 1778, - 1787, 1789, 1790, 1781, 1798, 1794, 1808, 1786, 1807, 1819, - 1803, 1824, 1827, 1817, 1833, 1821, 1812, 1828, 1825, 1870, - 1839, 1826, 1831, 1834, 1857, 1851, 1860, 1867, 1878, 1880, - 1872, 1876, 1861, 1896, 1905, 1900, 1913, 1903, 1920, 1902, - 1922, 1923, 1926, 1927, 1930, 1909, 1933, 1941, 5211, 1960, - - 1956, 1946, 1950, 1968, 1962, 1951, 1953, 1966, 1955, 1971, - 1961, 1977, 1990, 1983, 5211, 1986, 1982, 1992, 1979, 2009, - 2010, 2003, 2019, 1989, 2008, 5211, 2028, 2039, 2022, 2017, - 2018, 2035, 2033, 2048, 2036, 2049, 2056, 2058, 2052, 2063, - 2029, 2062, 2055, 2083, 2074, 2075, 2077, 2080, 2082, 2098, - 5211, 2081, 2102, 2095, 2100, 2115, 2119, 2101, 2117, 2104, - 2120, 2124, 120, 2122, 2126, 2118, 2127, 5211, 76, 2141, - 2133, 2138, 2142, 2145, 2151, 2154, 2143, 2160, 2161, 2162, - 2171, 2165, 2172, 2173, 2176, 2189, 2182, 2196, 2200, 2199, - 2198, 2207, 2193, 2204, 2203, 2209, 2214, 2223, 2239, 2235, - - 2230, 2232, 2241, 2237, 2233, 2240, 2236, 2250, 2238, 2231, - 2264, 5211, 2286, 2270, 2277, 2267, 2288, 2278, 2296, 2276, - 2297, 2289, 2292, 2303, 2305, 2304, 2313, 2307, 2312, 2322, - 2323, 2320, 2314, 2330, 2339, 2342, 2365, 2350, 2332, 5211, - 2349, 2340, 2345, 2359, 2360, 2348, 2369, 2376, 2377, 2375, - 2372, 2394, 2390, 2398, 5211, 2404, 2395, 2409, 2413, 2396, - 2414, 2421, 2419, 2410, 2424, 2425, 2434, 2437, 2417, 2436, - 2440, 5211, 2449, 2453, 2445, 2458, 2459, 2451, 2460, 2473, - 2455, 2456, 2462, 2474, 2464, 2469, 2472, 2491, 2483, 2480, - 2486, 2507, 2493, 2509, 5211, 2526, 2515, 2517, 2521, 2513, - - 2532, 2529, 2534, 2519, 2531, 2537, 2542, 2544, 2543, 2564, - 2548, 2554, 2553, 2561, 2570, 2559, 2572, 2580, 2574, 2565, - 2589, 2581, 2603, 2590, 2597, 2617, 2619, 2620, 2625, 5211, - 2618, 2604, 2623, 2613, 2614, 2639, 2632, 2615, 2624, 2630, - 2644, 2631, 2666, 2646, 2648, 2649, 2650, 2658, 2653, 2664, - 2677, 2681, 2670, 2683, 2685, 2673, 2693, 2690, 2712, 5211, - 2699, 2698, 2716, 2720, 2707, 2711, 5211, 2705, 5211, 2717, - 2732, 2739, 5211, 2728, 5211, 2736, 5211, 2734, 2741, 2725, - 2745, 2748, 2751, 2738, 2757, 2754, 2772, 2749, 2766, 2775, - 2763, 2780, 5211, 2768, 2778, 2787, 2789, 2776, 2790, 2799, - - 2791, 2818, 2817, 2828, 2805, 2831, 2815, 2830, 2827, 5211, - 2812, 2839, 2834, 2821, 2847, 2832, 2857, 2842, 2859, 2845, - 2868, 2879, 2875, 2863, 2866, 2867, 2877, 2883, 2873, 2894, - 2888, 2900, 2889, 2891, 2893, 2903, 2910, 2906, 2928, 2909, - 2915, 2925, 2920, 5211, 2926, 2930, 2936, 2942, 2932, 5211, - 5211, 2901, 2947, 2955, 2949, 2952, 2964, 2977, 2958, 2968, - 2971, 2953, 2980, 2972, 2970, 2985, 2991, 2981, 2978, 3008, - 2998, 3010, 2997, 3025, 3022, 3020, 5211, 3036, 3021, 3046, - 3037, 3024, 3049, 3041, 3047, 5211, 5211, 3051, 3042, 3057, - 3053, 3061, 3063, 3067, 5211, 3069, 3083, 3086, 3088, 3090, - - 3092, 3077, 3082, 3098, 3094, 3096, 3099, 3117, 3112, 3109, - 3120, 3115, 3128, 3137, 3138, 3140, 5211, 3136, 3143, 3139, - 3144, 3148, 3142, 3135, 3147, 3164, 3160, 3167, 3183, 3189, - 3169, 3174, 3168, 3192, 3177, 3198, 3199, 3201, 3206, 3200, - 5211, 3210, 3194, 3215, 3204, 3208, 3213, 3222, 3231, 3226, - 3227, 3238, 3228, 3237, 3236, 3252, 3233, 3260, 3242, 5211, - 3258, 3266, 3253, 3269, 3272, 3256, 3289, 3265, 3284, 5211, - 3292, 3302, 3285, 3294, 3306, 3308, 3307, 3309, 3304, 3295, - 3311, 3298, 3317, 3321, 3319, 3322, 3328, 3332, 3337, 3347, - 3349, 3354, 3357, 3356, 3340, 3348, 3364, 3363, 3369, 3375, - - 3360, 3365, 3397, 3370, 3390, 3387, 3376, 3402, 3383, 3410, - 3395, 5211, 3408, 3414, 3412, 3416, 3398, 3413, 3422, 3417, - 3421, 5211, 3426, 5211, 3424, 5211, 3435, 3433, 3432, 3446, - 3438, 3442, 3460, 3462, 3470, 3454, 5211, 3474, 3453, 3463, - 3469, 5211, 3476, 5211, 5211, 3477, 3479, 3481, 3483, 3484, - 3505, 3509, 5211, 3508, 3494, 3516, 3513, 3497, 3511, 3519, - 3521, 3499, 3524, 3510, 3527, 5211, 3548, 3554, 3537, 3550, - 5211, 3549, 3561, 3541, 3557, 3568, 3560, 3564, 3575, 3551, - 3576, 3574, 3572, 3592, 5211, 3586, 3590, 3607, 3608, 3595, - 3591, 3612, 3616, 3613, 3602, 3635, 3622, 3619, 3618, 5211, - - 3645, 3648, 5211, 3639, 3634, 3640, 5211, 3657, 5211, 3658, - 3655, 3651, 3659, 3633, 3660, 3665, 3674, 3684, 3689, 3685, - 3673, 3691, 3682, 5211, 5211, 3704, 3696, 3706, 3707, 3701, - 3692, 3709, 3717, 5211, 3697, 3725, 3715, 3712, 3740, 3728, - 3731, 3743, 3744, 3735, 3751, 3733, 3734, 5211, 3741, 3739, - 3757, 3758, 3769, 3761, 5211, 3787, 3786, 3780, 3778, 3784, - 3794, 3798, 3799, 3785, 3788, 3802, 3804, 3810, 3811, 3817, - 3818, 3813, 5211, 3828, 3823, 3815, 3835, 3821, 3837, 3838, - 3851, 3836, 3827, 3854, 3853, 3847, 5211, 3829, 3848, 3862, - 3878, 3858, 3864, 3884, 3860, 3887, 3881, 3880, 3895, 3868, - - 3889, 3876, 3896, 3891, 3903, 3916, 3907, 3662, 3922, 5211, - 3911, 5211, 3923, 3934, 3940, 3936, 5211, 3927, 3938, 5211, - 3929, 5211, 3943, 3939, 3955, 3951, 5211, 3957, 3962, 3959, - 3965, 3966, 3964, 3978, 5211, 3981, 3987, 3988, 3989, 3991, - 3982, 3993, 3999, 3995, 4002, 4007, 5211, 4009, 4023, 4003, - 4024, 4029, 5211, 5211, 4021, 4036, 5211, 5211, 5211, 4033, - 5211, 5211, 4034, 4041, 5211, 4042, 5211, 4047, 4043, 4038, - 4045, 4048, 5211, 4030, 4061, 4077, 5211, 4069, 4083, 4064, - 4070, 5211, 4084, 5211, 4081, 4087, 4076, 4088, 4092, 4095, - 4098, 4094, 4100, 4111, 4112, 4114, 4102, 4108, 4130, 4122, - - 4110, 4120, 4119, 4137, 4129, 4142, 4144, 4147, 4149, 4148, - 4162, 5211, 5211, 4145, 4150, 4151, 4163, 4171, 4164, 4167, - 4181, 5211, 4186, 4187, 4190, 4188, 4198, 4200, 4204, 4202, - 4199, 4205, 4201, 4207, 4214, 4230, 4217, 5211, 4223, 5211, - 5211, 4231, 4236, 4238, 4225, 4241, 4253, 4250, 5211, 4246, - 4252, 4255, 4257, 5211, 4271, 4266, 4272, 4274, 5211, 5211, - 5211, 4275, 4265, 4280, 4286, 4290, 4277, 4292, 5211, 4279, - 4303, 4304, 4305, 4310, 4311, 4209, 4319, 4315, 4325, 5211, - 5211, 4330, 4329, 4323, 4331, 4326, 4335, 4334, 4332, 5211, - 4342, 4336, 4351, 4356, 4366, 4372, 4367, 5211, 4355, 4357, - - 4360, 4380, 4369, 4381, 4385, 4378, 4384, 5211, 4400, 4397, - 5211, 4391, 4405, 4399, 5211, 4420, 5211, 4398, 5211, 5211, - 4403, 4427, 4426, 4431, 4433, 4434, 4417, 4424, 4443, 4440, - 4441, 5211, 5211, 4436, 4447, 5211, 5211, 4458, 4452, 4446, - 4439, 4463, 4471, 4461, 4470, 4462, 4482, 4486, 4479, 4488, - 4472, 4474, 4485, 4491, 4496, 5211, 4517, 4521, 5211, 4507, - 4526, 4527, 4519, 4514, 4530, 4520, 4523, 5211, 4536, 4537, - 4510, 5211, 5211, 5211, 4534, 4541, 4556, 5211, 4562, 4561, - 4551, 4552, 4569, 4557, 4581, 4555, 4585, 5211, 4568, 4576, - 4586, 4589, 4590, 4588, 4592, 4597, 4601, 4583, 4621, 4603, - - 5211, 4623, 4620, 5211, 4627, 4614, 4612, 5211, 4628, 4626, - 4615, 4643, 4644, 4632, 4633, 4638, 4646, 4654, 4648, 4652, - 4650, 4667, 4665, 4674, 5211, 4676, 4661, 5211, 4681, 4673, - 4684, 4690, 4691, 4697, 4693, 5211, 4699, 5211, 4701, 5211, - 4704, 4692, 4696, 4712, 4710, 5211, 5211, 4713, 4722, 4725, - 5211, 4729, 4723, 4709, 4728, 4741, 4724, 4733, 5211, 5211, - 4726, 4743, 4747, 4760, 5211, 5211, 5211, 4763, 5211, 4762, - 5211, 4767, 4755, 5211, 4775, 4761, 5211, 4765, 4777, 4778, - 4754, 4780, 4787, 4792, 4793, 4782, 4784, 5211, 5211, 4799, - 5211, 4800, 5211, 4812, 5211, 4803, 4816, 5211, 5211, 4820, - - 4804, 4824, 4794, 4805, 4821, 5211, 5211, 5211, 5211, 4830, - 4826, 4825, 4814, 4831, 4839, 4842, 4844, 4836, 4845, 4857, - 4863, 4850, 4864, 4874, 4866, 5211, 4870, 4869, 4878, 4882, - 4873, 4886, 4884, 4890, 4889, 4897, 4905, 4900, 4893, 4916, - 4909, 4922, 4924, 4933, 4934, 4925, 4926, 4940, 4935, 4945, - 4949, 4951, 4954, 4950, 5211, 4952, 4955, 4956, 4967, 4958, - 4965, 4969, 4986, 4992, 4984, 4991, 4985, 4999, 4996, 5001, - 4990, 5000, 5002, 5211, 5017, 5019, 5014, 5015, 5036, 5020, - 5026, 5042, 5038, 5047, 5040, 5050, 5048, 5211, 5051, 5211, - 5211, 5052, 5049, 5061, 5058, 5059, 5211, 5211, 5211, 5119, - - 5126, 5133, 5140, 5147, 82, 5154, 5161, 5168, 5175, 5182, - 5189, 5196, 5203 + 129, 135, 354, 275, 95, 5624, 5624, 5624, 107, 110, + 142, 180, 108, 145, 152, 186, 50, 149, 121, 182, + 210, 177, 254, 137, 225, 229, 205, 227, 273, 116, + 271, 5624, 5624, 5624, 94, 268, 5624, 5624, 5624, 96, + 261, 295, 5624, 5624, 5624, 299, 256, 5624, 5624, 5624, + 102, 250, 5624, 318, 5624, 141, 322, 228, 326, 111, + 0, 330, 0, 0, 257, 235, 277, 324, 310, 266, + 323, 314, 125, 312, 348, 322, 326, 341, 320, 351, + 339, 359, 357, 374, 209, 362, 378, 392, 358, 373, + + 386, 404, 389, 405, 410, 398, 379, 424, 409, 435, + 414, 432, 422, 430, 431, 429, 445, 218, 441, 464, + 456, 450, 455, 477, 481, 472, 460, 483, 224, 174, + 220, 150, 172, 524, 206, 159, 272, 122, 528, 536, + 0, 495, 519, 307, 515, 525, 513, 520, 514, 528, + 542, 539, 547, 468, 557, 601, 552, 546, 540, 549, + 559, 564, 580, 573, 574, 581, 572, 592, 598, 625, + 586, 611, 602, 633, 640, 639, 632, 623, 643, 642, + 655, 659, 649, 650, 651, 660, 658, 666, 654, 652, + 670, 679, 676, 690, 677, 682, 702, 685, 706, 703, + + 715, 697, 707, 712, 718, 722, 729, 724, 726, 725, + 733, 754, 750, 758, 742, 743, 745, 756, 751, 763, + 760, 772, 454, 778, 791, 780, 782, 795, 790, 793, + 784, 787, 799, 803, 805, 812, 807, 815, 814, 823, + 837, 813, 826, 841, 828, 829, 839, 852, 854, 849, + 850, 860, 862, 872, 863, 889, 509, 877, 878, 886, + 873, 884, 903, 909, 905, 900, 912, 896, 904, 925, + 918, 921, 944, 923, 939, 934, 950, 935, 959, 936, + 942, 954, 970, 961, 1015, 963, 983, 998, 985, 974, + 981, 994, 995, 986, 1008, 1011, 1019, 1022, 1036, 1020, + + 1038, 1025, 1047, 1032, 1055, 551, 1042, 1052, 1054, 1057, + 1074, 1069, 1079, 1067, 1064, 1077, 1081, 1075, 1084, 1100, + 1096, 1093, 1110, 1115, 1113, 1120, 1117, 1111, 1127, 1129, + 1126, 1112, 1123, 1140, 1131, 1160, 1158, 1143, 1165, 5624, + 1167, 1148, 1170, 1162, 1153, 1172, 5624, 1156, 1182, 1190, + 1138, 1197, 1181, 1199, 1185, 1214, 1193, 1195, 1217, 1203, + 1220, 1211, 1209, 1259, 1219, 1230, 1234, 1257, 1253, 1243, + 1268, 1246, 1273, 1264, 1270, 1266, 1280, 1288, 1298, 1295, + 1292, 1301, 1231, 5624, 1309, 1318, 1305, 1302, 1308, 1315, + 1324, 1322, 1331, 1327, 1330, 1326, 1347, 1343, 1340, 1369, + + 1349, 1355, 1363, 1368, 1371, 1372, 1379, 1357, 1375, 1358, + 1383, 1385, 1384, 1386, 1373, 1396, 1389, 1395, 1416, 1390, + 1402, 1407, 1421, 1413, 1405, 1422, 1430, 1435, 1432, 1436, + 1429, 1440, 1449, 1458, 1448, 1444, 1471, 1475, 1468, 1462, + 1467, 1483, 1477, 1487, 1488, 1479, 1490, 1486, 1503, 1497, + 1510, 1509, 1515, 1525, 1521, 1513, 1526, 1504, 1511, 1514, + 1524, 1530, 1536, 1543, 1546, 1547, 1550, 1571, 1549, 1556, + 1561, 1574, 1569, 1576, 1563, 1567, 1584, 1592, 1577, 1593, + 1605, 1607, 1596, 1608, 1609, 1602, 1613, 1620, 1627, 1617, + 1629, 1637, 1624, 5624, 1632, 1635, 1649, 1651, 1640, 1665, + + 1660, 1648, 1644, 1692, 5624, 1657, 5624, 5624, 1662, 5624, + 5624, 1682, 1675, 1690, 1685, 1678, 1741, 1683, 1680, 1695, + 1700, 1723, 1722, 1734, 1724, 1736, 1747, 1751, 1750, 1738, + 1757, 1763, 1766, 1765, 1770, 1774, 1777, 1778, 1790, 1788, + 1730, 1798, 1799, 1800, 1801, 1803, 1813, 1814, 1817, 1815, + 1808, 1812, 1829, 1818, 1828, 5624, 1823, 1840, 1850, 1838, + 1842, 1839, 1833, 1860, 5624, 1841, 1867, 1861, 1858, 1864, + 1873, 1874, 1888, 1877, 1884, 1887, 1885, 1894, 1900, 1875, + 1898, 1902, 1911, 1921, 1922, 1909, 1919, 1927, 1913, 1936, + 1943, 1938, 1924, 1939, 1948, 1930, 1947, 1944, 1956, 1945, + + 1963, 1954, 1958, 1964, 1966, 2011, 1975, 1980, 1977, 1971, + 1997, 1991, 1983, 1985, 1994, 2013, 2010, 2024, 2026, 2028, + 2009, 2034, 2040, 2038, 2045, 2075, 2050, 2055, 2057, 2051, + 2069, 2059, 2072, 2065, 2066, 2068, 2084, 5624, 2078, 2097, + 2090, 2091, 2117, 2111, 2095, 2110, 2107, 2120, 2106, 2121, + 2112, 2128, 2131, 2136, 2134, 5624, 2130, 2144, 2139, 2155, + 2159, 2163, 2156, 2166, 2174, 2171, 5624, 2161, 2179, 2195, + 2170, 2188, 2183, 2190, 2187, 2182, 2192, 2200, 2215, 2219, + 2212, 2209, 2222, 2208, 2229, 2223, 2230, 2226, 2235, 2239, + 2245, 2252, 2256, 2262, 5624, 2246, 2260, 2265, 2257, 2274, + + 2278, 2280, 2275, 2279, 2283, 2281, 106, 2282, 2290, 2285, + 2286, 5624, 2296, 90, 2302, 2303, 2294, 2323, 2332, 2328, + 2329, 2321, 2322, 2339, 2325, 2327, 2330, 2338, 2349, 2347, + 2355, 2352, 2345, 2357, 2374, 2376, 2378, 2372, 2380, 2371, + 2379, 2382, 2373, 2406, 2398, 5624, 2414, 2412, 2405, 2403, + 2408, 2419, 2415, 2409, 2410, 2416, 2445, 2425, 2436, 2448, + 5624, 2397, 2446, 2454, 2439, 2463, 2452, 2469, 2455, 2466, + 2470, 2472, 2467, 2481, 2487, 2495, 2483, 2497, 2503, 2496, + 2501, 2499, 2491, 2515, 2520, 2512, 2521, 2544, 2540, 176, + 2523, 5624, 2539, 2530, 2528, 2529, 2563, 2555, 2556, 2566, + + 2565, 2567, 2559, 2570, 2551, 2573, 2554, 5624, 2581, 2593, + 2580, 2605, 2589, 2610, 2607, 2592, 2614, 2597, 2616, 2615, + 2622, 2628, 2620, 2624, 2626, 5624, 2632, 2635, 2640, 2639, + 2637, 2642, 2641, 2658, 2643, 2651, 2653, 2678, 2667, 2655, + 2665, 2666, 2682, 2669, 2670, 2673, 2694, 2686, 2692, 2696, + 5624, 2693, 2729, 2697, 2709, 2705, 2713, 2734, 2731, 2726, + 2719, 2721, 2723, 2740, 2725, 2739, 2751, 2742, 2730, 2761, + 2757, 2748, 2762, 2764, 2774, 2778, 2775, 2776, 2772, 2782, + 2786, 2790, 2788, 2799, 2800, 2813, 2815, 5624, 2818, 2819, + 2804, 2820, 2821, 2809, 2833, 2834, 2812, 2837, 2838, 2827, + + 2839, 2845, 2841, 2844, 2848, 2850, 2854, 2860, 2849, 2864, + 2881, 2883, 2876, 2889, 2887, 2891, 2880, 2890, 2885, 2921, + 5624, 2884, 2902, 2919, 2901, 2912, 2914, 2925, 5624, 2915, + 5624, 2931, 2937, 2939, 5624, 2943, 5624, 2944, 2929, 5624, + 2946, 2952, 2932, 2950, 2941, 2957, 2954, 2978, 2963, 2984, + 2964, 2976, 2988, 2974, 2989, 5624, 2995, 2979, 2990, 2998, + 3002, 3003, 3008, 2991, 3012, 3031, 3035, 3041, 3016, 3042, + 5624, 3030, 3045, 3027, 3043, 5624, 3024, 3051, 3053, 3054, + 3079, 3057, 3056, 3068, 3059, 3062, 3063, 3098, 3095, 3081, + 3083, 3080, 3107, 3106, 3109, 3090, 3110, 3116, 3114, 3103, + + 3108, 3112, 3104, 3135, 3131, 3124, 3129, 3130, 3138, 3133, + 5624, 3153, 3156, 3148, 3157, 3158, 3162, 5624, 3172, 5624, + 3141, 3169, 3179, 3168, 3185, 3177, 3183, 3199, 3189, 3176, + 3207, 3195, 3204, 3200, 3206, 3205, 3212, 5624, 3216, 3219, + 3222, 3236, 3231, 3248, 3254, 3247, 3239, 5624, 3234, 3244, + 3260, 3258, 3264, 3268, 3276, 3277, 3291, 5624, 5624, 3274, + 3297, 3285, 3281, 3283, 3280, 3295, 3296, 5624, 3286, 3312, + 3304, 3323, 3325, 3310, 3317, 5624, 3320, 3334, 3331, 3341, + 3337, 3339, 3344, 3346, 3342, 3338, 3347, 3359, 3357, 3370, + 5624, 3372, 3373, 3379, 3376, 3380, 3383, 3381, 3374, 3386, + + 3402, 3375, 3390, 3394, 3400, 3404, 3407, 3403, 3414, 3408, + 3433, 3415, 3437, 3435, 3444, 3440, 5624, 3448, 3427, 3450, + 3422, 3456, 3457, 3452, 3468, 3441, 3449, 3463, 3466, 5624, + 3451, 3470, 3473, 3472, 3488, 3474, 3483, 3501, 3503, 5624, + 3495, 3506, 3496, 3510, 3515, 3493, 3525, 3508, 3520, 5624, + 3522, 3516, 3521, 3532, 3544, 3549, 3550, 3551, 3546, 3537, + 3543, 3548, 3564, 3547, 3553, 3568, 3566, 3571, 3570, 3582, + 3593, 3591, 3588, 3594, 3601, 3595, 3597, 3587, 3576, 3602, + 3623, 3608, 3604, 3613, 3637, 3624, 3635, 3629, 3617, 3649, + 3626, 3650, 3643, 5624, 3644, 3653, 3658, 3659, 3640, 3666, + + 3656, 3667, 3669, 5624, 3674, 5624, 3662, 3683, 5624, 3685, + 3684, 3671, 3681, 3686, 3688, 3698, 3709, 3713, 3689, 5624, + 3720, 3701, 3717, 3718, 5624, 3723, 5624, 3722, 5624, 3724, + 3728, 3737, 3735, 3755, 3741, 3757, 5624, 3751, 3740, 3762, + 3764, 3750, 3749, 3768, 3769, 3748, 3777, 3766, 3779, 5624, + 3789, 3795, 3784, 3798, 3805, 5624, 3800, 5624, 3796, 3814, + 3791, 3815, 3826, 3829, 3830, 3813, 3818, 3819, 3843, 3836, + 3825, 5624, 3832, 3840, 3850, 3863, 3853, 3846, 3847, 3867, + 3869, 3870, 3874, 3877, 3884, 3876, 3875, 5624, 3895, 3902, + 5624, 3892, 3888, 3898, 3901, 5624, 3912, 5624, 3914, 3906, + + 3899, 3922, 3923, 3927, 3930, 3919, 3933, 3935, 3929, 3959, + 3944, 3941, 5624, 5624, 3953, 3957, 3970, 3971, 3962, 3955, + 3979, 3976, 3977, 5624, 3958, 3982, 3967, 3980, 3986, 3978, + 3999, 3992, 3998, 3997, 4006, 3994, 4008, 5624, 4009, 4007, + 4013, 4022, 4023, 4004, 4024, 5624, 4032, 4043, 4035, 4038, + 4040, 4055, 4058, 4060, 4051, 4050, 4061, 4069, 4074, 4057, + 4081, 4068, 4089, 4091, 4073, 5624, 4093, 4094, 4078, 4099, + 4084, 4100, 4101, 4114, 4107, 4090, 4095, 4113, 4112, 5624, + 4118, 4120, 4108, 4140, 4146, 4129, 4149, 4125, 4152, 4145, + 5624, 4150, 4155, 4136, 4156, 4137, 4163, 4179, 4159, 4182, + + 4183, 4180, 4170, 4189, 5624, 4178, 5624, 4190, 4201, 4204, + 4213, 4210, 5624, 4197, 4206, 5624, 4196, 5624, 4224, 4229, + 4216, 4226, 4244, 5624, 4245, 4233, 4249, 4240, 4241, 4239, + 4261, 5624, 4242, 4267, 4248, 4259, 4260, 4263, 4278, 4277, + 4273, 4279, 4282, 4289, 5624, 4285, 4291, 4302, 4305, 4297, + 5624, 5624, 4300, 4316, 5624, 5624, 5624, 4303, 5624, 4307, + 5624, 5624, 4310, 4321, 5624, 4331, 5624, 4306, 4334, 4320, + 4323, 4333, 5624, 4327, 4337, 4339, 5624, 4342, 4357, 4341, + 4340, 5624, 4356, 5624, 4365, 4369, 4360, 4372, 4375, 4379, + 4380, 4373, 4363, 4387, 4382, 4383, 4391, 4384, 4393, 4405, + + 4408, 4397, 4399, 4412, 4404, 4415, 4426, 4424, 4416, 4414, + 4432, 4440, 4438, 4447, 4448, 5624, 5624, 4442, 4439, 4446, + 4450, 4469, 4459, 4453, 4480, 5624, 4458, 4473, 4465, 4484, + 4472, 4475, 4476, 4474, 4485, 4488, 4517, 4498, 4507, 4500, + 4518, 4506, 5624, 4515, 4509, 5624, 5624, 4510, 4529, 4535, + 4525, 4520, 4539, 4537, 5624, 4533, 4550, 4558, 4556, 5624, + 4561, 4544, 4570, 4572, 5624, 5624, 5624, 4573, 4557, 4565, + 4567, 4575, 4577, 4568, 4581, 5624, 4571, 4588, 4605, 4596, + 4591, 4612, 4614, 4617, 4623, 4619, 4625, 4626, 5624, 5624, + 4615, 4631, 4629, 4630, 4627, 4632, 4637, 4638, 4649, 5624, + + 4663, 4662, 4650, 4656, 4664, 4670, 4674, 4671, 5624, 4659, + 4665, 4684, 4681, 4690, 4695, 4683, 4699, 4705, 4710, 5624, + 4707, 4706, 5624, 4714, 4711, 4708, 5624, 4720, 5624, 4724, + 5624, 5624, 4729, 4726, 4728, 4736, 4744, 4757, 4758, 4741, + 4746, 4644, 4761, 4763, 5624, 5624, 4769, 4747, 4756, 4768, + 5624, 5624, 4772, 4764, 4773, 4774, 4783, 4766, 4775, 4779, + 4804, 4794, 4810, 4814, 4816, 4802, 4819, 4800, 4796, 4823, + 4806, 4808, 5624, 4834, 4833, 4843, 5624, 4838, 4852, 4850, + 4849, 4842, 4866, 4851, 4859, 5624, 4862, 4855, 5624, 4847, + 5624, 5624, 5624, 4875, 4886, 4879, 5624, 4885, 4896, 5624, + + 4892, 4894, 4881, 4877, 4884, 4904, 4898, 4914, 4893, 4922, + 5624, 4907, 4920, 4929, 4924, 4934, 4930, 4917, 4921, 4942, + 4941, 4928, 4952, 4944, 5624, 4958, 4959, 4965, 5624, 4972, + 4955, 4951, 4957, 5624, 4979, 4969, 4966, 4987, 4989, 4981, + 4982, 4971, 4995, 5001, 5010, 5624, 4993, 4992, 5014, 5008, + 5006, 5027, 5028, 5024, 5624, 5026, 5015, 5624, 5029, 5031, + 5016, 5042, 5048, 5049, 5050, 5054, 5624, 5060, 5624, 5624, + 5061, 5624, 5064, 5051, 5063, 5057, 5067, 5074, 5624, 5624, + 5072, 5068, 5077, 5624, 5076, 5078, 5092, 5073, 5094, 5090, + 5095, 5109, 5093, 5110, 5624, 5624, 5112, 5624, 5113, 5116, + + 5124, 5624, 5624, 5624, 5118, 5624, 5129, 5624, 5130, 5131, + 5120, 5624, 5144, 5135, 5624, 5145, 5137, 5147, 5152, 5165, + 5161, 5142, 5153, 5157, 5176, 5177, 5164, 5170, 5624, 5624, + 5185, 5624, 5186, 5624, 5180, 5187, 5624, 5184, 5197, 5191, + 5199, 5624, 5624, 5212, 5204, 5203, 5214, 5201, 5209, 5205, + 5624, 5624, 5624, 5226, 5624, 5218, 5223, 5224, 5624, 5241, + 5242, 5239, 5244, 5245, 5232, 5248, 5240, 5237, 5264, 5274, + 5276, 5272, 5275, 5256, 5271, 5282, 5278, 5293, 5624, 5279, + 5624, 5624, 5291, 5299, 5300, 5297, 5301, 5296, 5624, 5298, + 5303, 5304, 5316, 5313, 5328, 5330, 5326, 5346, 5331, 5343, + + 5349, 5342, 5338, 5350, 5344, 5360, 5363, 5356, 5365, 5353, + 5624, 5359, 5370, 5375, 5372, 5395, 5393, 5381, 5402, 5404, + 5408, 5407, 5391, 5368, 5412, 5417, 5409, 5421, 5423, 5624, + 5433, 5440, 5430, 5435, 5446, 5437, 5439, 5451, 5443, 5461, + 5459, 5463, 5464, 5624, 5470, 5624, 5624, 5472, 5465, 5474, + 5480, 5482, 5624, 5624, 5624, 5532, 5539, 5546, 5553, 5560, + 82, 5567, 5574, 5581, 5588, 5595, 5602, 5609, 5616 } ; -static yyconst flex_int16_t yy_def[1814] = +static yyconst flex_int16_t yy_def[1970] = { 0, - 1799, 1, 1800, 1800, 1801, 1801, 1802, 1802, 1803, 1803, - 1804, 1804, 1799, 1805, 1799, 1799, 1799, 1799, 1806, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1807, 1799, 1799, 1799, 1807, 1808, 1799, 1799, 1799, 1808, - 1809, 1799, 1799, 1799, 1799, 1809, 1810, 1799, 1799, 1799, - 1810, 1811, 1799, 1812, 1799, 1811, 1811, 1805, 1805, 1799, - 1813, 1806, 1813, 1806, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1807, 1807, 1808, 1808, - 1809, 1809, 1799, 1810, 1810, 1811, 1811, 1812, 1812, 1811, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1811, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1811, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1811, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1811, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1799, 1799, 1805, - 1799, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1811, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1811, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1799, 1805, - 1805, 1805, 1799, 1805, 1799, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1799, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1799, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1799, 1805, 1799, 1805, 1799, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1799, 1805, 1799, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - - 1805, 1805, 1799, 1805, 1805, 1805, 1799, 1805, 1799, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1799, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1799, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1799, - 1805, 1799, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1799, 1799, 1805, 1805, 1799, 1799, 1799, 1805, - 1799, 1799, 1805, 1805, 1799, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1799, 1805, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1799, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1799, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1799, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, - 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1799, 1799, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, - - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, - 1799, 1805, 1805, 1805, 1799, 1805, 1799, 1805, 1799, 1799, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1799, 1799, 1805, 1805, 1799, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1799, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, - 1805, 1799, 1799, 1799, 1805, 1805, 1805, 1799, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - - 1799, 1805, 1805, 1799, 1805, 1805, 1805, 1799, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1799, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1799, 1805, 1799, - 1805, 1805, 1805, 1805, 1805, 1799, 1799, 1805, 1805, 1805, - 1799, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1799, - 1805, 1805, 1805, 1805, 1799, 1799, 1799, 1805, 1799, 1805, - 1799, 1805, 1805, 1799, 1805, 1805, 1799, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1799, 1805, - 1799, 1805, 1799, 1805, 1799, 1805, 1805, 1799, 1799, 1805, - - 1805, 1805, 1805, 1805, 1805, 1799, 1799, 1799, 1799, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1799, 1805, 1805, 1805, 1805, 1805, 1805, - 1805, 1805, 1805, 1805, 1805, 1805, 1805, 1799, 1805, 1799, - 1799, 1805, 1805, 1805, 1805, 1805, 1799, 1799, 0, 1799, - - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799 + 1955, 1, 1956, 1956, 1957, 1957, 1958, 1958, 1959, 1959, + 1960, 1960, 1955, 1961, 1955, 1955, 1955, 1955, 1962, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1963, 1955, 1955, 1955, 1963, 1964, 1955, 1955, 1955, 1964, + 1965, 1955, 1955, 1955, 1955, 1965, 1966, 1955, 1955, 1955, + 1966, 1967, 1955, 1968, 1955, 1967, 1967, 1961, 1961, 1955, + 1969, 1962, 1969, 1962, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1963, 1963, + 1964, 1964, 1965, 1965, 1955, 1966, 1966, 1967, 1967, 1968, + 1968, 1967, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1955, 1967, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, 1961, + 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1955, 1961, 1955, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1967, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1955, 1961, 1967, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, + 1955, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1955, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1955, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1961, + 1961, 1961, 1955, 1961, 1961, 1955, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, + 1955, 1955, 1961, 1961, 1955, 1955, 1955, 1961, 1955, 1961, + 1955, 1955, 1961, 1961, 1955, 1961, 1955, 1961, 1961, 1961, + 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, 1961, 1961, + 1961, 1955, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1955, 1961, 1961, 1955, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1955, 1955, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, 1955, 1961, + 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1955, 1961, 1961, 1961, 1961, + 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1955, 1961, + 1955, 1955, 1955, 1961, 1961, 1961, 1955, 1961, 1961, 1955, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1955, 1961, + 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1961, 1961, 1955, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, 1955, 1955, + 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, + 1961, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1955, 1955, 1961, 1955, 1961, 1961, + + 1961, 1955, 1955, 1955, 1961, 1955, 1961, 1955, 1961, 1961, + 1961, 1955, 1961, 1961, 1955, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1955, + 1961, 1955, 1961, 1955, 1961, 1961, 1955, 1961, 1961, 1961, + 1961, 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1955, 1955, 1961, 1955, 1961, 1961, 1961, 1955, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, + 1955, 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1955, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1955, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1955, + 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, 1961, + 1961, 1961, 1961, 1955, 1961, 1955, 1955, 1961, 1961, 1961, + 1961, 1961, 1955, 1955, 0, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955 } ; -static yyconst flex_int16_t yy_nxt[5277] = +static yyconst flex_uint16_t yy_nxt[5690] = { 0, 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, 14, 18, 20, 14, 21, 22, 23, 24, 14, 25, @@ -1035,582 +1098,627 @@ 14, 21, 22, 23, 24, 14, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 14, 14, 14, 14, 42, 43, 44, 42, 43, - 44, 47, 48, 47, 48, 49, 88, 49, 52, 53, + 44, 47, 48, 47, 48, 49, 96, 49, 52, 53, 54, 55, 68, 18, 52, 53, 54, 55, 69, 18, - 58, 59, 60, 58, 59, 60, 70, 127, 127, 129, + 58, 59, 60, 58, 59, 60, 70, 129, 129, 131, - 71, 45, 129, 88, 45, 134, 134, 50, 73, 50, - 73, 73, 70, 73, 137, 56, 71, 68, 73, 68, - 68, 56, 68, 86, 75, 76, 61, 68, 776, 61, + 71, 45, 131, 96, 45, 136, 136, 50, 73, 50, + 73, 73, 70, 73, 830, 56, 71, 68, 73, 68, + 68, 56, 68, 86, 75, 76, 61, 68, 139, 61, 15, 16, 17, 63, 64, 65, 15, 16, 17, 63, - 64, 65, 77, 87, 95, 74, 69, 97, 69, 66, - 86, 75, 76, 137, 78, 66, 69, 89, 69, 69, - 135, 79, 111, 165, 96, 90, 133, 67, 80, 77, - 87, 95, 132, 67, 97, 69, 66, 127, 127, 130, - 69, 78, 66, 69, 89, 142, 69, 91, 79, 111, - 92, 96, 90, 98, 69, 80, 81, 93, 105, 94, - - 82, 99, 128, 83, 69, 84, 85, 100, 69, 102, - 69, 101, 142, 103, 91, 141, 150, 92, 69, 69, - 98, 69, 146, 81, 93, 105, 94, 82, 99, 104, - 83, 69, 84, 85, 100, 69, 102, 112, 101, 69, - 103, 113, 141, 150, 69, 120, 137, 121, 143, 146, - 135, 114, 133, 123, 115, 69, 104, 106, 124, 132, - 158, 107, 122, 69, 112, 324, 69, 108, 113, 125, - 109, 69, 120, 126, 121, 143, 116, 110, 114, 69, - 123, 115, 130, 69, 106, 124, 117, 158, 107, 122, - 118, 119, 69, 140, 108, 69, 125, 109, 69, 129, - - 126, 128, 129, 116, 110, 131, 137, 131, 131, 73, - 131, 73, 73, 117, 73, 134, 134, 118, 119, 136, - 140, 136, 136, 68, 136, 68, 68, 73, 68, 73, - 73, 144, 73, 68, 147, 148, 149, 73, 154, 152, - 151, 69, 155, 1799, 145, 69, 139, 69, 69, 69, - 69, 69, 159, 290, 1799, 69, 153, 156, 144, 157, - 160, 147, 148, 149, 74, 154, 69, 151, 69, 155, - 69, 145, 161, 69, 69, 162, 1799, 166, 167, 159, - 172, 174, 69, 153, 156, 69, 157, 160, 163, 164, - 169, 176, 171, 69, 170, 69, 69, 173, 168, 161, - - 69, 69, 162, 178, 166, 167, 180, 172, 174, 175, - 69, 69, 177, 179, 69, 163, 164, 169, 176, 171, - 69, 170, 69, 69, 173, 168, 69, 182, 181, 69, - 178, 183, 187, 180, 184, 186, 175, 69, 185, 177, - 179, 69, 69, 189, 188, 191, 69, 197, 190, 69, - 205, 69, 192, 69, 182, 181, 69, 69, 183, 187, - 193, 184, 186, 195, 69, 185, 196, 69, 201, 200, - 189, 188, 69, 198, 197, 190, 69, 69, 1799, 192, - 194, 69, 1799, 69, 1799, 1799, 69, 193, 202, 203, - 195, 69, 331, 196, 199, 201, 200, 69, 69, 131, - - 198, 131, 131, 136, 131, 136, 136, 194, 136, 73, - 204, 73, 73, 137, 73, 202, 203, 206, 208, 69, - 207, 199, 209, 210, 214, 222, 69, 1799, 211, 69, - 69, 213, 69, 212, 69, 215, 1799, 204, 1799, 69, - 223, 1799, 224, 226, 206, 208, 139, 207, 69, 209, - 210, 69, 222, 69, 227, 69, 216, 1799, 213, 69, - 212, 225, 1799, 69, 69, 69, 69, 223, 229, 224, - 226, 233, 228, 1799, 1799, 230, 69, 232, 231, 1799, - 69, 227, 239, 216, 217, 69, 69, 234, 225, 218, - 69, 235, 1799, 69, 219, 229, 237, 238, 233, 228, - - 220, 221, 230, 69, 232, 231, 240, 69, 69, 69, - 236, 217, 241, 69, 234, 243, 218, 69, 235, 246, - 244, 219, 242, 237, 238, 245, 247, 220, 221, 248, - 249, 69, 69, 240, 1799, 250, 252, 236, 69, 1799, - 251, 1799, 1799, 69, 253, 254, 69, 244, 69, 242, - 69, 69, 245, 247, 69, 69, 256, 69, 258, 255, - 69, 69, 250, 252, 69, 257, 69, 251, 261, 259, - 260, 253, 254, 262, 265, 69, 267, 69, 69, 69, - 69, 69, 266, 256, 268, 258, 255, 269, 273, 69, - 69, 275, 257, 263, 264, 261, 259, 260, 270, 271, - - 262, 69, 69, 267, 69, 69, 69, 272, 278, 266, - 274, 268, 280, 276, 69, 281, 279, 283, 69, 69, - 263, 264, 69, 137, 69, 270, 271, 282, 286, 284, - 277, 69, 289, 69, 272, 278, 285, 274, 69, 280, - 276, 69, 287, 279, 69, 69, 69, 69, 69, 69, - 288, 298, 291, 293, 282, 286, 284, 277, 69, 289, - 292, 294, 1799, 285, 69, 295, 297, 296, 299, 287, - 300, 302, 1799, 69, 69, 1799, 301, 288, 69, 291, - 293, 69, 69, 307, 69, 310, 69, 292, 294, 69, - 69, 304, 295, 297, 296, 299, 69, 300, 69, 303, - - 69, 305, 69, 301, 309, 306, 69, 69, 69, 69, - 307, 308, 310, 69, 311, 312, 313, 1799, 304, 69, - 1799, 314, 315, 69, 316, 318, 303, 317, 305, 321, - 69, 309, 306, 319, 69, 69, 320, 69, 308, 69, - 325, 311, 312, 69, 69, 69, 332, 69, 314, 315, - 69, 316, 318, 328, 317, 1799, 321, 322, 323, 326, - 319, 329, 327, 320, 69, 69, 333, 325, 69, 69, - 337, 334, 330, 332, 335, 338, 336, 69, 340, 69, - 328, 1799, 69, 69, 322, 323, 326, 339, 329, 327, - 69, 69, 69, 333, 69, 343, 69, 337, 334, 330, - - 69, 335, 341, 336, 342, 340, 69, 344, 69, 347, - 345, 348, 346, 349, 339, 371, 350, 355, 69, 1799, - 353, 352, 343, 1799, 351, 354, 69, 69, 69, 341, - 69, 342, 69, 356, 344, 69, 347, 345, 69, 346, - 349, 69, 69, 350, 355, 357, 69, 353, 352, 365, - 366, 351, 354, 367, 368, 369, 1799, 370, 69, 137, - 356, 69, 69, 376, 69, 372, 374, 69, 69, 69, - 1799, 379, 357, 358, 359, 1799, 365, 366, 69, 375, - 367, 368, 369, 360, 370, 361, 362, 363, 373, 377, - 364, 69, 372, 374, 69, 69, 69, 380, 69, 381, - - 358, 359, 69, 388, 384, 378, 375, 1799, 69, 398, - 360, 69, 361, 362, 363, 373, 377, 364, 69, 382, - 383, 69, 385, 386, 380, 387, 381, 390, 69, 391, - 388, 384, 378, 69, 69, 389, 69, 1799, 69, 394, - 69, 395, 69, 397, 396, 399, 392, 1799, 69, 385, - 386, 69, 387, 400, 390, 401, 391, 69, 69, 393, - 1799, 69, 389, 69, 69, 402, 394, 69, 395, 404, - 397, 396, 399, 392, 69, 403, 406, 405, 69, 407, - 400, 408, 401, 69, 1799, 69, 393, 410, 1799, 411, - 409, 69, 402, 1799, 413, 418, 404, 69, 412, 69, - - 69, 414, 403, 69, 405, 69, 407, 69, 408, 415, - 69, 417, 416, 69, 410, 69, 411, 409, 69, 419, - 69, 413, 418, 424, 421, 412, 69, 69, 414, 420, - 69, 69, 423, 422, 425, 69, 415, 467, 417, 416, - 69, 426, 428, 427, 69, 69, 419, 431, 429, 432, - 430, 421, 69, 69, 69, 69, 420, 69, 434, 423, - 422, 425, 69, 69, 69, 447, 433, 450, 426, 69, - 427, 435, 69, 69, 431, 429, 432, 430, 69, 436, - 69, 442, 69, 443, 444, 434, 1799, 69, 69, 69, - 445, 69, 447, 433, 450, 69, 448, 452, 435, 446, - - 1799, 449, 453, 69, 451, 1799, 436, 437, 442, 69, - 443, 444, 438, 454, 439, 456, 462, 69, 1799, 458, - 69, 69, 440, 448, 452, 69, 446, 69, 449, 453, - 69, 451, 441, 69, 437, 455, 457, 69, 460, 438, - 454, 439, 456, 69, 459, 461, 458, 69, 464, 440, - 69, 463, 69, 465, 466, 468, 1799, 69, 69, 441, - 470, 469, 455, 457, 480, 460, 69, 69, 137, 472, - 69, 459, 461, 69, 471, 464, 69, 477, 463, 475, - 465, 466, 468, 476, 69, 478, 69, 470, 469, 473, - 479, 69, 474, 69, 481, 69, 472, 482, 483, 484, - - 69, 471, 487, 485, 477, 69, 1799, 490, 486, 488, - 69, 1799, 69, 491, 69, 489, 473, 69, 492, 474, - 1799, 69, 501, 498, 69, 69, 484, 1799, 493, 69, - 485, 69, 69, 69, 490, 486, 488, 69, 494, 497, - 69, 69, 489, 495, 69, 492, 500, 496, 69, 69, - 498, 499, 503, 69, 502, 493, 1799, 1799, 506, 69, - 69, 504, 69, 507, 508, 494, 497, 1799, 511, 513, - 495, 509, 69, 500, 496, 518, 69, 69, 499, 503, - 69, 502, 69, 505, 69, 506, 69, 510, 504, 515, - 507, 508, 512, 69, 514, 516, 513, 1799, 509, 69, - - 520, 519, 69, 521, 69, 522, 69, 517, 1799, 523, - 505, 69, 524, 69, 510, 525, 515, 526, 69, 512, - 69, 514, 516, 69, 69, 69, 69, 520, 519, 69, - 521, 527, 528, 530, 517, 532, 69, 531, 533, 524, - 1799, 534, 525, 535, 536, 542, 69, 529, 69, 69, - 538, 540, 69, 69, 69, 537, 69, 69, 527, 528, - 69, 539, 532, 69, 69, 533, 69, 541, 534, 69, - 535, 536, 542, 543, 529, 544, 547, 538, 540, 69, - 549, 545, 537, 546, 69, 69, 548, 551, 539, 69, - 550, 69, 1799, 552, 541, 554, 69, 553, 69, 555, - - 543, 69, 69, 547, 570, 556, 69, 549, 545, 69, - 546, 69, 69, 548, 551, 69, 557, 550, 558, 559, - 552, 69, 554, 561, 553, 69, 555, 560, 69, 562, - 563, 564, 556, 566, 1799, 69, 565, 1799, 69, 69, - 69, 69, 69, 557, 569, 558, 559, 69, 574, 571, - 561, 572, 137, 567, 560, 69, 562, 563, 564, 69, - 566, 568, 69, 565, 573, 575, 69, 69, 576, 1799, - 69, 569, 69, 69, 69, 574, 571, 582, 572, 69, - 567, 584, 586, 587, 583, 585, 1799, 1799, 568, 69, - 599, 573, 575, 595, 69, 576, 577, 1799, 596, 69, - - 578, 615, 598, 579, 582, 69, 69, 69, 584, 586, - 580, 583, 585, 581, 69, 69, 600, 69, 69, 597, - 595, 69, 601, 577, 603, 596, 69, 578, 69, 598, - 579, 1799, 1799, 602, 604, 1799, 69, 580, 605, 1799, - 581, 588, 589, 600, 590, 69, 597, 591, 69, 601, - 69, 603, 592, 606, 610, 607, 69, 608, 593, 594, - 602, 604, 69, 69, 69, 605, 611, 69, 588, 589, - 609, 590, 614, 69, 591, 69, 612, 616, 69, 592, - 606, 610, 607, 618, 608, 593, 594, 613, 69, 617, - 619, 623, 69, 611, 69, 622, 69, 609, 1799, 614, - - 620, 625, 621, 612, 69, 624, 626, 69, 69, 69, - 618, 69, 627, 69, 613, 628, 629, 619, 623, 69, - 69, 69, 622, 630, 69, 69, 631, 620, 625, 621, - 632, 69, 624, 69, 633, 1799, 634, 635, 639, 627, - 1799, 69, 1799, 629, 69, 1799, 69, 69, 636, 69, - 630, 1799, 638, 631, 69, 645, 637, 632, 69, 641, - 69, 633, 69, 634, 635, 639, 69, 640, 651, 642, - 643, 644, 69, 69, 69, 636, 646, 69, 69, 638, - 647, 648, 645, 637, 650, 69, 641, 649, 69, 69, - 654, 653, 655, 656, 640, 69, 642, 643, 644, 69, - - 69, 662, 652, 646, 69, 69, 659, 647, 648, 69, - 661, 650, 658, 660, 649, 664, 69, 657, 653, 69, - 656, 69, 663, 69, 69, 69, 666, 69, 69, 652, - 1799, 665, 69, 659, 667, 668, 69, 661, 669, 658, - 660, 69, 664, 670, 657, 69, 69, 673, 671, 663, - 69, 672, 683, 674, 682, 69, 675, 69, 665, 69, - 685, 667, 69, 69, 69, 137, 69, 684, 1799, 69, - 670, 69, 69, 686, 673, 671, 687, 69, 672, 683, - 674, 682, 689, 675, 676, 688, 677, 685, 693, 69, - 678, 1799, 679, 695, 684, 69, 691, 680, 69, 69, - - 686, 694, 681, 687, 690, 69, 692, 698, 69, 689, - 69, 676, 688, 677, 69, 693, 69, 678, 69, 679, - 695, 696, 697, 691, 680, 699, 703, 705, 694, 681, - 700, 690, 701, 692, 69, 707, 704, 1799, 69, 711, - 69, 69, 708, 69, 712, 706, 709, 69, 696, 697, - 702, 69, 699, 703, 705, 710, 713, 700, 69, 701, - 69, 69, 707, 704, 69, 69, 711, 714, 69, 708, - 715, 69, 706, 709, 717, 718, 716, 702, 719, 69, - 721, 720, 710, 713, 69, 723, 722, 724, 69, 69, - 728, 69, 725, 69, 69, 732, 737, 715, 69, 69, - - 69, 717, 726, 716, 69, 719, 69, 721, 720, 69, - 727, 730, 723, 722, 724, 69, 729, 69, 731, 725, - 69, 69, 732, 735, 69, 733, 734, 69, 69, 726, - 69, 736, 738, 1799, 1799, 739, 743, 727, 730, 740, - 755, 69, 744, 729, 1799, 731, 69, 69, 69, 745, - 735, 741, 733, 734, 742, 69, 69, 69, 736, 738, - 69, 746, 748, 743, 747, 750, 69, 69, 749, 744, - 1799, 69, 751, 69, 69, 752, 745, 69, 741, 753, - 754, 742, 756, 1799, 757, 1799, 69, 69, 746, 748, - 69, 747, 750, 69, 69, 749, 69, 758, 763, 751, - - 69, 69, 752, 759, 762, 760, 753, 754, 761, 756, - 765, 757, 69, 69, 764, 69, 766, 767, 69, 69, - 69, 69, 769, 768, 758, 763, 770, 771, 772, 1799, - 759, 762, 760, 69, 773, 761, 69, 765, 69, 69, - 69, 764, 69, 766, 767, 774, 778, 775, 779, 784, - 768, 777, 785, 69, 771, 69, 69, 69, 69, 782, - 69, 773, 69, 780, 69, 69, 781, 786, 788, 783, - 787, 69, 774, 778, 775, 779, 69, 790, 777, 69, - 69, 69, 1799, 69, 795, 789, 782, 1799, 791, 69, - 780, 793, 69, 781, 786, 788, 783, 787, 69, 69, - - 69, 792, 794, 69, 790, 796, 797, 1799, 799, 69, - 69, 69, 789, 798, 69, 791, 800, 801, 793, 806, - 69, 803, 804, 802, 805, 1799, 1799, 69, 792, 794, - 808, 69, 796, 797, 69, 799, 69, 69, 69, 807, - 798, 69, 69, 800, 801, 69, 806, 69, 803, 804, - 802, 805, 69, 809, 810, 811, 812, 808, 813, 814, - 815, 69, 821, 816, 820, 818, 807, 819, 69, 69, - 69, 69, 817, 69, 69, 69, 69, 69, 69, 69, - 809, 810, 811, 812, 822, 813, 814, 815, 69, 821, - 816, 820, 818, 823, 819, 824, 825, 1799, 826, 817, - - 1799, 828, 69, 829, 827, 69, 831, 830, 69, 832, - 835, 822, 834, 833, 69, 69, 69, 836, 1799, 839, - 837, 844, 824, 825, 69, 826, 69, 69, 828, 838, - 69, 827, 840, 831, 69, 69, 832, 845, 841, 834, - 833, 69, 69, 69, 836, 69, 839, 837, 842, 843, - 69, 69, 69, 1799, 854, 846, 838, 847, 69, 840, - 69, 69, 853, 1799, 855, 841, 856, 859, 69, 1799, - 69, 860, 1799, 861, 857, 842, 843, 69, 69, 858, - 69, 854, 846, 69, 847, 848, 69, 69, 69, 853, - 849, 855, 850, 856, 851, 863, 852, 69, 69, 862, - - 861, 857, 864, 69, 865, 867, 858, 69, 866, 869, - 69, 871, 848, 69, 69, 69, 868, 849, 870, 850, - 1799, 851, 863, 852, 873, 875, 862, 874, 69, 864, - 877, 865, 69, 69, 69, 866, 69, 876, 871, 872, - 879, 878, 69, 868, 880, 870, 883, 69, 69, 882, - 881, 69, 69, 884, 874, 69, 886, 69, 885, 69, - 887, 888, 69, 69, 876, 889, 872, 879, 878, 896, - 1799, 880, 69, 883, 69, 69, 882, 881, 69, 890, - 884, 891, 892, 69, 893, 885, 894, 69, 888, 69, - 895, 69, 900, 69, 69, 899, 69, 69, 69, 897, - - 69, 901, 69, 902, 1799, 898, 890, 69, 891, 892, - 69, 69, 69, 894, 903, 905, 904, 895, 69, 900, - 1799, 69, 899, 906, 69, 908, 897, 907, 901, 69, - 902, 69, 898, 909, 913, 911, 912, 910, 914, 915, - 1799, 903, 905, 904, 916, 69, 1799, 69, 1799, 918, - 906, 69, 908, 69, 907, 69, 917, 69, 921, 69, - 1799, 913, 911, 912, 69, 914, 920, 69, 919, 69, - 69, 916, 69, 922, 923, 69, 918, 925, 927, 924, - 69, 69, 69, 917, 926, 921, 69, 928, 931, 930, - 933, 69, 69, 920, 934, 919, 929, 69, 932, 69, - - 922, 923, 69, 69, 925, 927, 924, 936, 69, 935, - 69, 926, 69, 939, 928, 931, 930, 933, 69, 69, - 937, 934, 938, 929, 940, 932, 941, 69, 69, 944, - 1799, 1799, 942, 945, 936, 69, 935, 943, 947, 946, - 939, 69, 69, 951, 948, 952, 949, 937, 956, 938, - 950, 69, 69, 69, 953, 69, 69, 69, 69, 942, - 945, 69, 69, 69, 943, 947, 946, 954, 69, 69, - 69, 948, 952, 957, 955, 956, 958, 69, 959, 960, - 961, 953, 69, 962, 69, 963, 69, 69, 69, 965, - 964, 69, 1799, 967, 954, 966, 69, 970, 1799, 968, - - 969, 955, 69, 958, 69, 959, 960, 961, 69, 977, - 962, 69, 963, 971, 972, 69, 965, 964, 981, 69, - 967, 69, 966, 69, 970, 973, 968, 969, 69, 974, - 976, 69, 978, 983, 982, 979, 69, 69, 980, 986, - 971, 972, 975, 69, 984, 69, 985, 987, 988, 69, - 69, 990, 973, 989, 69, 69, 974, 976, 69, 978, - 983, 982, 979, 69, 994, 980, 69, 993, 995, 975, - 69, 984, 69, 992, 69, 988, 69, 69, 990, 69, - 989, 991, 998, 69, 997, 996, 69, 69, 999, 69, - 1000, 994, 69, 1001, 993, 69, 1002, 1003, 1799, 1005, - - 992, 69, 1799, 1004, 69, 1006, 69, 1007, 991, 998, - 69, 997, 996, 69, 69, 999, 69, 1000, 69, 1009, - 1001, 1008, 1010, 1002, 1003, 69, 1005, 69, 69, 69, - 1004, 1011, 1006, 1012, 1007, 1013, 1014, 69, 1015, 1026, - 1016, 1017, 1799, 69, 1018, 1799, 1009, 1019, 1008, 1010, - 69, 1020, 1022, 69, 1799, 69, 69, 1021, 1011, 69, - 1012, 1023, 1028, 1014, 1024, 69, 69, 1016, 69, 69, - 69, 1018, 69, 1027, 1019, 1029, 1025, 69, 1020, 1022, - 69, 1030, 1031, 69, 1021, 69, 1032, 1033, 1023, 1028, - 1038, 1024, 1034, 1037, 1799, 69, 1035, 69, 1036, 1041, - - 1027, 69, 1029, 1025, 69, 69, 69, 1039, 1030, 1031, - 1040, 69, 1060, 69, 1033, 69, 1042, 69, 1043, 1034, - 1037, 69, 1044, 1035, 1045, 1036, 69, 69, 1046, 69, - 1048, 69, 69, 1047, 1039, 1049, 1799, 1040, 69, 69, - 1050, 69, 1054, 1042, 69, 1043, 1051, 69, 69, 1044, - 1052, 1045, 1053, 69, 1056, 1046, 1055, 1048, 69, 1059, - 1047, 1061, 1057, 69, 69, 1058, 69, 1050, 69, 1054, - 69, 1062, 1064, 1051, 69, 1069, 1063, 1052, 1068, 1053, - 69, 1056, 1070, 1055, 1071, 69, 1059, 69, 1061, 1057, - 69, 69, 1058, 69, 1065, 1074, 69, 1066, 1062, 1064, - - 1067, 1073, 69, 1063, 1072, 1068, 69, 1078, 69, 69, - 69, 1071, 1075, 1082, 1076, 69, 69, 1077, 69, 69, - 1079, 1065, 1074, 69, 1066, 1080, 1799, 1067, 1073, 69, - 1081, 1072, 1799, 1799, 1078, 69, 69, 1083, 1799, 1075, - 1082, 1076, 1085, 1088, 1077, 1086, 69, 1079, 69, 1087, - 1089, 1084, 1080, 1090, 1091, 1092, 1093, 1081, 69, 69, - 69, 1095, 69, 69, 1083, 1094, 1098, 1096, 1101, 1085, - 1097, 1799, 1086, 1799, 69, 69, 1087, 1089, 1084, 69, - 69, 1091, 1092, 1100, 69, 69, 1099, 69, 1095, 69, - 1102, 69, 1094, 1098, 1096, 69, 1103, 1097, 1105, 69, - - 1104, 69, 1106, 1799, 1107, 69, 1108, 69, 1111, 1112, - 1100, 1110, 1109, 1099, 1114, 69, 1118, 1102, 1799, 1113, - 69, 69, 1115, 1103, 69, 1105, 69, 1104, 69, 1106, - 69, 1107, 69, 1108, 69, 1111, 69, 69, 1110, 1109, - 1116, 1114, 1117, 1119, 1120, 1121, 1113, 69, 1122, 1115, - 69, 1124, 1123, 69, 1126, 69, 1125, 1799, 69, 1799, - 1128, 1131, 1127, 1132, 1799, 1130, 69, 1116, 1129, 1117, - 1119, 1120, 1121, 69, 69, 69, 69, 69, 69, 1123, - 69, 69, 69, 1125, 1133, 69, 69, 1128, 1131, 1127, - 1132, 1135, 1130, 1136, 1137, 1129, 1138, 1134, 69, 1141, - - 1799, 1139, 69, 1142, 1140, 69, 69, 69, 1143, 1144, - 1145, 1133, 69, 1147, 1148, 69, 1146, 1149, 1135, 1153, - 1136, 69, 1151, 1150, 1134, 1154, 1141, 69, 1139, 1155, - 69, 1140, 69, 1799, 1799, 1143, 69, 69, 69, 69, - 1152, 1148, 69, 1146, 69, 1162, 69, 1799, 69, 1799, - 1150, 69, 1154, 69, 1156, 1157, 1158, 1160, 1161, 1163, - 69, 1159, 1164, 1166, 69, 69, 69, 1152, 1165, 69, - 1167, 69, 1168, 1169, 69, 69, 69, 1171, 1170, 1172, - 69, 1156, 1157, 1158, 1160, 1161, 1163, 1173, 1159, 1164, - 69, 69, 1174, 1175, 69, 1165, 69, 1167, 69, 1168, - - 1169, 1176, 1177, 69, 69, 1170, 1172, 69, 1179, 1180, - 69, 1178, 1182, 1183, 1173, 1184, 1181, 1799, 1185, 1174, - 1175, 1190, 69, 69, 1187, 1186, 1188, 69, 1176, 1177, - 69, 1191, 69, 69, 1194, 1179, 69, 1799, 1178, 1182, - 69, 1189, 69, 1181, 69, 69, 69, 69, 1190, 69, - 1192, 1187, 1186, 1188, 1195, 69, 1193, 69, 1191, 69, - 69, 1194, 1196, 1197, 1198, 1200, 69, 1203, 1189, 1199, - 69, 1206, 1204, 1205, 1207, 69, 1208, 1192, 69, 1201, - 1209, 1195, 1210, 1193, 1202, 69, 69, 69, 1212, 1196, - 1197, 1198, 69, 1214, 69, 69, 1199, 1211, 69, 1204, - - 1205, 69, 69, 69, 1213, 1215, 1201, 69, 69, 1218, - 1216, 1202, 1217, 69, 69, 1212, 1219, 1220, 1221, 1799, - 1214, 69, 1222, 1224, 1211, 69, 1223, 1225, 69, 1226, - 1227, 1799, 1215, 69, 1229, 69, 69, 1216, 1228, 1217, - 69, 1230, 1231, 1219, 1234, 1221, 69, 1232, 69, 1222, - 69, 69, 69, 1223, 69, 69, 1226, 1227, 1233, 69, - 69, 1229, 69, 1235, 69, 1228, 1236, 1237, 1230, 1231, - 69, 69, 1238, 69, 1232, 1239, 69, 1241, 1240, 1242, - 69, 1799, 1245, 1246, 69, 1233, 1243, 1248, 1251, 1247, - 1235, 69, 69, 1236, 1237, 1799, 1253, 1244, 69, 1238, - - 69, 69, 1239, 1249, 1250, 1240, 1242, 69, 69, 1245, - 1246, 1252, 69, 1243, 69, 69, 1247, 69, 1254, 69, - 1255, 69, 69, 1253, 1244, 1257, 1256, 1799, 1258, 1260, - 1249, 1250, 69, 1259, 1261, 69, 1264, 69, 1252, 1799, - 1799, 1266, 1262, 69, 1263, 1254, 69, 69, 69, 69, - 1265, 69, 1257, 1256, 69, 1258, 1260, 69, 1267, 69, - 1259, 1261, 69, 1264, 1268, 69, 1270, 1269, 1266, 1262, - 1271, 1263, 1273, 1275, 1272, 69, 1277, 1265, 1274, 69, - 1278, 1276, 1280, 1281, 1799, 1267, 69, 69, 69, 69, - 1282, 1268, 69, 1270, 1269, 69, 1283, 1271, 69, 69, - - 1275, 1272, 69, 1277, 1279, 1274, 69, 1278, 1276, 1280, - 69, 1284, 69, 69, 69, 1286, 1285, 1282, 1287, 1291, - 1288, 1289, 1290, 1283, 69, 1294, 1293, 1799, 69, 69, - 69, 1279, 1292, 69, 1799, 1297, 1799, 1799, 1284, 1298, - 69, 1299, 1286, 1285, 1310, 69, 69, 1288, 1289, 1290, - 69, 69, 1294, 1293, 69, 1295, 69, 69, 1296, 1292, - 69, 1300, 1297, 1302, 1301, 1303, 1298, 1304, 1299, 1398, - 1799, 69, 69, 69, 1305, 1306, 1312, 69, 69, 1309, - 1311, 1307, 1295, 69, 1317, 1296, 69, 1308, 1300, 69, - 1302, 1301, 1303, 69, 1304, 69, 69, 69, 69, 1314, - - 69, 1305, 1306, 69, 1313, 1315, 1309, 1311, 1307, 1316, - 1318, 69, 69, 1319, 1308, 1320, 1321, 1322, 1799, 1323, - 69, 1325, 69, 69, 1324, 1326, 1314, 69, 1327, 69, - 69, 1313, 1315, 1328, 69, 69, 1316, 1318, 1331, 69, - 1319, 1329, 69, 1321, 69, 69, 1323, 69, 1325, 1330, - 69, 1324, 1326, 69, 1335, 69, 1332, 1333, 1334, 1336, - 1328, 1337, 1799, 69, 1340, 1331, 69, 1338, 1329, 69, - 1339, 69, 69, 69, 1342, 1341, 1330, 69, 69, 69, - 1799, 69, 69, 1332, 1333, 1334, 1336, 1343, 1337, 69, - 1344, 1340, 1345, 1346, 1338, 69, 69, 1339, 1347, 69, - - 1348, 1342, 1341, 1350, 1349, 1799, 1352, 69, 1351, 1353, - 1354, 1355, 1356, 1357, 1343, 1358, 69, 1344, 69, 1345, - 1346, 1359, 69, 69, 69, 69, 69, 1348, 1361, 1362, - 1350, 1349, 69, 1352, 1365, 1351, 69, 69, 1355, 1356, - 69, 1360, 69, 1363, 1364, 1366, 1367, 1373, 69, 69, - 1368, 69, 1370, 69, 1369, 69, 69, 1374, 1377, 69, - 1378, 69, 1799, 1371, 1799, 69, 69, 69, 1360, 1382, - 1363, 1364, 1366, 69, 69, 69, 69, 1368, 1372, 1370, - 1375, 1369, 1379, 1376, 1374, 69, 69, 1378, 1380, 69, - 1371, 69, 69, 1381, 1383, 1384, 69, 1385, 69, 1386, - - 69, 1387, 69, 1388, 1390, 1372, 69, 1375, 1392, 1379, - 1376, 1389, 1393, 1391, 69, 1380, 69, 1394, 69, 69, - 1381, 1383, 69, 1395, 1385, 69, 1386, 69, 1387, 69, - 1388, 1390, 1397, 69, 69, 1392, 1396, 1399, 1389, 1393, - 1391, 69, 1400, 1401, 1394, 69, 1402, 1403, 1404, 69, - 1395, 1799, 1408, 1406, 69, 1410, 1405, 1409, 1407, 1397, - 69, 69, 1412, 1396, 1399, 69, 1799, 69, 1413, 1400, - 1401, 1415, 69, 1402, 69, 1404, 69, 69, 69, 1408, - 1406, 69, 1410, 1405, 1409, 1407, 1411, 1414, 1416, 69, - 1419, 1417, 1799, 69, 1418, 69, 1420, 69, 1415, 1422, - - 69, 1421, 69, 69, 69, 1423, 1799, 1425, 1426, 1429, - 1433, 1428, 1799, 1411, 1414, 1416, 69, 1419, 1417, 69, - 69, 1418, 1424, 1420, 1430, 69, 69, 69, 1421, 69, - 1427, 69, 1423, 69, 1425, 1426, 1431, 69, 1428, 1432, - 69, 69, 1435, 1434, 1438, 69, 1436, 69, 1437, 1424, - 1439, 1430, 1440, 1441, 1442, 1443, 1799, 1427, 1799, 69, - 1447, 69, 69, 1431, 1446, 1444, 1432, 69, 69, 1435, - 1434, 69, 69, 1436, 69, 1437, 69, 1439, 1445, 69, - 69, 69, 1443, 69, 1448, 69, 69, 1447, 1449, 1450, - 1451, 1446, 1444, 1452, 1799, 1454, 1453, 1455, 1799, 69, - - 1456, 1457, 69, 1459, 1458, 1445, 1460, 69, 69, 1461, - 1799, 1448, 1799, 1799, 69, 69, 1450, 1462, 1467, 69, - 1452, 69, 69, 1453, 1455, 69, 69, 1456, 1457, 1463, - 69, 1458, 69, 69, 1464, 1465, 69, 1466, 69, 1468, - 69, 1469, 1470, 1473, 1462, 1467, 69, 1471, 69, 69, - 69, 1472, 69, 1799, 1475, 1799, 1463, 69, 69, 1480, - 69, 1464, 1465, 1478, 1466, 1479, 1468, 69, 69, 1470, - 1473, 1476, 1474, 1481, 1471, 69, 1482, 1477, 1472, 1483, - 69, 1475, 69, 69, 1484, 69, 69, 69, 69, 69, - 1478, 1486, 1479, 1489, 1485, 1487, 1488, 1490, 1476, 1474, - - 69, 69, 69, 1482, 1477, 69, 1483, 1491, 1492, 69, - 1498, 1484, 1499, 1799, 1493, 1799, 1534, 1799, 1486, 69, - 1489, 1485, 1487, 1488, 69, 69, 69, 1494, 69, 1495, - 1500, 1496, 1497, 1501, 1491, 1492, 69, 69, 69, 69, - 69, 1493, 69, 69, 1502, 69, 1503, 69, 1504, 1508, - 1507, 1509, 69, 1505, 1494, 69, 1495, 1500, 1496, 1497, - 1501, 69, 1506, 69, 1511, 1512, 1515, 1514, 69, 69, - 1510, 1502, 1513, 1503, 69, 1504, 69, 1507, 1509, 69, - 1505, 1516, 1517, 1519, 69, 1520, 1799, 1521, 69, 1506, - 69, 69, 1512, 69, 1514, 69, 1518, 1510, 1522, 1513, - - 1523, 1799, 1524, 69, 69, 1528, 1525, 1526, 1516, 69, - 69, 1527, 69, 69, 1521, 69, 1799, 69, 69, 1529, - 1530, 1532, 1533, 1518, 69, 1522, 1536, 1523, 69, 1524, - 69, 1531, 1528, 1525, 1526, 1535, 1537, 1538, 1527, 1540, - 1799, 69, 69, 69, 1539, 1799, 1529, 1530, 69, 69, - 1544, 1541, 1542, 69, 1543, 1545, 1546, 69, 1531, 1799, - 1799, 69, 1535, 69, 69, 1547, 1540, 69, 69, 69, - 69, 1539, 69, 69, 69, 1548, 1549, 1544, 1541, 1542, - 69, 1543, 1545, 1546, 1551, 1553, 1550, 1552, 1554, 69, - 1555, 1556, 1547, 69, 69, 69, 1559, 1560, 69, 1557, - - 1561, 1558, 1548, 1549, 69, 69, 1564, 69, 1799, 1568, - 69, 1551, 1553, 1550, 1552, 1554, 69, 1555, 69, 69, - 1562, 1563, 69, 69, 1560, 1566, 1557, 1561, 1558, 69, - 1565, 1799, 1567, 1564, 1569, 69, 69, 69, 69, 1570, - 1571, 69, 1572, 69, 1573, 1574, 1575, 1562, 1563, 1576, - 1577, 1578, 1566, 1580, 1581, 69, 1579, 1565, 69, 1567, - 1799, 1569, 69, 1799, 69, 69, 1570, 1571, 1584, 69, - 1586, 69, 69, 1575, 69, 1585, 1576, 69, 69, 69, - 1580, 69, 1588, 1579, 69, 69, 1582, 1583, 1587, 1590, - 69, 1589, 1591, 1799, 1592, 1584, 69, 1586, 1593, 69, - - 69, 69, 1585, 1596, 1595, 1598, 1594, 1799, 69, 69, - 69, 1597, 69, 1582, 1583, 1587, 1590, 69, 1589, 1591, - 69, 1592, 1599, 69, 69, 1593, 69, 1600, 1601, 69, - 1596, 1595, 1598, 1594, 69, 1602, 1603, 1604, 1597, 1606, - 1607, 1608, 1605, 1610, 1609, 69, 1613, 1799, 69, 1599, - 1614, 1799, 69, 1615, 1600, 69, 1611, 69, 69, 69, - 1612, 69, 1602, 1603, 69, 69, 1606, 1607, 69, 1605, - 1610, 1609, 69, 1613, 69, 69, 1616, 1614, 1617, 69, - 1615, 1618, 1619, 1611, 1620, 1621, 1622, 1612, 1623, 69, - 69, 1624, 1799, 69, 69, 69, 1625, 1628, 1626, 69, - - 69, 1799, 1627, 1616, 1629, 1617, 69, 69, 1618, 1619, - 1630, 1620, 1621, 1622, 69, 1631, 1633, 1634, 1624, 69, - 1635, 69, 1632, 69, 69, 1626, 69, 69, 69, 1627, - 69, 1629, 1636, 1637, 1638, 69, 1639, 1630, 1640, 69, - 1643, 69, 1631, 1633, 1634, 1641, 1642, 1635, 1645, 1632, - 69, 1644, 69, 69, 1646, 1647, 1649, 1651, 69, 69, - 1637, 69, 1648, 1639, 69, 69, 69, 1643, 1654, 1650, - 69, 69, 1641, 1642, 1656, 1645, 69, 1652, 1644, 1653, - 1655, 69, 69, 1649, 69, 1659, 69, 1660, 69, 1648, - 69, 1661, 69, 1657, 1658, 1654, 1650, 1662, 1663, 69, - - 1664, 1665, 1666, 69, 1652, 69, 1653, 1655, 1667, 1668, - 1669, 69, 69, 1670, 69, 1671, 1673, 1672, 1661, 69, - 1657, 1658, 69, 1674, 1662, 1663, 1675, 1664, 69, 69, - 69, 69, 1676, 1677, 69, 69, 1668, 69, 1681, 69, - 1670, 1678, 69, 1673, 1672, 1679, 1680, 69, 69, 1686, - 69, 69, 1799, 1675, 1688, 1682, 1685, 1687, 1689, 1676, - 69, 69, 69, 69, 69, 1681, 69, 69, 1678, 1683, - 1684, 69, 1679, 1680, 1691, 1690, 1686, 1692, 1693, 69, - 1694, 69, 1682, 1685, 1687, 69, 1695, 1696, 1698, 1699, - 1700, 1799, 69, 69, 1697, 1706, 1683, 1684, 69, 69, - - 69, 69, 1690, 69, 1692, 69, 1701, 1694, 1703, 1704, - 1707, 1708, 1705, 69, 1696, 69, 69, 1700, 69, 1702, - 69, 1697, 69, 1709, 1715, 69, 1710, 1712, 1711, 1713, - 69, 69, 69, 1701, 1716, 1703, 1704, 69, 69, 1705, - 1714, 69, 69, 69, 1721, 1718, 1702, 1726, 1717, 1720, - 69, 1715, 69, 1710, 69, 1711, 1713, 1719, 69, 69, - 1722, 1716, 69, 69, 69, 1727, 1723, 1714, 69, 69, - 1725, 1721, 1718, 1728, 69, 1717, 1720, 69, 1724, 1729, - 69, 1732, 69, 69, 1719, 1736, 1730, 1722, 69, 1737, - 1731, 1733, 1727, 1723, 1799, 69, 1734, 1725, 1738, 1735, - - 1728, 69, 69, 1799, 69, 1724, 1729, 69, 69, 1746, - 1739, 69, 69, 1730, 1740, 1741, 69, 1731, 1733, 1742, - 69, 1743, 69, 1734, 69, 1738, 1735, 69, 69, 1744, - 1745, 69, 1747, 1754, 1749, 69, 1746, 1739, 69, 1748, - 1750, 1740, 1741, 69, 1799, 1799, 1742, 69, 1743, 1751, - 1752, 1755, 1799, 1756, 69, 1753, 1744, 1745, 1759, 1747, - 69, 1749, 69, 69, 69, 1799, 1748, 1750, 1762, 1799, - 1766, 69, 69, 69, 1761, 1757, 1751, 1752, 69, 1758, - 1756, 1767, 1753, 69, 1760, 1763, 1764, 69, 69, 69, - 69, 1765, 69, 69, 69, 1762, 69, 1766, 1769, 1768, - - 1771, 1761, 1757, 69, 1770, 69, 1758, 69, 1767, 1772, - 1774, 1760, 1763, 1764, 1775, 1773, 1778, 1799, 1765, 1776, - 1777, 1799, 69, 69, 69, 1769, 1768, 1771, 69, 69, - 69, 1770, 1779, 1780, 69, 1781, 1772, 69, 69, 69, - 69, 1775, 1773, 1778, 1782, 1783, 1776, 1777, 1784, 1788, - 1785, 1790, 69, 69, 1787, 69, 1786, 69, 69, 1779, - 1780, 1791, 1781, 1799, 69, 1789, 1792, 1793, 1794, 1797, - 1798, 1782, 1783, 1799, 69, 1784, 69, 1785, 69, 1795, - 69, 1787, 1799, 1786, 1799, 69, 69, 69, 69, 69, - 69, 1796, 1789, 1792, 1793, 1794, 69, 69, 1799, 69, - - 1799, 1799, 1799, 1799, 1799, 1799, 1795, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1796, 41, - 41, 41, 41, 41, 41, 41, 46, 46, 46, 46, - 46, 46, 46, 51, 51, 51, 51, 51, 51, 51, - 57, 57, 57, 57, 57, 57, 57, 62, 62, 62, - 62, 62, 62, 62, 72, 72, 1799, 72, 72, 72, - 72, 127, 127, 1799, 1799, 1799, 127, 127, 129, 129, - 1799, 1799, 129, 1799, 129, 131, 1799, 1799, 1799, 1799, - 1799, 131, 134, 134, 1799, 1799, 1799, 134, 134, 136, - 1799, 1799, 1799, 1799, 1799, 136, 138, 138, 1799, 138, - - 138, 138, 138, 73, 73, 1799, 73, 73, 73, 73, - 13, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799 + 64, 65, 77, 87, 69, 74, 69, 98, 69, 66, + 86, 75, 76, 131, 78, 66, 131, 88, 154, 69, + 139, 79, 112, 69, 90, 97, 142, 67, 80, 77, + 87, 89, 91, 67, 98, 69, 66, 129, 129, 139, + 69, 78, 66, 69, 88, 154, 914, 69, 79, 112, + 69, 90, 97, 142, 99, 80, 81, 137, 89, 91, + + 82, 92, 100, 83, 93, 84, 85, 135, 101, 106, + 134, 94, 102, 95, 69, 69, 170, 121, 69, 122, + 69, 99, 103, 81, 69, 196, 104, 82, 92, 100, + 83, 93, 84, 85, 123, 101, 106, 113, 94, 102, + 95, 114, 105, 69, 121, 117, 122, 69, 69, 103, + 144, 115, 124, 104, 116, 118, 69, 125, 132, 119, + 120, 123, 130, 69, 113, 69, 69, 69, 114, 105, + 107, 143, 117, 69, 108, 136, 136, 144, 115, 124, + 109, 116, 118, 110, 125, 126, 119, 120, 139, 127, + 111, 149, 69, 128, 137, 69, 135, 107, 143, 134, + + 133, 108, 133, 133, 69, 133, 132, 109, 145, 130, + 110, 69, 126, 69, 211, 69, 127, 111, 149, 73, + 128, 73, 73, 138, 73, 138, 138, 68, 138, 68, + 68, 73, 68, 73, 73, 145, 73, 68, 146, 148, + 150, 73, 155, 152, 153, 69, 151, 158, 69, 161, + 69, 147, 69, 1955, 163, 156, 141, 159, 69, 1955, + 69, 69, 69, 160, 69, 146, 148, 150, 74, 155, + 152, 153, 157, 151, 158, 164, 161, 69, 147, 69, + 162, 163, 165, 1955, 159, 1955, 69, 1955, 166, 69, + 160, 167, 171, 176, 172, 69, 69, 69, 177, 157, + + 69, 178, 164, 1955, 168, 169, 174, 162, 184, 165, + 175, 69, 69, 180, 173, 166, 69, 69, 167, 171, + 176, 172, 179, 181, 69, 177, 1955, 69, 178, 183, + 69, 168, 169, 174, 182, 184, 69, 175, 186, 185, + 180, 173, 69, 69, 190, 189, 1955, 69, 69, 179, + 181, 187, 69, 191, 192, 188, 183, 193, 1955, 194, + 69, 182, 69, 303, 197, 186, 185, 69, 69, 69, + 69, 190, 189, 69, 195, 222, 198, 201, 187, 69, + 191, 192, 188, 69, 193, 200, 194, 202, 69, 207, + 203, 197, 69, 69, 69, 206, 199, 205, 69, 208, + + 1955, 195, 69, 198, 201, 1955, 69, 1955, 1955, 209, + 69, 204, 200, 1955, 202, 69, 207, 203, 1955, 69, + 340, 69, 206, 199, 205, 133, 208, 133, 133, 138, + 133, 138, 138, 139, 138, 210, 209, 73, 204, 73, + 73, 212, 73, 214, 213, 216, 215, 69, 217, 218, + 1955, 69, 69, 69, 219, 220, 232, 69, 69, 221, + 402, 403, 210, 69, 230, 233, 69, 223, 212, 1955, + 214, 213, 216, 215, 141, 217, 231, 69, 69, 235, + 69, 219, 220, 232, 69, 69, 221, 69, 224, 69, + 69, 230, 233, 234, 1955, 69, 236, 69, 237, 1955, + + 238, 241, 69, 231, 239, 1955, 235, 240, 242, 249, + 69, 69, 69, 1955, 243, 224, 225, 247, 69, 69, + 234, 226, 1955, 236, 69, 237, 227, 238, 241, 1955, + 69, 239, 228, 229, 240, 242, 69, 244, 248, 69, + 69, 243, 245, 225, 247, 250, 253, 251, 226, 69, + 256, 1955, 254, 227, 1955, 255, 246, 252, 257, 228, + 229, 69, 258, 69, 244, 248, 259, 260, 262, 245, + 69, 69, 250, 266, 261, 264, 267, 69, 69, 254, + 69, 69, 255, 246, 252, 257, 268, 69, 69, 69, + 69, 263, 69, 69, 260, 262, 69, 69, 69, 265, + + 266, 261, 264, 267, 69, 269, 271, 270, 69, 275, + 272, 273, 274, 268, 69, 69, 276, 69, 263, 277, + 69, 278, 279, 69, 282, 283, 265, 280, 69, 285, + 281, 1955, 269, 271, 270, 69, 1955, 272, 273, 274, + 69, 69, 286, 276, 69, 69, 277, 284, 278, 289, + 69, 282, 291, 69, 280, 290, 69, 281, 288, 287, + 69, 292, 69, 69, 139, 294, 293, 69, 295, 286, + 297, 69, 296, 301, 284, 298, 289, 300, 1955, 291, + 69, 69, 290, 69, 302, 288, 287, 299, 69, 69, + 304, 311, 69, 293, 69, 295, 69, 297, 69, 296, + + 301, 69, 298, 305, 300, 309, 313, 306, 307, 308, + 69, 302, 312, 310, 299, 314, 69, 304, 69, 316, + 69, 315, 69, 1955, 1955, 69, 1955, 322, 69, 69, + 305, 69, 309, 69, 306, 307, 308, 69, 317, 312, + 310, 69, 314, 69, 318, 69, 319, 320, 315, 321, + 69, 69, 69, 69, 322, 323, 324, 325, 326, 328, + 1955, 69, 327, 1955, 69, 317, 69, 69, 329, 1955, + 331, 318, 330, 319, 320, 69, 321, 69, 332, 69, + 334, 333, 323, 324, 325, 326, 337, 69, 69, 327, + 69, 341, 69, 345, 335, 329, 336, 331, 69, 330, + + 69, 69, 338, 339, 346, 332, 342, 334, 333, 343, + 69, 69, 344, 337, 347, 69, 69, 349, 341, 352, + 345, 335, 69, 336, 69, 348, 350, 69, 351, 338, + 339, 346, 354, 342, 69, 353, 343, 356, 69, 344, + 1955, 69, 69, 69, 349, 1955, 352, 69, 359, 355, + 69, 365, 348, 350, 363, 351, 69, 364, 357, 69, + 358, 69, 353, 69, 356, 1955, 360, 368, 369, 361, + 1955, 362, 69, 69, 69, 359, 355, 69, 365, 370, + 69, 363, 69, 366, 371, 357, 373, 358, 69, 381, + 1955, 367, 69, 360, 368, 369, 361, 69, 362, 69, + + 372, 69, 389, 382, 386, 383, 370, 387, 69, 384, + 366, 371, 69, 373, 1955, 1955, 381, 385, 367, 69, + 390, 69, 1955, 139, 69, 388, 1955, 372, 374, 375, + 382, 386, 69, 69, 387, 393, 69, 392, 376, 391, + 377, 378, 379, 395, 385, 380, 69, 390, 394, 69, + 398, 396, 388, 69, 399, 374, 375, 69, 69, 400, + 69, 397, 393, 69, 392, 376, 391, 377, 378, 379, + 69, 401, 380, 404, 69, 394, 69, 398, 396, 405, + 69, 406, 407, 1955, 409, 69, 400, 408, 397, 412, + 69, 416, 69, 69, 410, 69, 411, 413, 401, 417, + + 404, 415, 69, 419, 1955, 69, 405, 69, 406, 407, + 414, 409, 69, 69, 408, 69, 412, 69, 416, 69, + 418, 410, 69, 411, 413, 420, 417, 421, 415, 423, + 422, 69, 424, 425, 69, 426, 428, 414, 69, 427, + 1955, 429, 1955, 431, 430, 448, 433, 418, 69, 69, + 69, 69, 420, 69, 421, 69, 423, 422, 69, 424, + 425, 69, 426, 432, 69, 69, 427, 69, 429, 69, + 431, 430, 434, 433, 435, 436, 69, 437, 69, 438, + 439, 69, 441, 1955, 442, 444, 69, 445, 1955, 440, + 432, 69, 452, 1955, 69, 443, 69, 450, 69, 434, + + 69, 435, 436, 69, 437, 69, 438, 439, 69, 441, + 69, 442, 444, 446, 445, 447, 440, 449, 451, 69, + 69, 453, 443, 69, 450, 1955, 455, 456, 69, 458, + 1955, 69, 457, 69, 1955, 69, 459, 69, 460, 461, + 446, 69, 447, 454, 449, 451, 1955, 69, 487, 69, + 468, 1955, 69, 455, 456, 69, 458, 69, 69, 457, + 469, 470, 1955, 459, 471, 460, 461, 473, 69, 69, + 454, 462, 69, 472, 474, 487, 463, 468, 464, 1955, + 475, 69, 476, 1955, 69, 477, 465, 469, 470, 466, + 478, 69, 480, 479, 473, 69, 467, 69, 462, 1955, + + 472, 474, 69, 463, 69, 464, 69, 475, 69, 476, + 481, 69, 477, 465, 483, 484, 466, 478, 69, 480, + 479, 482, 485, 467, 488, 489, 69, 486, 490, 1955, + 69, 491, 492, 69, 493, 494, 69, 481, 496, 69, + 69, 483, 484, 69, 498, 495, 69, 139, 482, 485, + 497, 488, 499, 69, 486, 490, 69, 501, 491, 492, + 69, 493, 69, 500, 69, 69, 507, 502, 69, 69, + 503, 498, 495, 506, 508, 509, 504, 497, 69, 499, + 505, 69, 510, 511, 501, 69, 512, 69, 515, 513, + 500, 514, 517, 69, 502, 69, 69, 503, 516, 518, + + 506, 69, 519, 521, 520, 522, 69, 69, 1955, 69, + 69, 69, 532, 69, 528, 515, 513, 69, 514, 527, + 523, 69, 69, 69, 69, 516, 518, 69, 69, 519, + 524, 520, 522, 69, 69, 525, 529, 530, 531, 526, + 69, 528, 533, 69, 534, 69, 527, 523, 537, 1955, + 535, 69, 538, 539, 69, 543, 540, 524, 1955, 69, + 69, 544, 525, 529, 530, 531, 526, 69, 69, 533, + 69, 534, 536, 69, 69, 537, 541, 535, 69, 538, + 539, 542, 69, 540, 547, 545, 69, 69, 544, 546, + 550, 548, 549, 551, 552, 554, 69, 555, 1955, 536, + + 69, 556, 553, 541, 559, 69, 69, 1955, 542, 69, + 557, 547, 545, 69, 1955, 69, 546, 69, 548, 549, + 551, 69, 554, 561, 69, 69, 69, 558, 69, 553, + 560, 563, 564, 569, 566, 69, 565, 557, 562, 568, + 570, 69, 69, 567, 571, 573, 1955, 69, 69, 69, + 561, 69, 69, 69, 558, 572, 574, 560, 563, 69, + 569, 566, 69, 69, 69, 562, 568, 570, 69, 575, + 567, 571, 573, 582, 69, 576, 578, 577, 579, 580, + 1955, 69, 572, 574, 69, 69, 581, 69, 69, 583, + 586, 584, 585, 590, 69, 1955, 575, 587, 1955, 69, + + 582, 69, 576, 578, 577, 69, 580, 69, 588, 69, + 589, 591, 69, 581, 69, 69, 583, 586, 584, 585, + 590, 592, 69, 593, 587, 594, 595, 597, 1955, 596, + 69, 69, 601, 598, 69, 588, 599, 589, 591, 606, + 69, 600, 1955, 69, 605, 69, 69, 69, 592, 603, + 593, 69, 594, 595, 597, 69, 596, 604, 139, 601, + 598, 602, 69, 599, 608, 69, 607, 69, 600, 610, + 69, 605, 611, 69, 609, 69, 603, 613, 69, 612, + 614, 1955, 69, 620, 604, 626, 69, 69, 602, 69, + 621, 608, 623, 607, 1955, 69, 610, 625, 69, 634, + + 69, 609, 622, 69, 613, 624, 612, 614, 615, 635, + 620, 1955, 616, 69, 637, 617, 69, 621, 69, 623, + 69, 69, 618, 69, 625, 619, 634, 1955, 69, 622, + 69, 636, 624, 69, 638, 615, 635, 657, 69, 616, + 639, 637, 617, 1955, 1955, 1955, 640, 1955, 642, 618, + 641, 646, 619, 627, 628, 1955, 629, 1955, 636, 630, + 69, 69, 69, 643, 631, 644, 645, 639, 69, 1955, + 632, 633, 69, 640, 69, 642, 69, 641, 646, 69, + 627, 628, 651, 629, 650, 69, 630, 647, 69, 69, + 643, 631, 644, 645, 648, 69, 649, 632, 633, 656, + + 652, 69, 653, 69, 69, 658, 655, 654, 69, 651, + 1955, 650, 69, 659, 647, 69, 69, 660, 1955, 667, + 661, 648, 662, 649, 1955, 670, 69, 652, 69, 653, + 664, 1955, 668, 655, 654, 665, 69, 69, 69, 69, + 659, 69, 663, 672, 660, 666, 69, 661, 669, 662, + 69, 69, 69, 69, 676, 69, 69, 664, 671, 668, + 673, 69, 665, 675, 674, 677, 69, 69, 678, 663, + 672, 69, 666, 681, 679, 669, 69, 69, 69, 69, + 69, 676, 680, 682, 1955, 671, 695, 673, 69, 684, + 675, 674, 677, 683, 687, 678, 69, 685, 69, 69, + + 681, 679, 69, 688, 686, 69, 689, 691, 692, 680, + 682, 69, 69, 69, 690, 69, 684, 694, 698, 693, + 683, 687, 69, 69, 685, 69, 69, 697, 699, 696, + 688, 686, 69, 689, 691, 692, 69, 700, 69, 701, + 69, 690, 702, 703, 694, 704, 693, 69, 705, 69, + 706, 69, 707, 708, 697, 710, 696, 69, 712, 69, + 69, 711, 69, 709, 700, 69, 701, 714, 69, 702, + 703, 715, 704, 713, 69, 705, 69, 69, 716, 707, + 708, 69, 69, 69, 717, 69, 69, 727, 711, 719, + 709, 1955, 69, 718, 139, 728, 69, 720, 715, 733, + + 713, 69, 69, 729, 69, 716, 1955, 730, 1955, 69, + 734, 717, 731, 69, 727, 69, 719, 732, 69, 735, + 718, 69, 728, 69, 720, 721, 733, 722, 736, 69, + 729, 723, 69, 724, 730, 69, 737, 734, 725, 731, + 738, 742, 740, 726, 732, 745, 735, 69, 69, 69, + 739, 69, 721, 741, 722, 736, 746, 744, 723, 743, + 724, 1955, 69, 737, 69, 725, 69, 738, 742, 740, + 726, 753, 69, 752, 755, 757, 69, 739, 69, 761, + 741, 756, 754, 69, 744, 763, 743, 747, 69, 69, + 759, 758, 748, 69, 749, 69, 760, 69, 753, 762, + + 752, 755, 757, 69, 69, 750, 69, 69, 756, 754, + 69, 764, 751, 69, 747, 766, 69, 759, 758, 748, + 765, 749, 69, 760, 767, 769, 762, 768, 69, 69, + 770, 1955, 750, 69, 771, 69, 773, 774, 764, 751, + 772, 779, 766, 775, 69, 69, 1955, 765, 69, 69, + 69, 1955, 769, 776, 768, 69, 778, 770, 69, 69, + 780, 771, 777, 773, 774, 782, 69, 772, 69, 69, + 775, 783, 69, 781, 69, 784, 786, 69, 787, 785, + 776, 788, 69, 778, 795, 1955, 791, 780, 790, 777, + 792, 1955, 782, 69, 69, 789, 800, 69, 783, 69, + + 781, 69, 784, 786, 69, 787, 785, 793, 69, 69, + 794, 795, 69, 796, 797, 790, 798, 69, 799, 808, + 69, 69, 789, 800, 801, 69, 69, 802, 69, 805, + 69, 803, 1955, 69, 793, 804, 806, 794, 69, 807, + 796, 797, 1955, 798, 811, 799, 69, 69, 1955, 809, + 69, 801, 810, 69, 802, 812, 805, 69, 803, 816, + 69, 69, 804, 806, 69, 813, 807, 69, 69, 815, + 814, 811, 817, 69, 820, 819, 809, 69, 818, 810, + 822, 823, 812, 69, 69, 824, 826, 821, 1955, 1955, + 69, 1955, 813, 1955, 69, 69, 815, 814, 69, 817, + + 69, 820, 819, 69, 829, 818, 825, 822, 828, 827, + 832, 831, 69, 69, 821, 833, 69, 69, 69, 69, + 69, 69, 834, 69, 69, 838, 835, 836, 69, 837, + 839, 829, 69, 825, 69, 828, 827, 832, 831, 840, + 69, 69, 833, 1955, 841, 842, 843, 844, 848, 834, + 1955, 846, 838, 835, 836, 845, 837, 847, 851, 69, + 69, 69, 854, 69, 849, 69, 69, 69, 69, 1955, + 69, 841, 842, 843, 844, 848, 69, 69, 846, 850, + 852, 853, 845, 69, 847, 69, 856, 69, 855, 854, + 69, 849, 857, 69, 860, 69, 858, 859, 863, 862, + + 861, 1955, 1955, 864, 881, 1955, 850, 852, 853, 69, + 69, 69, 69, 856, 69, 855, 69, 69, 69, 857, + 69, 860, 865, 858, 859, 863, 862, 861, 866, 867, + 864, 869, 868, 870, 871, 69, 69, 872, 873, 874, + 1955, 69, 875, 69, 69, 876, 69, 69, 69, 865, + 69, 878, 69, 69, 69, 866, 867, 69, 869, 868, + 870, 871, 877, 69, 872, 873, 874, 879, 880, 875, + 884, 882, 876, 883, 69, 886, 887, 69, 878, 885, + 888, 1955, 891, 69, 69, 889, 69, 893, 894, 877, + 69, 890, 69, 69, 879, 880, 892, 884, 882, 895, + + 883, 69, 886, 897, 69, 69, 885, 69, 69, 891, + 69, 896, 889, 898, 893, 899, 900, 901, 890, 69, + 903, 69, 904, 892, 902, 69, 895, 905, 906, 69, + 897, 1955, 1955, 69, 69, 69, 907, 69, 896, 69, + 898, 69, 899, 900, 901, 915, 1955, 903, 1955, 919, + 69, 902, 913, 69, 916, 906, 917, 918, 69, 69, + 1955, 69, 929, 907, 908, 931, 69, 69, 69, 909, + 920, 910, 915, 911, 921, 912, 919, 69, 69, 913, + 922, 916, 69, 917, 918, 924, 923, 926, 927, 69, + 925, 908, 69, 69, 69, 932, 909, 69, 910, 930, + + 911, 69, 912, 69, 69, 69, 928, 922, 69, 933, + 934, 69, 924, 923, 926, 927, 935, 925, 69, 69, + 936, 937, 932, 938, 939, 940, 930, 69, 941, 1955, + 69, 69, 942, 928, 943, 69, 933, 934, 944, 949, + 945, 947, 950, 69, 948, 69, 952, 936, 69, 946, + 938, 939, 69, 69, 69, 941, 951, 953, 69, 942, + 69, 943, 69, 955, 69, 944, 69, 945, 947, 956, + 69, 948, 954, 69, 957, 69, 946, 69, 69, 69, + 69, 69, 958, 951, 953, 960, 963, 959, 964, 69, + 955, 69, 961, 69, 966, 965, 69, 971, 962, 954, + + 967, 957, 969, 69, 69, 69, 968, 69, 69, 958, + 970, 69, 973, 963, 959, 964, 69, 977, 979, 961, + 69, 966, 965, 974, 69, 962, 972, 967, 978, 969, + 69, 69, 69, 968, 69, 69, 975, 970, 980, 973, + 976, 981, 1955, 69, 977, 979, 982, 69, 983, 984, + 974, 69, 986, 972, 988, 978, 987, 69, 985, 69, + 992, 69, 1955, 69, 69, 980, 990, 69, 69, 69, + 989, 991, 69, 982, 995, 983, 984, 69, 69, 986, + 69, 988, 994, 987, 993, 985, 69, 992, 996, 69, + 998, 1000, 1002, 990, 997, 69, 999, 989, 991, 69, + + 69, 995, 69, 1004, 1006, 1001, 1007, 1008, 1003, 994, + 69, 993, 69, 69, 69, 996, 69, 998, 1000, 1002, + 69, 997, 1005, 999, 69, 1009, 69, 1010, 69, 1011, + 1004, 1006, 1001, 1013, 1012, 1003, 1014, 69, 69, 1016, + 1017, 1019, 69, 1021, 1018, 1020, 1015, 69, 1027, 1005, + 69, 69, 1009, 69, 1010, 1955, 69, 69, 69, 69, + 1013, 1012, 1026, 1014, 1024, 69, 1016, 1022, 1023, 1025, + 1021, 69, 69, 1015, 1028, 69, 69, 69, 1029, 69, + 1030, 1033, 69, 69, 1031, 1032, 69, 69, 69, 1026, + 1034, 1024, 69, 1035, 1022, 1023, 1025, 1036, 69, 1037, + + 1038, 1028, 69, 1039, 1041, 1029, 1040, 1030, 1033, 1043, + 1042, 1031, 1032, 1048, 69, 1047, 1050, 1034, 69, 69, + 1035, 69, 69, 69, 1036, 69, 1037, 69, 69, 69, + 1039, 1041, 1053, 1040, 1044, 1049, 1043, 1042, 1045, 69, + 69, 1051, 1047, 1050, 1054, 1052, 1057, 1055, 1955, 1056, + 69, 1046, 69, 69, 1058, 1059, 1060, 69, 1063, 69, + 1061, 1044, 1049, 69, 1062, 1045, 1065, 69, 1051, 69, + 69, 1054, 1052, 1066, 1055, 69, 1056, 69, 1046, 69, + 1067, 69, 69, 1060, 69, 1063, 1064, 1061, 69, 1068, + 69, 1062, 69, 1065, 1069, 69, 1070, 1071, 1072, 1955, + + 1066, 69, 69, 1073, 1074, 1075, 1076, 1067, 1077, 1955, + 1079, 1083, 69, 1064, 69, 1078, 69, 69, 1080, 1955, + 1955, 1069, 69, 1070, 1071, 1072, 69, 69, 69, 69, + 1073, 1074, 1075, 69, 1081, 1077, 69, 1079, 1083, 1082, + 69, 69, 1078, 1084, 1085, 1080, 69, 1088, 1087, 1089, + 69, 1086, 1955, 1955, 69, 1090, 1091, 1092, 1955, 1094, + 1093, 1081, 69, 1095, 1101, 69, 1082, 1955, 69, 69, + 1084, 1085, 1102, 69, 1088, 1104, 1096, 1106, 1086, 69, + 69, 69, 1090, 69, 1092, 1097, 1094, 1093, 1103, 69, + 1095, 69, 69, 1098, 69, 69, 1099, 69, 1105, 1102, + + 69, 69, 1104, 1096, 1106, 1107, 69, 1108, 1100, 1955, + 1109, 1111, 1097, 1110, 1112, 1103, 1114, 69, 69, 69, + 1098, 69, 1113, 1099, 1115, 1105, 1116, 1117, 69, 1122, + 1118, 1125, 1119, 69, 1108, 1100, 69, 1109, 1111, 1120, + 1110, 69, 69, 1121, 69, 69, 69, 69, 69, 1113, + 69, 1115, 69, 1116, 69, 1124, 1122, 1118, 1123, 1119, + 1126, 1127, 69, 1128, 1130, 1129, 1120, 69, 69, 69, + 1121, 69, 1131, 69, 1132, 1133, 69, 1139, 1134, 69, + 1140, 1135, 1124, 1149, 1142, 1123, 69, 1126, 1127, 1136, + 1128, 69, 1129, 1141, 69, 69, 69, 1144, 1137, 1131, + + 69, 1132, 1133, 1138, 1139, 1134, 69, 69, 1135, 1148, + 69, 1142, 1143, 1145, 69, 69, 1136, 69, 1150, 1146, + 1141, 69, 1147, 69, 1144, 1137, 1151, 69, 1152, 1153, + 1138, 1154, 1155, 69, 1159, 1156, 1148, 69, 69, 1143, + 1145, 1168, 69, 69, 69, 69, 1146, 1955, 1158, 1147, + 69, 1161, 1157, 1151, 69, 1152, 1153, 69, 1154, 1155, + 69, 1159, 1156, 1160, 1162, 1171, 1163, 1165, 1167, 69, + 1166, 1955, 69, 1169, 69, 1158, 1170, 69, 1161, 1157, + 1164, 1172, 69, 1174, 1955, 69, 69, 1183, 1955, 1955, + 1160, 1162, 69, 1163, 1165, 1167, 69, 1166, 69, 1173, + + 1169, 1175, 69, 1170, 1178, 1176, 69, 1164, 1172, 1180, + 1181, 1177, 69, 1182, 69, 69, 1179, 1186, 69, 69, + 1188, 69, 1184, 69, 69, 1185, 1173, 1187, 1175, 69, + 1191, 1178, 1176, 69, 69, 69, 1180, 1181, 1177, 1189, + 1182, 1190, 69, 1179, 1186, 1194, 1193, 1188, 69, 1184, + 69, 1192, 1185, 1200, 1187, 69, 1195, 1191, 69, 1196, + 1197, 69, 1198, 69, 1203, 1201, 1189, 1202, 1190, 69, + 1204, 1205, 69, 1193, 1199, 69, 69, 69, 1192, 69, + 69, 1206, 69, 1195, 69, 69, 1196, 1197, 1207, 1198, + 1209, 1203, 1201, 1208, 1202, 69, 1211, 69, 1205, 1210, + + 1214, 1199, 1215, 1212, 1213, 1220, 1218, 1221, 69, 1955, + 69, 69, 69, 69, 69, 1207, 1219, 69, 69, 69, + 1208, 69, 1216, 1211, 69, 1225, 1210, 1214, 69, 1215, + 1212, 1213, 69, 1218, 1224, 1217, 1222, 1223, 69, 1226, + 69, 69, 69, 1219, 1227, 69, 69, 1228, 1229, 1216, + 1230, 1231, 69, 69, 1232, 1233, 1234, 1235, 1236, 1239, + 69, 1224, 1217, 1222, 1223, 69, 1226, 1237, 1955, 1238, + 1246, 69, 1244, 69, 1228, 69, 1248, 1230, 69, 69, + 1245, 1232, 69, 1234, 1250, 1236, 69, 69, 69, 69, + 69, 1240, 1241, 1242, 69, 69, 1238, 1247, 1243, 1244, + + 1252, 69, 1249, 1248, 69, 1253, 69, 1245, 69, 1251, + 69, 69, 69, 1255, 1256, 1257, 1254, 1258, 1240, 1241, + 1242, 69, 1259, 1267, 1247, 1243, 69, 1252, 1260, 1249, + 1262, 69, 1253, 69, 69, 1261, 1251, 1263, 1266, 69, + 1255, 69, 1257, 1254, 69, 1264, 69, 1265, 69, 1259, + 1269, 1270, 1268, 69, 69, 1260, 1271, 1262, 69, 69, + 69, 1272, 1261, 69, 1263, 1266, 1274, 1273, 1275, 1955, + 69, 1277, 1264, 1276, 1265, 69, 1279, 1269, 1278, 1268, + 1281, 69, 69, 1295, 69, 69, 69, 69, 69, 69, + 1280, 69, 1282, 1274, 1273, 1275, 1284, 1285, 1277, 1288, + + 1276, 1283, 69, 1279, 69, 1278, 69, 1281, 69, 69, + 1286, 1287, 1291, 1296, 69, 1299, 1289, 1280, 1294, 1282, + 69, 1290, 1293, 1284, 1285, 69, 69, 1292, 1283, 69, + 1297, 69, 69, 69, 1298, 69, 1301, 1286, 1287, 69, + 69, 1300, 69, 1289, 1302, 1294, 69, 1303, 1290, 1293, + 1304, 69, 1305, 1306, 1292, 69, 1307, 1309, 1311, 1308, + 1955, 69, 69, 1301, 69, 1312, 1310, 69, 1300, 1313, + 1314, 1315, 1317, 69, 1303, 69, 1321, 1304, 69, 1305, + 1306, 69, 69, 1316, 1318, 1311, 1308, 69, 69, 1319, + 1320, 69, 1312, 1310, 69, 1324, 69, 69, 1315, 1317, + + 69, 1326, 1325, 1321, 69, 69, 1322, 69, 1323, 69, + 1316, 1318, 69, 1329, 1332, 1327, 1319, 1320, 1328, 69, + 1331, 69, 69, 69, 69, 1330, 69, 69, 1326, 1325, + 1335, 1955, 1333, 1322, 1338, 1323, 69, 1336, 1337, 69, + 1329, 1332, 1327, 1334, 1342, 1328, 1955, 69, 1955, 1339, + 1340, 69, 1330, 1341, 1345, 69, 69, 1335, 69, 1333, + 69, 69, 69, 1343, 1336, 1337, 69, 1344, 1346, 1347, + 1334, 1348, 1352, 69, 1349, 69, 1339, 1340, 69, 69, + 1341, 1345, 1351, 1955, 1350, 1355, 69, 69, 69, 69, + 1343, 1353, 1354, 69, 1344, 69, 1347, 1357, 1348, 1352, + + 69, 1349, 69, 1356, 69, 1359, 69, 69, 1360, 1351, + 1358, 1350, 1355, 1361, 1362, 69, 1955, 69, 1353, 1354, + 1364, 1365, 69, 1363, 1357, 1366, 1374, 69, 1367, 69, + 1356, 1368, 1359, 69, 69, 1360, 69, 1358, 69, 1369, + 1361, 1362, 1372, 69, 1377, 1370, 1371, 1364, 1365, 1373, + 1363, 69, 69, 69, 1384, 1367, 69, 69, 1368, 1375, + 1376, 1380, 1378, 69, 69, 1379, 1369, 69, 69, 1372, + 69, 1377, 1370, 1371, 69, 1381, 1373, 1383, 69, 1382, + 1955, 69, 1386, 1385, 69, 69, 1375, 1376, 69, 1378, + 1390, 69, 1379, 1387, 1388, 1391, 1392, 1389, 1393, 1955, + + 1955, 69, 1381, 1955, 1383, 69, 1382, 69, 69, 1386, + 1385, 1394, 69, 69, 69, 69, 1396, 1390, 1395, 1397, + 1387, 1388, 69, 1392, 1389, 1393, 69, 1398, 1399, 1400, + 69, 1401, 1402, 69, 1405, 1403, 69, 69, 1394, 69, + 69, 1407, 1404, 1396, 69, 1395, 1397, 1406, 1409, 1408, + 69, 1410, 69, 1411, 1398, 1399, 1400, 69, 1401, 1402, + 69, 69, 1403, 1414, 1416, 69, 1412, 69, 69, 1404, + 1413, 69, 1415, 69, 1406, 1409, 1408, 1417, 1410, 69, + 1411, 1418, 69, 1419, 1421, 1420, 1422, 1955, 1424, 1955, + 1414, 69, 1423, 69, 1425, 69, 69, 69, 1426, 1415, + + 69, 1427, 1429, 1432, 1417, 69, 1428, 1430, 69, 69, + 1419, 1421, 1420, 1433, 69, 69, 69, 69, 69, 1423, + 69, 1425, 1435, 1434, 69, 1426, 1431, 1443, 1427, 1429, + 69, 1436, 69, 1428, 1430, 69, 69, 69, 1437, 1438, + 1433, 1439, 69, 1445, 69, 69, 69, 69, 1440, 1435, + 1434, 69, 1441, 1431, 1443, 1442, 1444, 1446, 1436, 1447, + 69, 69, 69, 1448, 1449, 1437, 1438, 1450, 1439, 1451, + 69, 1452, 1455, 69, 1454, 1440, 69, 1453, 69, 1441, + 1456, 69, 1442, 1444, 1446, 1457, 1447, 1458, 69, 69, + 1448, 1449, 1459, 69, 1450, 69, 69, 1460, 69, 69, + + 1461, 1454, 1462, 1463, 1453, 1465, 69, 69, 1466, 1464, + 1467, 69, 69, 1468, 1458, 1470, 69, 1469, 1473, 69, + 1474, 1475, 69, 1477, 1460, 1955, 1471, 69, 69, 69, + 1463, 69, 69, 69, 1480, 1466, 1464, 69, 69, 69, + 1468, 1472, 1470, 1476, 1469, 69, 69, 1474, 1475, 1478, + 69, 69, 69, 1471, 1479, 1481, 69, 1482, 69, 1483, + 1484, 1480, 1485, 69, 1486, 1487, 1955, 69, 1472, 1492, + 1476, 1489, 1490, 1488, 69, 69, 1478, 1499, 69, 1493, + 1491, 1479, 1481, 69, 69, 1495, 1483, 69, 69, 1485, + 69, 1486, 1487, 69, 69, 1494, 1492, 69, 1489, 1490, + + 1488, 69, 1496, 1497, 1500, 1498, 1493, 1491, 69, 1501, + 1502, 1504, 1495, 1503, 1955, 1955, 69, 69, 69, 1511, + 69, 69, 1494, 1509, 1955, 1505, 1510, 69, 69, 1496, + 1497, 1500, 1498, 1506, 69, 69, 1501, 1502, 1512, 69, + 1503, 1507, 69, 1508, 69, 1513, 1511, 1514, 69, 1515, + 1509, 69, 1505, 1510, 69, 1516, 1517, 1524, 1518, 1526, + 1506, 1519, 69, 1520, 69, 1512, 1521, 69, 1507, 1522, + 1508, 69, 1513, 1523, 1514, 1527, 1515, 69, 69, 69, + 69, 1525, 69, 69, 1524, 1518, 69, 69, 1519, 1534, + 1520, 1528, 1531, 1521, 1529, 1533, 1522, 69, 69, 69, + + 1523, 69, 1527, 1530, 1532, 69, 1535, 1537, 1525, 1538, + 1540, 69, 1536, 1548, 1543, 69, 69, 69, 1528, 1531, + 69, 1529, 1533, 69, 1539, 1541, 1545, 69, 1542, 69, + 1530, 1532, 1546, 1535, 1537, 69, 1544, 1540, 69, 1536, + 69, 69, 1547, 69, 69, 69, 1549, 1550, 69, 1552, + 1555, 1539, 1541, 1545, 69, 1542, 1551, 1553, 69, 69, + 1554, 69, 1556, 1544, 1557, 69, 1559, 1560, 1955, 69, + 1558, 69, 69, 1549, 1550, 69, 1552, 69, 69, 69, + 69, 1561, 1562, 1551, 1553, 1563, 1565, 1554, 1564, 1556, + 1566, 1567, 1569, 1559, 69, 69, 1568, 1558, 69, 1570, + + 1574, 69, 1955, 69, 1955, 1571, 1572, 69, 1561, 1562, + 69, 69, 1563, 69, 1573, 1564, 1576, 69, 69, 1569, + 69, 69, 69, 1568, 1575, 69, 1570, 1574, 1577, 69, + 1579, 69, 1571, 1572, 1578, 69, 1580, 69, 1583, 1581, + 1582, 1573, 69, 69, 1584, 1585, 69, 1586, 1587, 1589, + 69, 1575, 69, 69, 69, 1577, 1588, 1579, 1590, 1955, + 1591, 1578, 69, 1580, 69, 1583, 1581, 1582, 1593, 1600, + 69, 1584, 1585, 1592, 1586, 1587, 69, 69, 69, 1594, + 69, 1595, 1598, 1588, 69, 69, 69, 1591, 69, 1596, + 1597, 69, 1599, 1601, 1602, 1593, 69, 69, 1604, 1609, + + 1592, 1607, 1603, 69, 1605, 1606, 1594, 69, 1595, 1598, + 69, 69, 69, 69, 69, 1608, 1596, 1597, 69, 1599, + 1601, 1602, 69, 69, 1610, 1604, 69, 1611, 1607, 1603, + 1613, 1605, 1606, 1612, 1614, 1616, 69, 1615, 69, 1617, + 1955, 1618, 1608, 1619, 69, 69, 1620, 69, 69, 1622, + 1623, 1621, 1624, 69, 1611, 69, 69, 1613, 69, 1625, + 1612, 1614, 1616, 69, 1615, 1626, 1617, 69, 1618, 1627, + 1619, 69, 1629, 69, 1630, 69, 1622, 69, 1621, 1624, + 1628, 1631, 69, 1632, 1955, 1633, 1625, 1636, 69, 1635, + 1634, 1637, 1626, 1638, 69, 69, 69, 1641, 1639, 69, + + 1640, 1630, 1645, 69, 1642, 69, 69, 1628, 69, 69, + 69, 69, 1633, 69, 1636, 69, 1635, 1634, 1637, 69, + 1638, 1643, 1644, 1646, 1641, 1639, 69, 1640, 1955, 69, + 1649, 1642, 1647, 1648, 69, 1650, 1651, 1652, 1654, 1653, + 1955, 1955, 1955, 69, 1655, 1955, 1656, 1657, 1643, 1644, + 69, 1696, 69, 69, 1660, 69, 1659, 69, 1658, 1647, + 1648, 69, 1650, 69, 69, 69, 1653, 69, 69, 69, + 69, 1655, 1661, 1656, 1657, 69, 69, 1662, 1663, 1664, + 1665, 1660, 69, 1659, 1666, 1658, 1668, 69, 69, 1670, + 1667, 1669, 1673, 1955, 69, 1955, 1671, 69, 1676, 1661, + + 69, 69, 69, 69, 1662, 1663, 1664, 1665, 69, 69, + 1677, 1666, 69, 1668, 1672, 1675, 1670, 1667, 1669, 69, + 1674, 69, 69, 1671, 1678, 1676, 1679, 1680, 69, 1682, + 1681, 1955, 1685, 69, 1684, 1686, 1683, 69, 1688, 1689, + 1955, 1672, 1675, 69, 69, 69, 69, 1674, 69, 69, + 1690, 1678, 69, 1679, 1680, 1691, 1682, 1681, 69, 1685, + 1687, 1684, 69, 1683, 69, 1688, 69, 69, 1692, 1693, + 1694, 1695, 1697, 1702, 69, 1703, 1699, 1690, 1698, 69, + 1700, 1701, 69, 1955, 69, 69, 1711, 1687, 1704, 1707, + 1955, 1710, 1705, 1706, 69, 69, 69, 1694, 1695, 69, + + 1702, 69, 69, 1708, 69, 1698, 69, 69, 1701, 1712, + 69, 69, 69, 69, 1709, 1704, 1707, 69, 1710, 1705, + 1706, 69, 1715, 1713, 1714, 1955, 1716, 1955, 1717, 1718, + 1708, 1720, 69, 1721, 69, 1719, 1712, 1723, 69, 1724, + 69, 1709, 69, 1722, 69, 1725, 69, 1726, 69, 1715, + 1713, 1714, 69, 1716, 69, 1717, 1718, 69, 1720, 1727, + 1721, 69, 1719, 1729, 1723, 1730, 1724, 1728, 1732, 1731, + 1722, 69, 69, 1733, 1726, 1735, 69, 1734, 1738, 1736, + 69, 69, 1737, 1739, 1749, 69, 1727, 69, 69, 69, + 69, 1740, 1730, 69, 1728, 1732, 1731, 69, 1741, 1742, + + 69, 1743, 1735, 1746, 69, 1738, 1736, 1955, 1744, 1737, + 1739, 1745, 1748, 69, 1747, 69, 1750, 69, 1740, 69, + 1751, 1753, 69, 69, 69, 1741, 1742, 1752, 1743, 1754, + 69, 69, 69, 1755, 69, 1744, 69, 1756, 1745, 1748, + 1758, 1747, 69, 1750, 1762, 69, 1757, 1751, 1759, 1760, + 1761, 1763, 69, 1955, 1752, 69, 1754, 1765, 69, 69, + 69, 1764, 69, 1767, 1756, 1766, 69, 69, 69, 1769, + 1770, 1762, 69, 1757, 1768, 1759, 1760, 1761, 1763, 69, + 69, 1771, 69, 1772, 1765, 1774, 1773, 1775, 1764, 69, + 69, 1776, 1766, 69, 1777, 69, 69, 69, 1779, 1778, + + 1780, 1768, 1783, 69, 69, 1782, 1784, 69, 1771, 69, + 69, 1781, 1774, 1773, 1775, 1785, 1787, 69, 1776, 69, + 69, 1777, 1786, 1788, 1790, 69, 1778, 69, 1789, 1783, + 69, 69, 1782, 69, 1792, 1795, 1791, 1796, 1781, 69, + 1798, 1800, 1785, 1787, 69, 1797, 69, 1799, 69, 1786, + 1788, 1790, 69, 69, 69, 1789, 1793, 1794, 1801, 1802, + 1803, 1804, 69, 1791, 69, 69, 69, 69, 1800, 69, + 1805, 1806, 1797, 1807, 1799, 1808, 1809, 1811, 1812, 1815, + 69, 1955, 1955, 1793, 1794, 1801, 69, 69, 69, 69, + 1813, 1814, 69, 1816, 1810, 69, 1820, 1805, 69, 69, + + 1807, 69, 69, 1809, 1811, 69, 69, 1817, 1819, 1818, + 69, 69, 69, 1821, 69, 69, 69, 1813, 1814, 1822, + 1816, 1810, 1823, 1820, 1829, 1826, 1827, 1830, 69, 1832, + 69, 69, 69, 69, 1817, 1819, 1818, 1824, 1825, 1831, + 1821, 1834, 1955, 1828, 1833, 1836, 1822, 69, 69, 1823, + 69, 69, 1826, 1827, 69, 1837, 69, 1840, 69, 1841, + 1835, 1838, 69, 1842, 1824, 1825, 1831, 69, 69, 69, + 1828, 1833, 1836, 69, 1839, 69, 1843, 1844, 1845, 1846, + 69, 1851, 69, 69, 1840, 69, 1841, 1835, 1838, 1847, + 69, 69, 1848, 1849, 1850, 69, 1852, 1853, 1855, 69, + + 1854, 1839, 69, 69, 1844, 1845, 1846, 1856, 69, 1857, + 1859, 1861, 1955, 1955, 69, 69, 1847, 1858, 69, 1848, + 1849, 1850, 69, 69, 69, 69, 1860, 1854, 1862, 69, + 1863, 1864, 1866, 1868, 1856, 69, 1857, 69, 1865, 69, + 1867, 69, 69, 69, 1858, 1955, 1955, 69, 1879, 1870, + 69, 1955, 69, 1860, 1869, 1862, 69, 1863, 1864, 1866, + 1868, 69, 69, 1871, 69, 1865, 1872, 1867, 1876, 1873, + 69, 1878, 1875, 1874, 1877, 69, 1870, 69, 69, 69, + 69, 1869, 69, 69, 1880, 1881, 69, 1882, 1883, 1887, + 1871, 1884, 1885, 1872, 69, 1876, 1873, 1886, 1878, 1875, + + 1874, 1877, 69, 1888, 1889, 1890, 1892, 1893, 1955, 69, + 69, 1880, 69, 69, 69, 1883, 69, 69, 1884, 1885, + 69, 1891, 1894, 1897, 1886, 1895, 1896, 1955, 1899, 69, + 1888, 69, 1890, 1898, 69, 69, 69, 69, 69, 69, + 1900, 69, 69, 1901, 1902, 1910, 1903, 1906, 1891, 1894, + 1897, 69, 1895, 1896, 69, 1899, 1904, 1955, 1905, 1907, + 1898, 1911, 1912, 1915, 69, 1908, 69, 1900, 69, 69, + 1901, 1902, 1909, 1903, 1906, 1918, 69, 1917, 1955, 1930, + 69, 69, 69, 1904, 69, 1905, 1907, 69, 69, 1912, + 1913, 69, 1908, 1914, 69, 1916, 1921, 69, 69, 1909, + + 1919, 69, 1918, 69, 1917, 1920, 69, 1922, 69, 1923, + 69, 1924, 1955, 69, 1925, 1955, 1926, 1913, 1955, 69, + 1914, 1929, 1916, 1921, 1927, 1928, 1955, 1919, 1955, 69, + 1931, 69, 1920, 69, 1922, 1932, 1923, 1934, 1924, 1933, + 69, 1925, 69, 1926, 1955, 69, 69, 69, 1929, 1936, + 69, 1927, 1928, 1935, 1944, 69, 1937, 1931, 1940, 69, + 1938, 69, 1932, 1943, 1934, 1939, 1933, 1941, 69, 1942, + 1946, 69, 1955, 69, 1947, 69, 1936, 69, 69, 1945, + 1935, 69, 1948, 1937, 69, 1940, 1949, 1938, 1950, 69, + 1943, 1953, 1939, 1954, 1941, 1951, 1942, 69, 1955, 69, + + 1955, 69, 69, 69, 1952, 1955, 1945, 1955, 69, 1948, + 69, 1955, 69, 1949, 1955, 1950, 1955, 1955, 69, 1955, + 69, 1955, 1951, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1952, 41, 41, 41, 41, 41, 41, 41, 46, + 46, 46, 46, 46, 46, 46, 51, 51, 51, 51, + 51, 51, 51, 57, 57, 57, 57, 57, 57, 57, + 62, 62, 62, 62, 62, 62, 62, 72, 72, 1955, + 72, 72, 72, 72, 129, 129, 1955, 1955, 1955, 129, + 129, 131, 131, 1955, 1955, 131, 1955, 131, 133, 1955, + 1955, 1955, 1955, 1955, 133, 136, 136, 1955, 1955, 1955, + + 136, 136, 138, 1955, 1955, 1955, 1955, 1955, 138, 140, + 140, 1955, 140, 140, 140, 140, 73, 73, 1955, 73, + 73, 73, 73, 13, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955 } ; -static yyconst flex_int16_t yy_chk[5277] = +static yyconst flex_int16_t yy_chk[5690] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1619,579 +1727,624 @@ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, 4, - 4, 5, 5, 6, 6, 5, 24, 6, 7, 7, - 7, 7, 1805, 7, 8, 8, 8, 8, 24, 8, + 4, 5, 5, 6, 6, 5, 27, 6, 7, 7, + 7, 7, 1961, 7, 8, 8, 8, 8, 27, 8, 9, 9, 9, 10, 10, 10, 15, 45, 45, 50, - 15, 3, 50, 24, 4, 61, 61, 5, 19, 6, - 19, 19, 70, 19, 669, 7, 70, 40, 19, 40, - 40, 8, 40, 23, 20, 20, 9, 40, 663, 10, + 15, 3, 50, 27, 4, 61, 61, 5, 19, 6, + 19, 19, 70, 19, 707, 7, 70, 40, 19, 40, + 40, 8, 40, 23, 20, 20, 9, 40, 714, 10, 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, - 12, 12, 20, 23, 27, 19, 23, 29, 20, 11, - 23, 20, 20, 136, 21, 12, 27, 25, 663, 29, - 134, 21, 34, 94, 28, 25, 133, 11, 21, 20, - 23, 27, 131, 12, 29, 34, 11, 128, 128, 129, - 21, 21, 12, 25, 25, 76, 28, 26, 21, 34, - 26, 28, 25, 30, 94, 21, 22, 26, 32, 26, - - 22, 30, 127, 22, 32, 22, 22, 30, 76, 31, - 26, 30, 76, 31, 26, 75, 83, 26, 22, 30, - 30, 83, 79, 22, 26, 32, 26, 22, 30, 31, - 22, 79, 22, 22, 30, 31, 31, 35, 30, 75, - 31, 35, 75, 83, 68, 37, 62, 37, 77, 79, - 57, 35, 52, 38, 35, 77, 31, 33, 38, 51, - 90, 33, 37, 35, 35, 247, 38, 33, 35, 39, - 33, 37, 37, 39, 37, 77, 36, 33, 35, 33, - 38, 35, 46, 90, 33, 38, 36, 90, 33, 37, - 36, 36, 247, 66, 33, 39, 39, 33, 36, 130, - - 39, 41, 130, 36, 33, 56, 66, 56, 56, 64, - 56, 64, 64, 36, 64, 135, 135, 36, 36, 67, - 66, 67, 67, 69, 67, 69, 69, 72, 69, 72, - 72, 78, 72, 69, 80, 81, 82, 72, 86, 85, - 84, 14, 87, 13, 78, 82, 64, 80, 84, 87, - 81, 86, 91, 215, 0, 78, 85, 88, 78, 89, - 92, 80, 81, 82, 72, 86, 88, 84, 89, 87, - 85, 78, 93, 92, 91, 93, 0, 95, 96, 91, - 99, 101, 215, 85, 88, 95, 89, 92, 93, 93, - 97, 103, 98, 99, 97, 98, 93, 100, 96, 93, - - 96, 101, 93, 105, 95, 96, 107, 99, 101, 102, - 105, 103, 104, 106, 97, 93, 93, 97, 103, 98, - 100, 97, 106, 102, 100, 96, 104, 109, 108, 107, - 105, 109, 113, 107, 110, 112, 102, 108, 111, 104, - 106, 110, 112, 115, 114, 117, 113, 122, 116, 109, - 142, 115, 118, 122, 109, 108, 114, 116, 109, 113, - 119, 110, 112, 120, 111, 111, 121, 118, 125, 124, - 115, 114, 120, 123, 122, 116, 117, 121, 0, 118, - 119, 142, 0, 125, 0, 0, 119, 119, 126, 140, - 120, 124, 253, 121, 123, 125, 124, 126, 123, 132, - - 123, 132, 132, 137, 132, 137, 137, 119, 137, 138, - 141, 138, 138, 140, 138, 126, 140, 143, 145, 253, - 144, 123, 146, 147, 150, 153, 145, 0, 148, 143, - 147, 149, 141, 148, 146, 151, 0, 141, 0, 144, - 154, 0, 155, 157, 143, 145, 138, 144, 154, 146, - 147, 153, 153, 149, 158, 150, 151, 0, 149, 148, - 148, 156, 0, 151, 155, 156, 157, 154, 160, 155, - 157, 163, 159, 0, 0, 161, 158, 162, 161, 0, - 160, 158, 168, 151, 152, 159, 162, 164, 156, 152, - 161, 165, 0, 163, 152, 160, 166, 167, 163, 159, - - 152, 152, 161, 166, 162, 161, 169, 152, 167, 164, - 165, 152, 170, 168, 164, 171, 152, 165, 165, 174, - 172, 152, 170, 166, 167, 173, 175, 152, 152, 176, - 177, 173, 169, 169, 0, 178, 180, 165, 172, 0, - 179, 0, 0, 170, 181, 182, 171, 172, 175, 170, - 174, 181, 173, 175, 179, 178, 184, 180, 186, 183, - 176, 177, 178, 180, 183, 185, 182, 179, 189, 187, - 188, 181, 182, 190, 192, 184, 194, 188, 190, 185, - 186, 187, 193, 184, 195, 186, 183, 196, 200, 193, - 189, 201, 185, 191, 191, 189, 187, 188, 197, 198, - - 190, 194, 191, 194, 195, 192, 197, 199, 203, 193, - 200, 195, 205, 202, 198, 206, 204, 208, 196, 200, - 191, 191, 201, 203, 204, 197, 198, 207, 211, 209, - 202, 205, 214, 199, 199, 203, 210, 200, 202, 205, - 202, 209, 212, 204, 212, 210, 206, 211, 208, 207, - 213, 223, 216, 218, 207, 211, 209, 202, 214, 214, - 217, 219, 0, 210, 218, 220, 222, 221, 224, 212, - 225, 227, 0, 219, 213, 0, 226, 213, 216, 216, - 218, 224, 223, 232, 222, 235, 217, 217, 219, 220, - 221, 229, 220, 222, 221, 224, 225, 225, 226, 228, - - 229, 230, 227, 226, 234, 231, 228, 230, 235, 232, - 232, 233, 235, 234, 236, 237, 238, 0, 229, 231, - 0, 239, 240, 236, 241, 242, 228, 241, 230, 245, - 237, 234, 231, 243, 241, 233, 244, 240, 233, 243, - 248, 236, 237, 242, 245, 239, 254, 238, 239, 240, - 244, 241, 242, 250, 241, 0, 245, 246, 246, 249, - 243, 251, 249, 244, 248, 250, 255, 248, 254, 249, - 259, 256, 252, 254, 257, 260, 258, 259, 262, 251, - 250, 0, 246, 256, 246, 246, 249, 261, 251, 249, - 252, 258, 255, 255, 261, 264, 257, 259, 256, 252, - - 262, 257, 263, 258, 263, 262, 260, 265, 264, 266, - 265, 267, 265, 268, 261, 282, 269, 273, 265, 0, - 271, 270, 264, 0, 269, 272, 263, 266, 270, 263, - 269, 263, 271, 273, 265, 268, 266, 265, 272, 265, - 268, 273, 267, 269, 273, 274, 282, 271, 270, 276, - 277, 269, 272, 278, 279, 280, 0, 281, 274, 278, - 273, 276, 279, 287, 281, 283, 285, 280, 277, 283, - 0, 290, 274, 275, 275, 0, 276, 277, 285, 286, - 278, 279, 280, 275, 281, 275, 275, 275, 284, 288, - 275, 286, 283, 285, 287, 284, 288, 291, 275, 292, - - 275, 275, 290, 298, 294, 289, 286, 0, 291, 307, - 275, 294, 275, 275, 275, 284, 288, 275, 289, 293, - 293, 292, 295, 296, 291, 297, 292, 300, 298, 301, - 298, 294, 289, 295, 296, 299, 300, 0, 297, 303, - 307, 304, 301, 306, 305, 308, 302, 0, 293, 295, - 296, 308, 297, 309, 300, 310, 301, 303, 299, 302, - 0, 306, 299, 304, 302, 311, 303, 305, 304, 313, - 306, 305, 308, 302, 309, 312, 315, 314, 310, 316, - 309, 317, 310, 313, 0, 316, 302, 319, 0, 320, - 318, 311, 311, 0, 322, 328, 313, 312, 321, 317, - - 322, 323, 312, 314, 314, 318, 316, 315, 317, 325, - 319, 327, 326, 328, 319, 320, 320, 318, 326, 329, - 321, 322, 328, 335, 332, 321, 329, 323, 323, 330, - 327, 332, 334, 333, 336, 325, 325, 373, 327, 326, - 333, 337, 339, 338, 330, 334, 329, 342, 340, 343, - 341, 332, 336, 342, 335, 341, 330, 340, 345, 334, - 333, 336, 338, 337, 373, 353, 344, 356, 337, 356, - 338, 346, 343, 339, 342, 340, 343, 341, 344, 347, - 345, 349, 346, 350, 351, 345, 0, 347, 349, 353, - 352, 350, 353, 344, 356, 351, 354, 358, 346, 352, - - 0, 355, 359, 354, 357, 0, 347, 348, 349, 358, - 350, 351, 348, 360, 348, 362, 368, 359, 0, 364, - 362, 352, 348, 354, 358, 360, 352, 355, 355, 359, - 357, 357, 348, 348, 348, 361, 363, 364, 366, 348, - 360, 348, 362, 361, 365, 367, 364, 368, 370, 348, - 366, 369, 365, 371, 372, 374, 0, 370, 363, 348, - 376, 375, 361, 363, 384, 366, 369, 371, 367, 378, - 374, 365, 367, 372, 377, 370, 375, 381, 369, 380, - 371, 372, 374, 380, 376, 382, 377, 376, 375, 379, - 383, 381, 379, 378, 385, 384, 378, 386, 387, 388, - - 379, 377, 391, 389, 381, 388, 0, 394, 390, 392, - 380, 0, 382, 395, 394, 393, 379, 383, 396, 379, - 0, 385, 403, 400, 386, 389, 388, 0, 397, 387, - 389, 390, 392, 391, 394, 390, 392, 393, 398, 399, - 396, 397, 393, 398, 395, 396, 402, 398, 399, 400, - 400, 401, 405, 403, 404, 397, 0, 0, 407, 402, - 401, 406, 398, 408, 409, 398, 399, 0, 412, 414, - 398, 410, 404, 402, 398, 419, 405, 408, 401, 405, - 407, 404, 410, 406, 406, 407, 409, 411, 406, 416, - 408, 409, 413, 414, 415, 417, 414, 0, 410, 412, - - 421, 420, 411, 422, 417, 423, 419, 418, 0, 423, - 406, 416, 424, 413, 411, 425, 416, 426, 415, 413, - 418, 415, 417, 420, 421, 422, 424, 421, 420, 425, - 422, 427, 428, 429, 418, 430, 423, 429, 431, 424, - 0, 432, 425, 433, 434, 440, 431, 428, 426, 427, - 436, 438, 433, 434, 440, 435, 428, 436, 427, 428, - 430, 437, 430, 435, 429, 431, 432, 439, 432, 438, - 433, 434, 440, 441, 428, 442, 445, 436, 438, 439, - 447, 443, 435, 444, 437, 441, 446, 449, 437, 443, - 448, 444, 0, 450, 439, 452, 447, 451, 449, 453, - - 441, 450, 445, 445, 468, 454, 442, 447, 443, 446, - 444, 451, 448, 446, 449, 452, 455, 448, 456, 457, - 450, 453, 452, 459, 451, 454, 453, 458, 457, 460, - 461, 462, 454, 464, 0, 468, 463, 0, 455, 464, - 456, 459, 460, 455, 466, 456, 457, 458, 472, 469, - 459, 470, 461, 465, 458, 462, 460, 461, 462, 463, - 464, 465, 466, 463, 471, 473, 470, 472, 474, 0, - 474, 466, 469, 471, 473, 472, 469, 477, 470, 465, - 465, 483, 485, 486, 480, 484, 0, 0, 465, 477, - 492, 471, 473, 488, 480, 474, 475, 0, 489, 483, - - 475, 508, 491, 475, 477, 485, 484, 489, 483, 485, - 475, 480, 484, 475, 486, 488, 493, 492, 475, 490, - 488, 490, 494, 475, 496, 489, 491, 475, 508, 491, - 475, 0, 0, 495, 497, 0, 493, 475, 498, 0, - 475, 487, 487, 493, 487, 495, 490, 487, 494, 494, - 496, 496, 487, 499, 503, 500, 497, 501, 487, 487, - 495, 497, 498, 500, 501, 498, 504, 487, 487, 487, - 502, 487, 507, 503, 487, 499, 505, 509, 502, 487, - 499, 503, 500, 511, 501, 487, 487, 506, 505, 510, - 512, 516, 504, 504, 507, 515, 506, 502, 0, 507, - - 513, 518, 514, 505, 515, 517, 519, 511, 509, 518, - 511, 512, 520, 516, 506, 521, 522, 512, 516, 513, - 510, 514, 515, 524, 522, 517, 525, 513, 518, 514, - 526, 520, 517, 519, 527, 0, 528, 529, 533, 520, - 0, 524, 0, 522, 525, 0, 521, 527, 530, 529, - 524, 0, 532, 525, 526, 539, 530, 526, 532, 535, - 533, 527, 528, 528, 529, 533, 535, 534, 545, 536, - 537, 538, 530, 534, 536, 530, 540, 537, 539, 532, - 541, 542, 539, 530, 544, 540, 535, 543, 541, 538, - 548, 547, 549, 550, 534, 545, 536, 537, 538, 542, - - 543, 556, 546, 540, 547, 544, 553, 541, 542, 546, - 555, 544, 552, 554, 543, 558, 550, 551, 547, 554, - 550, 548, 557, 549, 558, 551, 560, 552, 553, 546, - 0, 559, 556, 553, 561, 562, 555, 555, 563, 552, - 554, 561, 558, 564, 551, 559, 557, 567, 565, 557, - 567, 566, 572, 568, 571, 564, 569, 560, 559, 566, - 574, 561, 562, 569, 572, 563, 568, 573, 0, 573, - 564, 565, 574, 575, 567, 565, 576, 571, 566, 572, - 568, 571, 578, 569, 570, 577, 570, 574, 581, 576, - 570, 0, 570, 583, 573, 575, 580, 570, 577, 583, - - 575, 582, 570, 576, 579, 578, 580, 586, 570, 578, - 581, 570, 577, 570, 582, 581, 579, 570, 580, 570, - 583, 584, 585, 580, 570, 587, 588, 590, 582, 570, - 587, 579, 587, 580, 584, 592, 589, 0, 586, 596, - 590, 588, 593, 585, 597, 591, 594, 596, 584, 585, - 587, 587, 587, 588, 590, 595, 598, 587, 589, 587, - 591, 592, 592, 589, 593, 594, 596, 600, 595, 593, - 601, 597, 591, 594, 603, 604, 602, 587, 605, 598, - 607, 606, 595, 598, 602, 609, 608, 610, 603, 606, - 614, 607, 611, 609, 601, 619, 624, 601, 600, 611, - - 605, 603, 612, 602, 608, 605, 604, 607, 606, 610, - 613, 617, 609, 608, 610, 612, 616, 619, 618, 611, - 617, 614, 619, 622, 616, 620, 621, 624, 613, 612, - 618, 623, 625, 0, 0, 627, 629, 613, 617, 627, - 641, 622, 630, 616, 0, 618, 625, 620, 621, 631, - 622, 628, 620, 621, 628, 630, 631, 623, 623, 625, - 629, 632, 634, 629, 633, 636, 627, 641, 635, 630, - 0, 633, 637, 632, 635, 638, 631, 628, 628, 639, - 640, 628, 642, 0, 643, 0, 634, 636, 632, 634, - 639, 633, 636, 643, 637, 635, 638, 644, 649, 637, - - 642, 640, 638, 645, 648, 646, 639, 640, 647, 642, - 652, 643, 645, 646, 650, 647, 653, 654, 648, 652, - 649, 644, 656, 655, 644, 649, 657, 658, 659, 0, - 645, 648, 646, 654, 660, 647, 650, 652, 655, 658, - 653, 650, 660, 653, 654, 661, 665, 662, 666, 673, - 655, 664, 674, 656, 658, 659, 666, 657, 661, 671, - 664, 660, 662, 667, 665, 667, 670, 675, 677, 672, - 676, 671, 661, 665, 662, 666, 672, 679, 664, 670, - 673, 677, 0, 674, 684, 678, 671, 0, 680, 675, - 667, 682, 676, 670, 675, 677, 672, 676, 678, 679, - - 680, 681, 683, 682, 679, 685, 686, 0, 688, 681, - 683, 684, 678, 687, 685, 680, 689, 690, 682, 695, - 687, 692, 693, 691, 694, 0, 0, 686, 681, 683, - 697, 693, 685, 686, 688, 688, 691, 690, 689, 696, - 687, 695, 694, 689, 690, 692, 695, 696, 692, 693, - 691, 694, 697, 698, 699, 700, 701, 697, 702, 703, - 704, 698, 710, 705, 709, 707, 696, 708, 701, 710, - 702, 705, 706, 700, 707, 704, 709, 699, 706, 703, - 698, 699, 700, 701, 711, 702, 703, 704, 708, 710, - 705, 709, 707, 713, 708, 714, 715, 0, 716, 706, - - 0, 718, 711, 719, 717, 716, 720, 719, 714, 721, - 724, 711, 723, 722, 720, 715, 718, 725, 0, 728, - 726, 733, 714, 715, 713, 716, 717, 722, 718, 727, - 723, 717, 729, 720, 719, 721, 721, 734, 730, 723, - 722, 724, 726, 725, 725, 728, 728, 726, 731, 732, - 729, 727, 733, 0, 739, 735, 727, 736, 732, 729, - 730, 731, 738, 0, 741, 730, 742, 745, 734, 0, - 739, 745, 0, 746, 743, 731, 732, 735, 742, 744, - 736, 739, 735, 743, 736, 737, 746, 741, 738, 738, - 737, 741, 737, 742, 737, 748, 737, 744, 745, 747, - - 746, 743, 749, 737, 750, 752, 744, 747, 751, 754, - 751, 757, 737, 750, 748, 749, 753, 737, 756, 737, - 0, 737, 748, 737, 759, 761, 747, 760, 753, 749, - 763, 750, 752, 757, 760, 751, 754, 762, 757, 758, - 765, 764, 756, 753, 766, 756, 769, 758, 764, 768, - 767, 759, 761, 770, 760, 769, 773, 763, 771, 762, - 774, 775, 765, 766, 762, 776, 758, 765, 764, 783, - 0, 766, 767, 769, 770, 768, 768, 767, 771, 777, - 770, 778, 779, 775, 780, 771, 781, 773, 775, 778, - 782, 774, 786, 781, 782, 785, 776, 777, 779, 784, - - 783, 787, 785, 788, 0, 784, 777, 786, 778, 779, - 787, 780, 784, 781, 789, 791, 790, 782, 790, 786, - 0, 789, 785, 792, 791, 794, 784, 793, 787, 788, - 788, 793, 784, 796, 799, 797, 798, 796, 800, 801, - 0, 789, 791, 790, 802, 792, 0, 794, 0, 804, - 792, 800, 794, 797, 793, 798, 803, 804, 807, 799, - 0, 799, 797, 798, 796, 800, 806, 802, 805, 805, - 801, 802, 803, 808, 809, 806, 804, 811, 813, 810, - 807, 809, 808, 803, 812, 807, 811, 814, 817, 816, - 819, 813, 812, 806, 820, 805, 815, 816, 818, 814, - - 808, 809, 810, 820, 811, 813, 810, 822, 815, 821, - 817, 812, 819, 825, 814, 817, 816, 819, 818, 822, - 823, 820, 824, 815, 826, 818, 827, 821, 824, 831, - 0, 0, 828, 832, 822, 825, 821, 829, 834, 833, - 825, 823, 832, 837, 835, 838, 836, 823, 842, 824, - 836, 834, 835, 838, 839, 826, 831, 827, 828, 828, - 832, 833, 839, 829, 829, 834, 833, 840, 840, 842, - 837, 835, 838, 843, 841, 842, 844, 836, 845, 846, - 847, 839, 841, 848, 844, 849, 845, 846, 847, 851, - 850, 849, 0, 853, 840, 852, 848, 856, 0, 854, - - 855, 841, 850, 844, 843, 845, 846, 847, 853, 862, - 848, 856, 849, 857, 858, 851, 851, 850, 866, 852, - 853, 854, 852, 855, 856, 859, 854, 855, 858, 859, - 861, 857, 863, 870, 868, 864, 862, 861, 865, 874, - 857, 858, 859, 868, 871, 865, 872, 876, 878, 866, - 859, 880, 859, 879, 863, 870, 859, 861, 864, 863, - 870, 868, 864, 880, 884, 865, 874, 883, 885, 859, - 871, 871, 878, 882, 876, 878, 884, 872, 880, 879, - 879, 881, 888, 881, 887, 886, 882, 888, 889, 883, - 890, 884, 886, 891, 883, 885, 892, 894, 0, 896, - - 882, 891, 0, 895, 889, 897, 894, 898, 881, 888, - 887, 887, 886, 890, 898, 889, 895, 890, 892, 900, - 891, 899, 901, 892, 894, 896, 896, 897, 899, 901, - 895, 902, 897, 903, 898, 904, 905, 900, 906, 916, - 907, 908, 0, 905, 909, 0, 900, 911, 899, 901, - 911, 912, 914, 907, 0, 903, 902, 913, 902, 914, - 903, 915, 918, 905, 915, 909, 904, 907, 908, 906, - 916, 909, 913, 917, 911, 919, 915, 912, 912, 914, - 918, 920, 921, 920, 913, 915, 922, 923, 915, 918, - 928, 915, 924, 927, 0, 917, 925, 919, 926, 931, - - 917, 924, 919, 915, 925, 926, 921, 929, 920, 921, - 930, 929, 952, 923, 923, 927, 932, 922, 933, 924, - 927, 928, 934, 925, 935, 926, 931, 933, 936, 934, - 938, 935, 930, 937, 929, 939, 0, 930, 932, 952, - 940, 936, 945, 932, 938, 933, 941, 940, 937, 934, - 942, 935, 943, 941, 947, 936, 946, 938, 943, 949, - 937, 953, 948, 942, 945, 948, 939, 940, 946, 945, - 949, 954, 956, 941, 947, 960, 955, 942, 959, 943, - 948, 947, 961, 946, 962, 953, 949, 955, 953, 948, - 956, 962, 948, 954, 957, 965, 959, 958, 954, 956, - - 958, 964, 957, 955, 963, 959, 960, 969, 965, 961, - 964, 962, 966, 973, 967, 958, 969, 968, 963, 968, - 970, 957, 965, 966, 958, 971, 0, 958, 964, 967, - 972, 963, 0, 0, 969, 973, 971, 974, 0, 966, - 973, 967, 975, 978, 968, 975, 970, 970, 972, 976, - 979, 974, 971, 980, 981, 982, 983, 972, 976, 979, - 975, 985, 982, 974, 974, 984, 989, 985, 992, 975, - 988, 0, 975, 0, 978, 981, 976, 979, 974, 984, - 989, 981, 982, 991, 980, 985, 990, 983, 985, 988, - 993, 991, 984, 989, 985, 990, 994, 988, 997, 992, - - 996, 993, 998, 0, 999, 994, 1000, 996, 1003, 1004, - 991, 1002, 1001, 990, 1006, 1002, 1010, 993, 0, 1005, - 1003, 997, 1007, 994, 998, 997, 999, 996, 1000, 998, - 1001, 999, 1005, 1000, 1006, 1003, 1004, 1007, 1002, 1001, - 1008, 1006, 1009, 1011, 1012, 1013, 1005, 1010, 1014, 1007, - 1009, 1016, 1015, 1012, 1019, 1008, 1018, 0, 1011, 0, - 1021, 1024, 1020, 1025, 0, 1023, 1013, 1008, 1022, 1009, - 1011, 1012, 1013, 1024, 1018, 1014, 1015, 1020, 1016, 1015, - 1023, 1019, 1021, 1018, 1026, 1025, 1022, 1021, 1024, 1020, - 1025, 1027, 1023, 1028, 1029, 1022, 1030, 1026, 1027, 1033, - - 0, 1031, 1026, 1034, 1032, 1028, 1033, 1031, 1035, 1036, - 1037, 1026, 1032, 1039, 1040, 1035, 1038, 1042, 1027, 1046, - 1028, 1029, 1044, 1043, 1026, 1047, 1033, 1030, 1031, 1048, - 1034, 1032, 1043, 0, 0, 1035, 1036, 1037, 1040, 1038, - 1045, 1040, 1045, 1038, 1039, 1052, 1046, 0, 1042, 0, - 1043, 1047, 1047, 1044, 1049, 1049, 1049, 1050, 1051, 1053, - 1048, 1049, 1054, 1056, 1050, 1051, 1053, 1045, 1055, 1049, - 1057, 1057, 1058, 1059, 1055, 1054, 1052, 1062, 1061, 1063, - 1059, 1049, 1049, 1049, 1050, 1051, 1053, 1064, 1049, 1054, - 1056, 1063, 1065, 1066, 1066, 1055, 1061, 1057, 1058, 1058, - - 1059, 1067, 1068, 1068, 1062, 1061, 1063, 1064, 1071, 1072, - 1065, 1069, 1074, 1075, 1064, 1076, 1073, 0, 1077, 1065, - 1066, 1082, 1069, 1073, 1079, 1078, 1080, 1067, 1067, 1068, - 1071, 1083, 1074, 1080, 1086, 1071, 1082, 0, 1069, 1074, - 1072, 1081, 1079, 1073, 1075, 1077, 1076, 1078, 1082, 1081, - 1084, 1079, 1078, 1080, 1087, 1083, 1085, 1085, 1083, 1084, - 1086, 1086, 1088, 1089, 1090, 1092, 1087, 1094, 1081, 1091, - 1088, 1097, 1095, 1096, 1098, 1089, 1099, 1084, 1095, 1093, - 1099, 1087, 1100, 1085, 1093, 1090, 1096, 1091, 1102, 1088, - 1089, 1090, 1092, 1104, 1094, 1093, 1091, 1101, 1101, 1095, - - 1096, 1098, 1097, 1102, 1103, 1105, 1093, 1099, 1104, 1108, - 1106, 1093, 1107, 1100, 1107, 1102, 1109, 1110, 1111, 0, - 1104, 1109, 1113, 1115, 1101, 1106, 1114, 1116, 1105, 1117, - 1118, 0, 1105, 1111, 1120, 1103, 1117, 1106, 1119, 1107, - 1108, 1121, 1123, 1109, 1128, 1111, 1113, 1125, 1110, 1113, - 1115, 1118, 1114, 1114, 1116, 1120, 1117, 1118, 1127, 1121, - 1119, 1120, 1125, 1129, 1123, 1119, 1130, 1131, 1121, 1123, - 1129, 1128, 1132, 1127, 1125, 1133, 1131, 1135, 1134, 1136, - 1132, 0, 1139, 1140, 1130, 1127, 1138, 1143, 1148, 1141, - 1129, 1139, 1136, 1130, 1131, 0, 1150, 1138, 1133, 1132, - - 1134, 1140, 1133, 1146, 1147, 1134, 1136, 1141, 1135, 1139, - 1140, 1149, 1138, 1138, 1143, 1146, 1141, 1147, 1151, 1148, - 1152, 1149, 1150, 1150, 1138, 1155, 1154, 0, 1156, 1158, - 1146, 1147, 1155, 1157, 1159, 1158, 1162, 1162, 1149, 0, - 0, 1164, 1160, 1151, 1161, 1151, 1154, 1152, 1164, 1159, - 1163, 1157, 1155, 1154, 1156, 1156, 1158, 1160, 1165, 1161, - 1157, 1159, 1163, 1162, 1167, 1165, 1169, 1168, 1164, 1160, - 1170, 1161, 1173, 1175, 1172, 1169, 1177, 1163, 1174, 1174, - 1178, 1176, 1180, 1181, 0, 1165, 1167, 1172, 1170, 1180, - 1182, 1167, 1168, 1169, 1168, 1175, 1183, 1170, 1177, 1173, - - 1175, 1172, 1178, 1177, 1179, 1174, 1176, 1178, 1176, 1180, - 1183, 1184, 1182, 1179, 1181, 1187, 1186, 1182, 1188, 1192, - 1189, 1190, 1191, 1183, 1186, 1195, 1194, 0, 1187, 1191, - 1184, 1179, 1193, 1190, 0, 1197, 0, 0, 1184, 1198, - 1195, 1199, 1187, 1186, 1214, 1188, 1189, 1189, 1190, 1191, - 1192, 1194, 1195, 1194, 1193, 1196, 1199, 1198, 1196, 1193, - 1197, 1201, 1197, 1204, 1202, 1205, 1198, 1206, 1199, 1308, - 0, 1214, 1205, 1196, 1208, 1210, 1216, 1204, 1206, 1213, - 1215, 1211, 1196, 1201, 1221, 1196, 1202, 1212, 1201, 1212, - 1204, 1202, 1205, 1211, 1206, 1208, 1210, 1213, 1215, 1218, - - 1308, 1208, 1210, 1216, 1217, 1219, 1213, 1215, 1211, 1220, - 1222, 1221, 1217, 1223, 1212, 1226, 1227, 1228, 0, 1229, - 1223, 1231, 1218, 1220, 1230, 1232, 1218, 1219, 1233, 1222, - 1231, 1217, 1219, 1235, 1227, 1235, 1220, 1222, 1238, 1230, - 1223, 1236, 1226, 1227, 1228, 1229, 1229, 1232, 1231, 1237, - 1238, 1230, 1232, 1237, 1242, 1233, 1239, 1240, 1241, 1243, - 1235, 1244, 0, 1236, 1247, 1238, 1240, 1245, 1236, 1241, - 1246, 1246, 1247, 1244, 1250, 1249, 1237, 1250, 1239, 1249, - 0, 1242, 1243, 1239, 1240, 1241, 1243, 1251, 1244, 1245, - 1252, 1247, 1253, 1254, 1245, 1251, 1252, 1246, 1256, 1254, - - 1257, 1250, 1249, 1259, 1258, 0, 1261, 1253, 1260, 1262, - 1263, 1264, 1265, 1266, 1251, 1267, 1259, 1252, 1258, 1253, - 1254, 1268, 1260, 1264, 1257, 1256, 1265, 1257, 1270, 1271, - 1259, 1258, 1261, 1261, 1275, 1260, 1262, 1263, 1264, 1265, - 1266, 1269, 1267, 1272, 1274, 1276, 1277, 1282, 1268, 1269, - 1278, 1272, 1280, 1276, 1279, 1270, 1271, 1283, 1286, 1278, - 1288, 1275, 0, 1281, 0, 1283, 1274, 1288, 1269, 1292, - 1272, 1274, 1276, 1277, 1282, 1279, 1280, 1278, 1281, 1280, - 1284, 1279, 1289, 1285, 1283, 1286, 1289, 1288, 1290, 1281, - 1281, 1285, 1284, 1291, 1293, 1294, 1292, 1295, 1295, 1296, - - 1290, 1297, 1293, 1298, 1300, 1281, 1300, 1284, 1302, 1289, - 1285, 1299, 1303, 1301, 1302, 1290, 1291, 1304, 1298, 1297, - 1291, 1293, 1294, 1305, 1295, 1296, 1296, 1301, 1297, 1304, - 1298, 1300, 1307, 1299, 1303, 1302, 1306, 1309, 1299, 1303, - 1301, 1305, 1311, 1313, 1304, 1307, 1314, 1315, 1316, 1311, - 1305, 0, 1321, 1318, 1306, 1324, 1316, 1323, 1319, 1307, - 1309, 1313, 1326, 1306, 1309, 1318, 0, 1321, 1328, 1311, - 1313, 1330, 1314, 1314, 1316, 1316, 1319, 1324, 1315, 1321, - 1318, 1323, 1324, 1316, 1323, 1319, 1325, 1329, 1331, 1326, - 1334, 1332, 0, 1325, 1333, 1328, 1336, 1330, 1330, 1338, - - 1329, 1337, 1333, 1331, 1332, 1339, 0, 1341, 1342, 1345, - 1350, 1344, 0, 1325, 1329, 1331, 1334, 1334, 1332, 1336, - 1341, 1333, 1340, 1336, 1346, 1337, 1338, 1339, 1337, 1340, - 1343, 1342, 1339, 1344, 1341, 1342, 1348, 1343, 1344, 1349, - 1345, 1350, 1352, 1351, 1360, 1346, 1355, 1348, 1356, 1340, - 1363, 1346, 1364, 1366, 1368, 1369, 0, 1343, 0, 1355, - 1374, 1349, 1351, 1348, 1372, 1370, 1349, 1352, 1374, 1352, - 1351, 1360, 1363, 1355, 1356, 1356, 1370, 1363, 1371, 1364, - 1366, 1369, 1369, 1371, 1375, 1368, 1372, 1374, 1376, 1378, - 1379, 1372, 1370, 1380, 0, 1383, 1381, 1385, 0, 1375, - - 1386, 1387, 1380, 1389, 1388, 1371, 1390, 1378, 1381, 1391, - 0, 1375, 0, 0, 1387, 1376, 1378, 1392, 1397, 1385, - 1380, 1379, 1383, 1381, 1385, 1386, 1388, 1386, 1387, 1393, - 1389, 1388, 1392, 1390, 1394, 1395, 1391, 1396, 1393, 1398, - 1397, 1399, 1400, 1403, 1392, 1397, 1398, 1401, 1401, 1394, - 1395, 1402, 1396, 0, 1405, 0, 1393, 1403, 1402, 1410, - 1400, 1394, 1395, 1408, 1396, 1409, 1398, 1405, 1399, 1400, - 1403, 1406, 1404, 1411, 1401, 1404, 1414, 1407, 1402, 1415, - 1406, 1405, 1407, 1414, 1416, 1408, 1410, 1409, 1415, 1416, - 1408, 1418, 1409, 1421, 1417, 1419, 1420, 1423, 1406, 1404, - - 1411, 1417, 1419, 1414, 1407, 1420, 1415, 1424, 1425, 1418, - 1431, 1416, 1432, 0, 1426, 0, 1476, 0, 1418, 1421, - 1421, 1417, 1419, 1420, 1423, 1424, 1426, 1427, 1425, 1428, - 1433, 1429, 1430, 1434, 1424, 1425, 1427, 1431, 1428, 1433, - 1430, 1426, 1429, 1432, 1435, 1434, 1436, 1476, 1437, 1444, - 1443, 1445, 1435, 1439, 1427, 1437, 1428, 1433, 1429, 1430, - 1434, 1439, 1442, 1445, 1447, 1448, 1452, 1451, 1436, 1442, - 1446, 1435, 1450, 1436, 1443, 1437, 1444, 1443, 1445, 1446, - 1439, 1453, 1455, 1457, 1450, 1458, 0, 1462, 1448, 1442, - 1451, 1447, 1448, 1452, 1451, 1453, 1456, 1446, 1463, 1450, - - 1464, 0, 1465, 1463, 1456, 1470, 1466, 1467, 1453, 1455, - 1457, 1468, 1458, 1462, 1462, 1467, 0, 1470, 1464, 1471, - 1472, 1474, 1475, 1456, 1465, 1463, 1478, 1464, 1466, 1465, - 1468, 1473, 1470, 1466, 1467, 1477, 1479, 1482, 1468, 1484, - 0, 1471, 1472, 1473, 1483, 0, 1471, 1472, 1474, 1475, - 1488, 1485, 1486, 1478, 1487, 1489, 1491, 1477, 1473, 0, - 0, 1484, 1477, 1479, 1486, 1492, 1484, 1483, 1482, 1485, - 1489, 1483, 1488, 1487, 1492, 1493, 1494, 1488, 1485, 1486, - 1491, 1487, 1489, 1491, 1496, 1499, 1495, 1497, 1500, 1493, - 1501, 1502, 1492, 1499, 1494, 1500, 1505, 1506, 1501, 1503, - - 1507, 1504, 1493, 1494, 1495, 1497, 1512, 1503, 0, 1518, - 1496, 1496, 1499, 1495, 1497, 1500, 1506, 1501, 1502, 1504, - 1509, 1510, 1507, 1505, 1506, 1514, 1503, 1507, 1504, 1512, - 1513, 0, 1516, 1512, 1521, 1510, 1518, 1514, 1509, 1522, - 1523, 1521, 1524, 1513, 1525, 1526, 1527, 1509, 1510, 1528, - 1529, 1530, 1514, 1534, 1535, 1527, 1531, 1513, 1516, 1516, - 0, 1521, 1528, 0, 1523, 1522, 1522, 1523, 1539, 1524, - 1541, 1525, 1526, 1527, 1534, 1540, 1528, 1541, 1530, 1531, - 1534, 1529, 1543, 1531, 1540, 1535, 1538, 1538, 1542, 1545, - 1539, 1544, 1546, 0, 1547, 1539, 1538, 1541, 1548, 1544, - - 1546, 1542, 1540, 1551, 1550, 1553, 1549, 0, 1545, 1543, - 1551, 1552, 1552, 1538, 1538, 1542, 1545, 1549, 1544, 1546, - 1547, 1547, 1554, 1553, 1548, 1548, 1550, 1555, 1557, 1554, - 1551, 1550, 1553, 1549, 1555, 1558, 1560, 1561, 1552, 1563, - 1564, 1565, 1562, 1567, 1566, 1560, 1571, 0, 1571, 1554, - 1575, 0, 1564, 1576, 1555, 1557, 1569, 1563, 1566, 1558, - 1570, 1567, 1558, 1560, 1561, 1562, 1563, 1564, 1565, 1562, - 1567, 1566, 1575, 1571, 1569, 1570, 1577, 1575, 1579, 1576, - 1576, 1580, 1581, 1569, 1582, 1583, 1584, 1570, 1585, 1581, - 1582, 1586, 0, 1586, 1577, 1584, 1587, 1591, 1589, 1580, - - 1579, 0, 1590, 1577, 1592, 1579, 1589, 1583, 1580, 1581, - 1593, 1582, 1583, 1584, 1590, 1594, 1596, 1597, 1586, 1585, - 1598, 1598, 1595, 1587, 1591, 1589, 1594, 1592, 1593, 1590, - 1595, 1592, 1599, 1600, 1602, 1596, 1603, 1593, 1605, 1597, - 1609, 1600, 1594, 1596, 1597, 1606, 1607, 1598, 1611, 1595, - 1607, 1610, 1606, 1611, 1612, 1613, 1615, 1617, 1603, 1599, - 1600, 1602, 1614, 1603, 1610, 1605, 1609, 1609, 1620, 1616, - 1614, 1615, 1606, 1607, 1622, 1611, 1616, 1618, 1610, 1619, - 1621, 1612, 1613, 1615, 1617, 1624, 1619, 1626, 1621, 1614, - 1620, 1627, 1618, 1623, 1623, 1620, 1616, 1629, 1630, 1627, - - 1631, 1632, 1633, 1623, 1618, 1622, 1619, 1621, 1634, 1635, - 1637, 1630, 1624, 1639, 1626, 1641, 1643, 1642, 1627, 1629, - 1623, 1623, 1631, 1644, 1629, 1630, 1645, 1631, 1632, 1633, - 1642, 1635, 1648, 1649, 1643, 1634, 1635, 1637, 1654, 1639, - 1639, 1650, 1641, 1643, 1642, 1652, 1653, 1654, 1645, 1658, - 1644, 1648, 0, 1645, 1662, 1655, 1657, 1661, 1663, 1648, - 1649, 1653, 1657, 1650, 1661, 1654, 1655, 1652, 1650, 1656, - 1656, 1658, 1652, 1653, 1668, 1664, 1658, 1670, 1672, 1656, - 1673, 1662, 1655, 1657, 1661, 1663, 1675, 1676, 1679, 1680, - 1681, 0, 1681, 1673, 1678, 1687, 1656, 1656, 1664, 1676, - - 1670, 1668, 1664, 1678, 1670, 1672, 1682, 1673, 1684, 1685, - 1690, 1692, 1686, 1675, 1676, 1679, 1680, 1681, 1682, 1683, - 1686, 1678, 1687, 1694, 1703, 1683, 1696, 1700, 1697, 1701, - 1684, 1685, 1703, 1682, 1704, 1684, 1685, 1690, 1692, 1686, - 1702, 1696, 1701, 1704, 1713, 1710, 1683, 1718, 1705, 1712, - 1694, 1703, 1713, 1696, 1697, 1697, 1701, 1711, 1700, 1705, - 1714, 1704, 1702, 1712, 1711, 1719, 1715, 1702, 1710, 1714, - 1717, 1713, 1710, 1720, 1718, 1705, 1712, 1715, 1716, 1721, - 1716, 1724, 1717, 1719, 1711, 1729, 1722, 1714, 1722, 1730, - 1723, 1725, 1719, 1715, 0, 1720, 1727, 1717, 1731, 1728, - - 1720, 1721, 1723, 0, 1725, 1716, 1721, 1728, 1727, 1739, - 1732, 1731, 1724, 1722, 1733, 1734, 1729, 1723, 1725, 1735, - 1730, 1736, 1733, 1727, 1732, 1731, 1728, 1735, 1734, 1737, - 1738, 1739, 1740, 1747, 1742, 1736, 1739, 1732, 1738, 1741, - 1743, 1733, 1734, 1737, 0, 0, 1735, 1741, 1736, 1744, - 1745, 1748, 0, 1749, 1740, 1746, 1737, 1738, 1752, 1740, - 1742, 1742, 1743, 1746, 1747, 0, 1741, 1743, 1756, 0, - 1760, 1744, 1745, 1749, 1754, 1750, 1744, 1745, 1748, 1751, - 1749, 1761, 1746, 1750, 1753, 1757, 1758, 1751, 1754, 1752, - 1756, 1759, 1753, 1757, 1758, 1756, 1760, 1760, 1763, 1762, - - 1765, 1754, 1750, 1761, 1764, 1759, 1751, 1762, 1761, 1766, - 1768, 1753, 1757, 1758, 1769, 1767, 1772, 0, 1759, 1770, - 1771, 0, 1765, 1767, 1763, 1763, 1762, 1765, 1771, 1766, - 1764, 1764, 1773, 1775, 1769, 1776, 1766, 1768, 1772, 1770, - 1773, 1769, 1767, 1772, 1777, 1778, 1770, 1771, 1779, 1783, - 1780, 1785, 1777, 1778, 1782, 1775, 1781, 1776, 1780, 1773, - 1775, 1786, 1776, 0, 1781, 1784, 1787, 1789, 1792, 1795, - 1796, 1777, 1778, 0, 1779, 1779, 1783, 1780, 1785, 1793, - 1782, 1782, 0, 1781, 0, 1784, 1787, 1793, 1786, 1789, - 1792, 1794, 1784, 1787, 1789, 1792, 1795, 1796, 0, 1794, - - 0, 0, 0, 0, 0, 0, 1793, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1794, 1800, - 1800, 1800, 1800, 1800, 1800, 1800, 1801, 1801, 1801, 1801, - 1801, 1801, 1801, 1802, 1802, 1802, 1802, 1802, 1802, 1802, - 1803, 1803, 1803, 1803, 1803, 1803, 1803, 1804, 1804, 1804, - 1804, 1804, 1804, 1804, 1806, 1806, 0, 1806, 1806, 1806, - 1806, 1807, 1807, 0, 0, 0, 1807, 1807, 1808, 1808, - 0, 0, 1808, 0, 1808, 1809, 0, 0, 0, 0, - 0, 1809, 1810, 1810, 0, 0, 0, 1810, 1810, 1811, - 0, 0, 0, 0, 0, 1811, 1812, 1812, 0, 1812, - - 1812, 1812, 1812, 1813, 1813, 0, 1813, 1813, 1813, 1813, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, 1799, - 1799, 1799, 1799, 1799, 1799, 1799 + 12, 12, 20, 23, 707, 19, 23, 29, 20, 11, + 23, 20, 20, 132, 21, 12, 132, 24, 83, 29, + 138, 21, 34, 83, 25, 28, 66, 11, 21, 20, + 23, 24, 25, 12, 29, 34, 11, 130, 130, 66, + 21, 21, 12, 24, 24, 83, 790, 28, 21, 34, + 25, 25, 28, 66, 30, 21, 22, 136, 24, 25, + + 22, 26, 30, 22, 26, 22, 22, 135, 30, 32, + 133, 26, 30, 26, 790, 32, 95, 37, 22, 37, + 30, 30, 31, 22, 26, 118, 31, 22, 26, 30, + 22, 26, 22, 22, 37, 30, 32, 35, 26, 30, + 26, 35, 31, 37, 37, 36, 37, 95, 31, 31, + 76, 35, 38, 31, 35, 36, 118, 38, 131, 36, + 36, 37, 129, 35, 35, 38, 68, 36, 35, 31, + 33, 75, 36, 76, 33, 137, 137, 76, 35, 38, + 33, 35, 36, 33, 38, 39, 36, 36, 62, 39, + 33, 80, 33, 39, 57, 75, 52, 33, 75, 51, + + 56, 33, 56, 56, 80, 56, 46, 33, 77, 41, + 33, 39, 39, 14, 144, 77, 39, 33, 80, 64, + 39, 64, 64, 67, 64, 67, 67, 69, 67, 69, + 69, 72, 69, 72, 72, 77, 72, 69, 78, 79, + 81, 72, 84, 82, 82, 144, 81, 86, 79, 89, + 84, 78, 82, 13, 91, 85, 64, 87, 89, 0, + 86, 81, 78, 88, 87, 78, 79, 81, 72, 84, + 82, 82, 85, 81, 86, 92, 89, 91, 78, 88, + 90, 91, 93, 0, 87, 0, 85, 0, 94, 90, + 88, 94, 96, 99, 97, 93, 99, 92, 100, 85, + + 96, 101, 92, 0, 94, 94, 98, 90, 107, 93, + 98, 100, 94, 103, 97, 94, 97, 107, 94, 96, + 99, 97, 102, 104, 101, 100, 0, 103, 101, 106, + 98, 94, 94, 98, 105, 107, 106, 98, 109, 108, + 103, 97, 102, 104, 112, 111, 0, 109, 105, 102, + 104, 110, 111, 113, 114, 110, 106, 115, 0, 116, + 113, 105, 108, 223, 119, 109, 108, 116, 114, 115, + 112, 112, 111, 110, 117, 154, 120, 122, 110, 119, + 113, 114, 110, 117, 115, 121, 116, 123, 122, 127, + 124, 119, 223, 123, 121, 126, 120, 125, 127, 128, + + 0, 117, 120, 120, 122, 0, 154, 0, 0, 142, + 126, 124, 121, 0, 123, 124, 127, 124, 0, 125, + 257, 128, 126, 120, 125, 134, 128, 134, 134, 139, + 134, 139, 139, 142, 139, 143, 142, 140, 124, 140, + 140, 145, 140, 147, 146, 149, 148, 257, 150, 151, + 0, 147, 149, 145, 151, 152, 159, 143, 148, 153, + 306, 306, 143, 146, 157, 160, 150, 155, 145, 0, + 147, 146, 149, 148, 140, 150, 158, 152, 159, 162, + 151, 151, 152, 159, 158, 153, 153, 160, 155, 306, + 157, 157, 160, 161, 0, 155, 163, 161, 164, 0, + + 165, 167, 162, 158, 166, 0, 162, 166, 168, 173, + 167, 164, 165, 0, 169, 155, 156, 171, 163, 166, + 161, 156, 0, 163, 171, 164, 156, 165, 167, 0, + 168, 166, 156, 156, 166, 168, 169, 170, 172, 156, + 173, 169, 170, 156, 171, 174, 176, 175, 156, 172, + 179, 0, 177, 156, 0, 178, 170, 175, 180, 156, + 156, 178, 181, 170, 170, 172, 182, 183, 185, 170, + 177, 174, 174, 189, 184, 187, 190, 176, 175, 177, + 180, 179, 178, 170, 175, 180, 191, 183, 184, 185, + 190, 186, 189, 181, 183, 185, 187, 182, 186, 188, + + 189, 184, 187, 190, 188, 192, 194, 193, 191, 197, + 195, 196, 196, 191, 193, 195, 198, 192, 186, 199, + 196, 200, 201, 198, 204, 205, 188, 202, 194, 206, + 203, 0, 192, 194, 193, 202, 0, 195, 196, 196, + 197, 200, 207, 198, 199, 203, 199, 205, 200, 209, + 204, 204, 211, 201, 202, 210, 205, 203, 208, 207, + 206, 212, 208, 210, 209, 214, 213, 207, 215, 207, + 217, 211, 216, 221, 205, 218, 209, 220, 0, 211, + 215, 216, 210, 217, 222, 208, 207, 219, 213, 219, + 224, 231, 212, 213, 218, 215, 214, 217, 221, 216, + + 221, 220, 218, 225, 220, 229, 233, 226, 227, 228, + 222, 222, 232, 230, 219, 234, 224, 224, 226, 236, + 227, 235, 231, 0, 0, 232, 0, 242, 229, 225, + 225, 230, 229, 228, 226, 227, 228, 233, 237, 232, + 230, 234, 234, 235, 238, 237, 239, 240, 235, 241, + 236, 242, 239, 238, 242, 243, 244, 245, 246, 248, + 0, 240, 247, 0, 243, 237, 245, 246, 249, 0, + 251, 238, 250, 239, 240, 241, 241, 247, 251, 244, + 252, 251, 243, 244, 245, 246, 255, 250, 251, 247, + 248, 258, 249, 261, 253, 249, 254, 251, 252, 250, + + 253, 255, 256, 256, 262, 251, 259, 252, 251, 259, + 254, 261, 260, 255, 263, 258, 259, 265, 258, 268, + 261, 253, 262, 254, 260, 264, 266, 256, 267, 256, + 256, 262, 270, 259, 268, 269, 259, 272, 266, 260, + 0, 263, 269, 265, 265, 0, 268, 264, 274, 271, + 267, 278, 264, 266, 276, 267, 271, 277, 273, 272, + 273, 274, 269, 270, 272, 0, 275, 280, 281, 275, + 0, 275, 276, 278, 280, 274, 271, 275, 278, 282, + 281, 276, 273, 279, 283, 273, 284, 273, 277, 286, + 0, 279, 282, 275, 280, 281, 275, 279, 275, 284, + + 283, 286, 293, 287, 290, 288, 282, 291, 283, 288, + 279, 283, 290, 284, 0, 0, 286, 289, 279, 291, + 294, 287, 0, 289, 294, 292, 0, 283, 285, 285, + 287, 290, 292, 293, 291, 297, 288, 296, 285, 295, + 285, 285, 285, 299, 289, 285, 295, 294, 298, 296, + 302, 300, 292, 285, 303, 285, 285, 297, 300, 304, + 298, 301, 297, 302, 296, 285, 295, 285, 285, 285, + 304, 305, 285, 307, 299, 298, 301, 302, 300, 308, + 307, 309, 310, 0, 312, 303, 304, 311, 301, 315, + 308, 318, 309, 305, 313, 310, 314, 316, 305, 319, + + 307, 317, 315, 321, 0, 314, 308, 312, 309, 310, + 316, 312, 311, 318, 311, 316, 315, 313, 318, 317, + 320, 313, 319, 314, 316, 322, 319, 323, 317, 325, + 324, 322, 326, 327, 321, 328, 330, 316, 320, 329, + 0, 331, 0, 333, 332, 351, 335, 320, 323, 328, + 332, 325, 322, 324, 323, 327, 325, 324, 326, 326, + 327, 333, 328, 334, 331, 329, 329, 330, 331, 335, + 333, 332, 336, 335, 337, 338, 351, 339, 334, 341, + 342, 338, 344, 0, 345, 348, 342, 348, 0, 343, + 334, 345, 355, 0, 348, 346, 337, 353, 336, 336, + + 344, 337, 338, 339, 339, 341, 341, 342, 343, 344, + 346, 345, 348, 349, 348, 350, 343, 352, 354, 353, + 349, 356, 346, 355, 353, 0, 357, 358, 350, 360, + 0, 357, 359, 358, 0, 352, 361, 354, 362, 363, + 349, 360, 350, 356, 352, 354, 0, 363, 383, 362, + 365, 0, 356, 357, 358, 359, 360, 365, 361, 359, + 366, 367, 0, 361, 368, 362, 363, 369, 366, 383, + 356, 364, 367, 368, 370, 383, 364, 365, 364, 0, + 371, 370, 372, 0, 372, 373, 364, 366, 367, 364, + 374, 369, 376, 375, 369, 368, 364, 364, 364, 0, + + 368, 370, 374, 364, 376, 364, 371, 371, 375, 372, + 377, 373, 373, 364, 379, 380, 364, 374, 377, 376, + 375, 378, 381, 364, 385, 386, 378, 382, 387, 0, + 381, 388, 389, 380, 390, 391, 379, 377, 393, 382, + 388, 379, 380, 387, 395, 392, 389, 385, 378, 381, + 394, 385, 396, 390, 382, 387, 386, 398, 388, 389, + 392, 390, 391, 397, 396, 394, 402, 399, 395, 393, + 399, 395, 392, 401, 403, 404, 400, 394, 399, 396, + 400, 398, 405, 406, 398, 397, 407, 401, 410, 408, + 397, 409, 412, 402, 399, 408, 410, 399, 411, 413, + + 401, 403, 414, 416, 415, 417, 404, 400, 0, 405, + 406, 415, 425, 409, 421, 410, 408, 407, 409, 420, + 418, 411, 413, 412, 414, 411, 413, 417, 420, 414, + 419, 415, 417, 418, 416, 419, 422, 423, 424, 419, + 421, 421, 426, 425, 427, 422, 420, 418, 429, 0, + 428, 424, 430, 431, 419, 435, 432, 419, 0, 423, + 426, 436, 419, 422, 423, 424, 419, 431, 427, 426, + 429, 427, 428, 428, 430, 429, 433, 428, 432, 430, + 431, 434, 436, 432, 439, 437, 435, 433, 436, 438, + 442, 440, 441, 443, 444, 446, 434, 447, 0, 428, + + 440, 447, 445, 433, 450, 441, 439, 0, 434, 437, + 448, 439, 437, 438, 0, 443, 438, 446, 440, 441, + 443, 442, 446, 452, 448, 444, 445, 449, 447, 445, + 451, 453, 454, 458, 455, 450, 454, 448, 452, 457, + 459, 449, 458, 456, 460, 462, 0, 452, 451, 459, + 452, 456, 460, 453, 449, 461, 463, 451, 453, 455, + 458, 455, 461, 454, 457, 452, 457, 459, 462, 464, + 456, 460, 462, 471, 463, 465, 467, 466, 468, 469, + 0, 464, 461, 463, 465, 466, 470, 469, 467, 472, + 475, 473, 474, 479, 470, 0, 464, 476, 0, 471, + + 471, 475, 465, 467, 466, 476, 469, 473, 477, 468, + 478, 480, 472, 470, 474, 479, 472, 475, 473, 474, + 479, 481, 477, 482, 476, 483, 484, 486, 0, 485, + 478, 480, 490, 487, 483, 477, 488, 478, 480, 495, + 486, 489, 0, 481, 493, 482, 484, 485, 481, 492, + 482, 487, 483, 484, 486, 490, 485, 492, 488, 490, + 487, 491, 493, 488, 497, 489, 496, 491, 489, 499, + 495, 493, 500, 496, 498, 492, 492, 502, 499, 501, + 503, 0, 503, 506, 492, 516, 502, 497, 491, 498, + 509, 497, 513, 496, 0, 506, 499, 515, 501, 518, + + 509, 498, 512, 500, 502, 514, 501, 503, 504, 519, + 506, 0, 504, 513, 521, 504, 516, 509, 519, 513, + 512, 518, 504, 515, 515, 504, 518, 0, 514, 512, + 504, 520, 514, 520, 522, 504, 519, 541, 521, 504, + 523, 521, 504, 0, 0, 0, 524, 0, 526, 504, + 525, 530, 504, 517, 517, 0, 517, 0, 520, 517, + 523, 522, 525, 527, 517, 528, 529, 523, 541, 0, + 517, 517, 524, 524, 526, 526, 530, 525, 530, 517, + 517, 517, 535, 517, 534, 527, 517, 531, 529, 528, + 527, 517, 528, 529, 532, 531, 533, 517, 517, 540, + + 536, 532, 537, 534, 533, 542, 539, 538, 535, 535, + 0, 534, 536, 543, 531, 537, 538, 544, 0, 551, + 545, 532, 546, 533, 0, 554, 540, 536, 539, 537, + 548, 0, 552, 539, 538, 549, 542, 543, 544, 545, + 543, 546, 547, 557, 544, 550, 551, 545, 553, 546, + 552, 547, 548, 550, 561, 549, 554, 548, 555, 552, + 558, 557, 549, 560, 559, 562, 555, 553, 563, 547, + 557, 563, 550, 566, 564, 553, 560, 562, 558, 566, + 561, 561, 564, 567, 0, 555, 580, 558, 559, 569, + 560, 559, 562, 568, 572, 563, 569, 570, 564, 568, + + 566, 564, 570, 573, 571, 567, 574, 576, 577, 564, + 567, 571, 572, 580, 575, 574, 569, 579, 583, 578, + 568, 572, 575, 577, 570, 576, 573, 582, 584, 581, + 573, 571, 578, 574, 576, 577, 581, 585, 579, 586, + 582, 575, 587, 588, 579, 589, 578, 586, 590, 583, + 591, 589, 592, 593, 582, 595, 581, 587, 597, 584, + 585, 596, 593, 594, 585, 588, 586, 599, 596, 587, + 588, 600, 589, 598, 590, 590, 592, 594, 601, 592, + 593, 591, 598, 600, 602, 597, 595, 607, 596, 604, + 594, 0, 602, 603, 599, 608, 603, 605, 600, 613, + + 598, 601, 604, 609, 605, 601, 0, 610, 0, 610, + 614, 602, 611, 607, 607, 609, 604, 612, 608, 615, + 603, 613, 608, 614, 605, 606, 613, 606, 616, 612, + 609, 606, 615, 606, 610, 611, 617, 614, 606, 611, + 618, 621, 619, 606, 612, 624, 615, 621, 617, 606, + 618, 616, 606, 620, 606, 616, 625, 623, 606, 622, + 606, 0, 618, 617, 619, 606, 620, 618, 621, 619, + 606, 628, 622, 627, 630, 632, 624, 618, 623, 636, + 620, 631, 629, 625, 623, 639, 622, 626, 627, 630, + 634, 633, 626, 628, 626, 629, 635, 632, 628, 637, + + 627, 630, 632, 634, 635, 626, 636, 631, 631, 629, + 633, 640, 626, 626, 626, 642, 639, 634, 633, 626, + 641, 626, 637, 635, 643, 645, 637, 644, 641, 642, + 646, 0, 626, 645, 647, 640, 649, 650, 640, 626, + 648, 655, 642, 651, 649, 647, 0, 641, 646, 644, + 651, 0, 645, 652, 644, 643, 654, 646, 648, 650, + 657, 647, 653, 649, 650, 659, 652, 648, 657, 653, + 651, 660, 655, 658, 654, 661, 663, 659, 664, 662, + 652, 665, 658, 654, 671, 0, 669, 657, 668, 653, + 669, 0, 659, 660, 663, 666, 676, 661, 660, 668, + + 658, 662, 661, 663, 664, 664, 662, 670, 671, 666, + 670, 671, 665, 672, 673, 668, 674, 669, 675, 684, + 676, 673, 666, 676, 677, 675, 672, 678, 674, 681, + 677, 679, 0, 670, 670, 680, 682, 670, 678, 683, + 672, 673, 0, 674, 687, 675, 684, 682, 0, 685, + 681, 677, 686, 679, 678, 688, 681, 680, 679, 692, + 683, 686, 680, 682, 688, 689, 683, 685, 687, 691, + 690, 687, 693, 689, 697, 696, 685, 690, 694, 686, + 699, 700, 688, 691, 696, 701, 703, 698, 0, 0, + 692, 0, 689, 0, 693, 699, 691, 690, 697, 693, + + 694, 697, 696, 698, 706, 694, 702, 699, 705, 704, + 709, 708, 700, 703, 698, 710, 701, 704, 702, 706, + 708, 705, 711, 710, 711, 717, 713, 715, 709, 716, + 718, 706, 717, 702, 713, 705, 704, 709, 708, 719, + 715, 716, 710, 0, 720, 721, 722, 723, 727, 711, + 0, 725, 717, 713, 715, 724, 716, 726, 730, 722, + 723, 718, 733, 725, 728, 726, 720, 721, 727, 0, + 719, 720, 721, 722, 723, 727, 728, 724, 725, 729, + 731, 732, 724, 733, 726, 730, 735, 729, 734, 733, + 732, 728, 736, 731, 739, 734, 737, 738, 742, 741, + + 740, 0, 0, 743, 762, 0, 729, 731, 732, 740, + 738, 743, 735, 735, 736, 734, 737, 741, 739, 736, + 742, 739, 744, 737, 738, 742, 741, 740, 745, 747, + 743, 749, 748, 750, 751, 762, 745, 752, 753, 754, + 0, 750, 755, 749, 744, 756, 751, 754, 755, 744, + 748, 758, 747, 753, 756, 745, 747, 752, 749, 748, + 750, 751, 757, 758, 752, 753, 754, 759, 760, 755, + 765, 763, 756, 764, 759, 767, 768, 765, 758, 766, + 768, 0, 771, 757, 763, 769, 760, 773, 774, 757, + 767, 770, 764, 769, 759, 760, 772, 765, 763, 775, + + 764, 766, 767, 777, 770, 773, 766, 768, 771, 771, + 772, 776, 769, 778, 773, 779, 780, 781, 770, 774, + 783, 777, 784, 772, 782, 775, 775, 785, 786, 783, + 777, 0, 0, 776, 780, 778, 787, 782, 776, 781, + 778, 779, 779, 780, 781, 791, 0, 783, 0, 796, + 786, 782, 789, 784, 793, 786, 794, 795, 785, 787, + 0, 791, 805, 787, 788, 807, 795, 796, 794, 788, + 797, 788, 791, 788, 797, 788, 796, 793, 789, 789, + 798, 793, 788, 794, 795, 800, 799, 802, 803, 805, + 801, 788, 807, 798, 799, 809, 788, 803, 788, 806, + + 788, 797, 788, 801, 800, 802, 804, 798, 804, 810, + 811, 806, 800, 799, 802, 803, 812, 801, 811, 809, + 813, 814, 809, 815, 816, 817, 806, 813, 818, 0, + 816, 810, 819, 804, 820, 818, 810, 811, 821, 827, + 822, 824, 828, 812, 825, 815, 830, 813, 814, 823, + 815, 816, 817, 820, 819, 818, 829, 831, 823, 819, + 821, 820, 824, 833, 825, 821, 822, 822, 824, 834, + 827, 825, 832, 828, 835, 831, 823, 830, 829, 833, + 832, 835, 836, 829, 831, 838, 840, 837, 841, 836, + 833, 837, 839, 840, 843, 842, 834, 848, 839, 832, + + 844, 835, 846, 841, 842, 839, 845, 844, 845, 836, + 847, 846, 850, 840, 837, 841, 838, 854, 856, 839, + 843, 843, 842, 852, 848, 839, 849, 844, 855, 846, + 849, 852, 847, 845, 850, 854, 853, 847, 857, 850, + 853, 858, 0, 856, 854, 856, 859, 855, 860, 861, + 852, 857, 863, 849, 865, 855, 864, 861, 862, 862, + 869, 863, 0, 865, 860, 857, 867, 853, 869, 859, + 866, 868, 858, 859, 872, 860, 861, 866, 864, 863, + 868, 865, 871, 864, 870, 862, 872, 869, 873, 867, + 875, 877, 879, 867, 874, 871, 876, 866, 868, 870, + + 873, 872, 874, 881, 883, 878, 884, 885, 880, 871, + 879, 870, 875, 877, 878, 873, 876, 875, 877, 879, + 880, 874, 882, 876, 881, 886, 883, 887, 882, 889, + 881, 883, 878, 891, 890, 880, 892, 884, 885, 894, + 895, 896, 891, 897, 895, 896, 893, 894, 903, 882, + 897, 886, 886, 887, 887, 0, 889, 890, 892, 893, + 891, 890, 902, 892, 900, 900, 894, 898, 899, 901, + 897, 895, 896, 893, 904, 898, 899, 901, 905, 903, + 906, 909, 904, 902, 907, 908, 905, 909, 906, 902, + 910, 900, 907, 911, 898, 899, 901, 912, 908, 913, + + 914, 904, 910, 915, 917, 905, 916, 906, 909, 919, + 918, 907, 908, 923, 913, 922, 925, 910, 917, 911, + 911, 912, 922, 919, 912, 915, 913, 914, 918, 916, + 915, 917, 928, 916, 920, 924, 919, 918, 920, 925, + 923, 926, 922, 925, 930, 927, 934, 932, 0, 933, + 926, 920, 927, 930, 936, 938, 939, 924, 943, 920, + 941, 920, 924, 928, 942, 920, 945, 939, 926, 932, + 943, 930, 927, 946, 932, 933, 933, 934, 920, 945, + 947, 936, 938, 939, 941, 943, 944, 941, 944, 948, + 942, 942, 947, 945, 949, 946, 950, 951, 952, 0, + + 946, 949, 951, 953, 954, 955, 957, 947, 958, 0, + 960, 964, 954, 944, 952, 959, 948, 958, 961, 0, + 0, 949, 950, 950, 951, 952, 953, 955, 959, 964, + 953, 954, 955, 957, 962, 958, 960, 960, 964, 963, + 961, 962, 959, 965, 966, 961, 963, 969, 968, 970, + 965, 967, 0, 0, 969, 972, 973, 974, 0, 977, + 975, 962, 977, 978, 982, 974, 963, 0, 972, 966, + 965, 966, 983, 967, 969, 985, 979, 987, 967, 968, + 970, 975, 972, 973, 974, 980, 977, 975, 984, 978, + 978, 979, 980, 981, 983, 982, 981, 985, 986, 983, + + 986, 987, 985, 979, 987, 988, 984, 989, 981, 0, + 990, 992, 980, 991, 993, 984, 995, 981, 992, 990, + 981, 991, 994, 981, 996, 986, 997, 998, 996, 1003, + 999, 1006, 1000, 989, 989, 981, 988, 990, 992, 1001, + 991, 1000, 1003, 1002, 994, 993, 1001, 995, 997, 994, + 1002, 996, 999, 997, 998, 1005, 1003, 999, 1004, 1000, + 1007, 1008, 1006, 1009, 1012, 1010, 1001, 1007, 1008, 1005, + 1002, 1010, 1013, 1004, 1014, 1015, 1009, 1021, 1016, 1021, + 1022, 1016, 1005, 1030, 1024, 1004, 1014, 1007, 1008, 1017, + 1009, 1012, 1010, 1023, 1013, 1015, 1016, 1026, 1019, 1013, + + 1017, 1014, 1015, 1019, 1021, 1016, 1024, 1022, 1016, 1029, + 1019, 1024, 1025, 1027, 1030, 1026, 1017, 1023, 1031, 1028, + 1023, 1027, 1028, 1025, 1026, 1019, 1032, 1029, 1033, 1034, + 1019, 1035, 1036, 1032, 1041, 1037, 1029, 1028, 1034, 1025, + 1027, 1049, 1033, 1036, 1035, 1031, 1028, 0, 1040, 1028, + 1037, 1043, 1039, 1032, 1039, 1033, 1034, 1040, 1035, 1036, + 1041, 1041, 1037, 1042, 1044, 1052, 1045, 1046, 1047, 1043, + 1046, 0, 1049, 1050, 1042, 1040, 1051, 1047, 1043, 1039, + 1045, 1053, 1050, 1055, 0, 1046, 1044, 1065, 0, 0, + 1042, 1044, 1045, 1045, 1046, 1047, 1052, 1046, 1051, 1054, + + 1050, 1056, 1053, 1051, 1060, 1057, 1054, 1045, 1053, 1062, + 1063, 1057, 1060, 1064, 1055, 1056, 1061, 1069, 1065, 1063, + 1071, 1064, 1066, 1062, 1069, 1067, 1054, 1070, 1056, 1057, + 1074, 1060, 1057, 1066, 1067, 1061, 1062, 1063, 1057, 1072, + 1064, 1073, 1071, 1061, 1069, 1078, 1077, 1071, 1074, 1066, + 1070, 1075, 1067, 1084, 1070, 1075, 1079, 1074, 1077, 1080, + 1081, 1072, 1082, 1073, 1087, 1085, 1072, 1086, 1073, 1079, + 1088, 1089, 1078, 1077, 1083, 1081, 1086, 1082, 1075, 1080, + 1085, 1090, 1083, 1079, 1084, 1087, 1080, 1081, 1092, 1082, + 1094, 1087, 1085, 1093, 1086, 1089, 1096, 1088, 1089, 1095, + + 1099, 1083, 1100, 1097, 1098, 1104, 1102, 1105, 1090, 0, + 1092, 1093, 1099, 1102, 1095, 1092, 1103, 1094, 1096, 1098, + 1093, 1097, 1101, 1096, 1100, 1109, 1095, 1099, 1103, 1100, + 1097, 1098, 1104, 1102, 1108, 1101, 1106, 1107, 1105, 1110, + 1101, 1108, 1106, 1103, 1111, 1107, 1110, 1112, 1113, 1101, + 1114, 1115, 1109, 1112, 1116, 1118, 1119, 1120, 1121, 1124, + 1121, 1108, 1101, 1106, 1107, 1119, 1110, 1122, 0, 1123, + 1128, 1111, 1126, 1114, 1112, 1113, 1131, 1114, 1116, 1126, + 1127, 1116, 1115, 1119, 1133, 1121, 1118, 1127, 1120, 1131, + 1124, 1125, 1125, 1125, 1122, 1123, 1123, 1129, 1125, 1126, + + 1135, 1128, 1132, 1131, 1129, 1136, 1125, 1127, 1132, 1134, + 1134, 1133, 1136, 1138, 1139, 1141, 1137, 1142, 1125, 1125, + 1125, 1137, 1143, 1152, 1129, 1125, 1135, 1135, 1144, 1132, + 1146, 1146, 1136, 1141, 1143, 1145, 1134, 1147, 1151, 1138, + 1138, 1139, 1141, 1137, 1142, 1148, 1148, 1149, 1144, 1143, + 1154, 1155, 1153, 1145, 1152, 1144, 1156, 1146, 1149, 1153, + 1151, 1157, 1145, 1147, 1147, 1151, 1159, 1158, 1160, 0, + 1154, 1162, 1148, 1161, 1149, 1160, 1164, 1154, 1163, 1153, + 1166, 1161, 1155, 1179, 1159, 1164, 1162, 1156, 1157, 1158, + 1165, 1165, 1167, 1159, 1158, 1160, 1169, 1170, 1162, 1173, + + 1161, 1168, 1163, 1164, 1167, 1163, 1166, 1166, 1169, 1168, + 1171, 1172, 1175, 1180, 1179, 1182, 1174, 1165, 1178, 1167, + 1170, 1174, 1177, 1169, 1170, 1178, 1173, 1176, 1168, 1172, + 1181, 1171, 1174, 1176, 1181, 1177, 1184, 1171, 1172, 1175, + 1180, 1183, 1183, 1174, 1185, 1178, 1182, 1186, 1174, 1177, + 1187, 1184, 1188, 1189, 1176, 1189, 1190, 1192, 1195, 1191, + 0, 1181, 1186, 1184, 1191, 1196, 1193, 1188, 1183, 1197, + 1198, 1199, 1201, 1187, 1186, 1185, 1207, 1187, 1199, 1188, + 1189, 1193, 1195, 1200, 1202, 1195, 1191, 1190, 1192, 1203, + 1205, 1196, 1196, 1193, 1201, 1211, 1197, 1198, 1199, 1201, + + 1207, 1213, 1212, 1207, 1200, 1202, 1208, 1203, 1210, 1212, + 1200, 1202, 1205, 1216, 1219, 1214, 1203, 1205, 1215, 1213, + 1218, 1208, 1211, 1210, 1214, 1217, 1215, 1219, 1213, 1212, + 1222, 0, 1221, 1208, 1226, 1210, 1216, 1223, 1224, 1222, + 1216, 1219, 1214, 1221, 1232, 1215, 0, 1217, 0, 1228, + 1230, 1218, 1217, 1231, 1235, 1223, 1224, 1222, 1221, 1221, + 1228, 1226, 1230, 1233, 1223, 1224, 1231, 1234, 1236, 1238, + 1221, 1239, 1243, 1233, 1240, 1232, 1228, 1230, 1239, 1235, + 1231, 1235, 1242, 0, 1241, 1246, 1246, 1243, 1242, 1238, + 1233, 1244, 1245, 1234, 1234, 1236, 1238, 1248, 1239, 1243, + + 1240, 1240, 1241, 1247, 1248, 1251, 1244, 1245, 1252, 1242, + 1249, 1241, 1246, 1253, 1254, 1247, 0, 1249, 1244, 1245, + 1257, 1259, 1253, 1255, 1248, 1260, 1268, 1251, 1261, 1261, + 1247, 1262, 1251, 1252, 1259, 1252, 1254, 1249, 1257, 1263, + 1253, 1254, 1266, 1255, 1271, 1264, 1265, 1257, 1259, 1267, + 1255, 1266, 1260, 1262, 1279, 1261, 1267, 1268, 1262, 1269, + 1270, 1275, 1273, 1271, 1263, 1274, 1263, 1264, 1265, 1266, + 1273, 1271, 1264, 1265, 1270, 1276, 1267, 1278, 1274, 1277, + 0, 1269, 1281, 1280, 1278, 1279, 1269, 1270, 1275, 1273, + 1284, 1277, 1274, 1282, 1283, 1285, 1286, 1283, 1287, 0, + + 0, 1276, 1276, 0, 1278, 1280, 1277, 1281, 1282, 1281, + 1280, 1289, 1283, 1287, 1286, 1284, 1292, 1284, 1290, 1293, + 1282, 1283, 1285, 1286, 1283, 1287, 1293, 1294, 1295, 1297, + 1292, 1299, 1300, 1289, 1303, 1301, 1294, 1301, 1289, 1295, + 1290, 1305, 1302, 1292, 1300, 1290, 1293, 1304, 1307, 1306, + 1297, 1308, 1299, 1309, 1294, 1295, 1297, 1306, 1299, 1300, + 1302, 1303, 1301, 1311, 1315, 1304, 1310, 1309, 1305, 1302, + 1310, 1307, 1312, 1308, 1304, 1307, 1306, 1316, 1308, 1312, + 1309, 1317, 1311, 1318, 1320, 1319, 1321, 0, 1323, 0, + 1311, 1315, 1322, 1320, 1325, 1316, 1325, 1310, 1326, 1312, + + 1319, 1327, 1329, 1332, 1316, 1327, 1328, 1330, 1317, 1318, + 1318, 1320, 1319, 1333, 1322, 1323, 1330, 1321, 1328, 1322, + 1326, 1325, 1335, 1334, 1329, 1326, 1331, 1344, 1327, 1329, + 1332, 1336, 1336, 1328, 1330, 1334, 1333, 1331, 1337, 1339, + 1333, 1340, 1344, 1347, 1335, 1340, 1337, 1339, 1341, 1335, + 1334, 1341, 1342, 1331, 1344, 1343, 1345, 1348, 1336, 1349, + 1342, 1343, 1345, 1350, 1351, 1337, 1339, 1352, 1340, 1353, + 1347, 1354, 1357, 1349, 1356, 1341, 1350, 1355, 1351, 1342, + 1358, 1348, 1343, 1345, 1348, 1359, 1349, 1360, 1356, 1355, + 1350, 1351, 1361, 1352, 1352, 1360, 1353, 1362, 1354, 1357, + + 1363, 1356, 1364, 1365, 1355, 1368, 1362, 1358, 1369, 1367, + 1370, 1365, 1359, 1371, 1360, 1373, 1369, 1372, 1375, 1361, + 1376, 1377, 1371, 1379, 1362, 0, 1374, 1363, 1376, 1364, + 1365, 1367, 1368, 1377, 1383, 1369, 1367, 1370, 1372, 1373, + 1371, 1374, 1373, 1378, 1372, 1375, 1383, 1376, 1377, 1381, + 1379, 1378, 1374, 1374, 1382, 1384, 1381, 1385, 1382, 1386, + 1387, 1383, 1388, 1388, 1389, 1390, 0, 1386, 1374, 1396, + 1378, 1393, 1394, 1392, 1394, 1396, 1381, 1403, 1384, 1397, + 1395, 1382, 1384, 1390, 1385, 1399, 1386, 1387, 1392, 1388, + 1389, 1389, 1390, 1393, 1395, 1398, 1396, 1399, 1393, 1394, + + 1392, 1397, 1400, 1401, 1404, 1402, 1397, 1395, 1403, 1406, + 1408, 1410, 1399, 1409, 0, 0, 1406, 1398, 1402, 1417, + 1400, 1401, 1398, 1414, 0, 1411, 1415, 1404, 1408, 1400, + 1401, 1404, 1402, 1411, 1417, 1414, 1406, 1408, 1419, 1409, + 1409, 1412, 1410, 1412, 1415, 1420, 1417, 1421, 1412, 1422, + 1414, 1411, 1411, 1415, 1421, 1423, 1425, 1433, 1426, 1435, + 1411, 1427, 1419, 1428, 1422, 1419, 1429, 1420, 1412, 1430, + 1412, 1426, 1420, 1431, 1421, 1436, 1422, 1430, 1428, 1429, + 1433, 1434, 1423, 1425, 1433, 1426, 1435, 1427, 1427, 1443, + 1428, 1437, 1440, 1429, 1438, 1442, 1430, 1436, 1437, 1431, + + 1431, 1438, 1436, 1439, 1441, 1434, 1444, 1447, 1434, 1448, + 1450, 1441, 1446, 1468, 1458, 1440, 1439, 1442, 1437, 1440, + 1443, 1438, 1442, 1446, 1449, 1453, 1463, 1444, 1454, 1447, + 1439, 1441, 1464, 1444, 1447, 1450, 1460, 1450, 1453, 1446, + 1448, 1458, 1466, 1449, 1468, 1460, 1469, 1470, 1463, 1472, + 1476, 1449, 1453, 1463, 1454, 1454, 1471, 1474, 1470, 1464, + 1475, 1471, 1478, 1460, 1479, 1474, 1481, 1483, 0, 1466, + 1480, 1472, 1469, 1469, 1470, 1475, 1472, 1476, 1481, 1480, + 1478, 1485, 1486, 1471, 1474, 1487, 1489, 1475, 1488, 1478, + 1490, 1491, 1493, 1481, 1483, 1479, 1492, 1480, 1487, 1494, + + 1498, 1493, 0, 1485, 0, 1495, 1496, 1486, 1485, 1486, + 1488, 1492, 1487, 1489, 1497, 1488, 1500, 1490, 1491, 1493, + 1495, 1496, 1498, 1492, 1499, 1494, 1494, 1498, 1501, 1497, + 1503, 1499, 1495, 1496, 1502, 1502, 1504, 1503, 1507, 1505, + 1506, 1497, 1505, 1500, 1508, 1509, 1501, 1510, 1511, 1513, + 1504, 1499, 1510, 1506, 1509, 1501, 1512, 1503, 1514, 0, + 1515, 1502, 1508, 1504, 1507, 1507, 1505, 1506, 1519, 1527, + 1511, 1508, 1509, 1518, 1510, 1511, 1513, 1519, 1512, 1520, + 1518, 1521, 1524, 1512, 1520, 1514, 1515, 1515, 1521, 1522, + 1523, 1524, 1525, 1528, 1529, 1519, 1527, 1523, 1531, 1536, + + 1518, 1534, 1530, 1529, 1532, 1533, 1520, 1522, 1521, 1524, + 1531, 1528, 1534, 1532, 1533, 1535, 1522, 1523, 1525, 1525, + 1528, 1529, 1530, 1535, 1537, 1531, 1536, 1538, 1534, 1530, + 1540, 1532, 1533, 1539, 1541, 1544, 1538, 1542, 1540, 1545, + 0, 1548, 1535, 1549, 1542, 1539, 1550, 1545, 1548, 1552, + 1553, 1551, 1554, 1544, 1538, 1537, 1541, 1540, 1552, 1556, + 1539, 1541, 1544, 1551, 1542, 1557, 1545, 1549, 1548, 1558, + 1549, 1556, 1561, 1550, 1562, 1554, 1552, 1553, 1551, 1554, + 1559, 1563, 1562, 1564, 0, 1568, 1556, 1571, 1557, 1570, + 1569, 1572, 1557, 1573, 1559, 1569, 1558, 1577, 1574, 1561, + + 1575, 1562, 1581, 1570, 1578, 1571, 1574, 1559, 1563, 1577, + 1564, 1568, 1568, 1572, 1571, 1573, 1570, 1569, 1572, 1575, + 1573, 1579, 1580, 1582, 1577, 1574, 1578, 1575, 0, 1581, + 1585, 1578, 1583, 1584, 1580, 1586, 1587, 1588, 1592, 1591, + 0, 0, 0, 1579, 1593, 0, 1594, 1595, 1579, 1580, + 1582, 1642, 1583, 1591, 1598, 1584, 1597, 1586, 1596, 1583, + 1584, 1585, 1586, 1587, 1588, 1595, 1591, 1593, 1594, 1592, + 1596, 1593, 1599, 1594, 1595, 1597, 1598, 1601, 1602, 1603, + 1604, 1598, 1642, 1597, 1605, 1596, 1607, 1599, 1603, 1610, + 1606, 1608, 1613, 0, 1604, 0, 1611, 1610, 1616, 1599, + + 1602, 1601, 1605, 1611, 1601, 1602, 1603, 1604, 1606, 1608, + 1617, 1605, 1607, 1607, 1612, 1615, 1610, 1606, 1608, 1613, + 1614, 1616, 1612, 1611, 1618, 1616, 1619, 1621, 1614, 1624, + 1622, 0, 1628, 1615, 1626, 1630, 1625, 1617, 1634, 1635, + 0, 1612, 1615, 1618, 1622, 1621, 1626, 1614, 1619, 1625, + 1636, 1618, 1624, 1619, 1621, 1637, 1624, 1622, 1628, 1628, + 1633, 1626, 1630, 1625, 1634, 1634, 1635, 1633, 1638, 1639, + 1640, 1641, 1643, 1649, 1636, 1650, 1647, 1636, 1644, 1640, + 1647, 1648, 1637, 0, 1641, 1648, 1659, 1633, 1653, 1655, + 0, 1658, 1654, 1654, 1649, 1638, 1639, 1640, 1641, 1643, + + 1649, 1644, 1654, 1656, 1658, 1644, 1650, 1647, 1648, 1660, + 1653, 1655, 1656, 1659, 1657, 1653, 1655, 1660, 1658, 1654, + 1654, 1657, 1663, 1661, 1662, 0, 1664, 0, 1665, 1666, + 1656, 1668, 1662, 1669, 1669, 1667, 1660, 1671, 1668, 1672, + 1666, 1657, 1661, 1670, 1671, 1674, 1672, 1675, 1663, 1663, + 1661, 1662, 1664, 1664, 1665, 1665, 1666, 1667, 1668, 1676, + 1669, 1670, 1667, 1679, 1671, 1680, 1672, 1678, 1682, 1681, + 1670, 1675, 1674, 1683, 1675, 1684, 1678, 1683, 1688, 1685, + 1682, 1676, 1687, 1690, 1704, 1690, 1676, 1681, 1680, 1684, + 1679, 1694, 1680, 1688, 1678, 1682, 1681, 1685, 1695, 1696, + + 1687, 1698, 1684, 1701, 1683, 1688, 1685, 0, 1699, 1687, + 1690, 1699, 1703, 1694, 1702, 1704, 1705, 1696, 1694, 1703, + 1706, 1708, 1705, 1698, 1695, 1695, 1696, 1707, 1698, 1709, + 1701, 1709, 1702, 1710, 1699, 1699, 1707, 1712, 1699, 1703, + 1714, 1702, 1706, 1705, 1718, 1712, 1713, 1706, 1715, 1716, + 1717, 1719, 1708, 0, 1707, 1718, 1709, 1721, 1713, 1719, + 1710, 1720, 1715, 1723, 1712, 1722, 1722, 1714, 1717, 1726, + 1727, 1718, 1716, 1713, 1724, 1715, 1716, 1717, 1719, 1721, + 1720, 1728, 1724, 1730, 1721, 1732, 1731, 1733, 1720, 1732, + 1723, 1735, 1722, 1731, 1736, 1733, 1726, 1727, 1738, 1737, + + 1739, 1724, 1742, 1728, 1737, 1741, 1743, 1736, 1728, 1742, + 1730, 1740, 1732, 1731, 1733, 1744, 1747, 1735, 1735, 1740, + 1741, 1736, 1745, 1748, 1750, 1738, 1737, 1739, 1749, 1742, + 1748, 1747, 1741, 1743, 1752, 1754, 1751, 1756, 1740, 1744, + 1759, 1761, 1744, 1747, 1751, 1757, 1750, 1760, 1745, 1745, + 1748, 1750, 1749, 1757, 1761, 1749, 1753, 1753, 1762, 1763, + 1764, 1765, 1754, 1751, 1756, 1752, 1753, 1759, 1761, 1760, + 1766, 1768, 1757, 1771, 1760, 1773, 1774, 1776, 1777, 1782, + 1762, 0, 0, 1753, 1753, 1762, 1763, 1764, 1765, 1774, + 1778, 1781, 1766, 1783, 1775, 1776, 1788, 1766, 1768, 1771, + + 1771, 1775, 1773, 1774, 1776, 1777, 1782, 1785, 1787, 1786, + 1781, 1788, 1778, 1789, 1785, 1783, 1786, 1778, 1781, 1790, + 1783, 1775, 1791, 1788, 1799, 1793, 1794, 1800, 1790, 1805, + 1787, 1793, 1789, 1791, 1785, 1787, 1786, 1792, 1792, 1801, + 1789, 1809, 0, 1797, 1807, 1811, 1790, 1792, 1794, 1791, + 1797, 1799, 1793, 1794, 1800, 1813, 1805, 1817, 1811, 1818, + 1810, 1814, 1801, 1819, 1792, 1792, 1801, 1807, 1809, 1810, + 1797, 1807, 1811, 1814, 1816, 1817, 1820, 1821, 1822, 1823, + 1822, 1828, 1813, 1816, 1817, 1818, 1818, 1810, 1814, 1824, + 1819, 1823, 1825, 1826, 1827, 1824, 1831, 1833, 1836, 1821, + + 1835, 1816, 1827, 1820, 1821, 1822, 1823, 1838, 1828, 1839, + 1841, 1845, 0, 0, 1825, 1826, 1824, 1840, 1835, 1825, + 1826, 1827, 1838, 1831, 1833, 1836, 1844, 1835, 1846, 1840, + 1847, 1848, 1850, 1856, 1838, 1839, 1839, 1841, 1849, 1848, + 1854, 1846, 1845, 1850, 1840, 0, 0, 1849, 1868, 1858, + 1844, 0, 1847, 1844, 1857, 1846, 1856, 1847, 1848, 1850, + 1856, 1857, 1858, 1860, 1854, 1849, 1861, 1854, 1865, 1862, + 1865, 1867, 1864, 1863, 1866, 1868, 1858, 1862, 1867, 1860, + 1861, 1857, 1863, 1864, 1869, 1870, 1866, 1871, 1872, 1876, + 1860, 1873, 1874, 1861, 1874, 1865, 1862, 1875, 1867, 1864, + + 1863, 1866, 1869, 1877, 1878, 1880, 1884, 1885, 0, 1875, + 1872, 1869, 1870, 1873, 1871, 1872, 1877, 1880, 1873, 1874, + 1876, 1883, 1886, 1890, 1875, 1887, 1888, 0, 1892, 1883, + 1877, 1878, 1880, 1891, 1888, 1886, 1890, 1884, 1885, 1887, + 1893, 1891, 1892, 1894, 1895, 1903, 1896, 1899, 1883, 1886, + 1890, 1894, 1887, 1888, 1893, 1892, 1897, 0, 1898, 1900, + 1891, 1904, 1905, 1908, 1897, 1901, 1895, 1893, 1896, 1899, + 1894, 1895, 1902, 1896, 1899, 1912, 1903, 1910, 0, 1924, + 1902, 1900, 1905, 1897, 1898, 1898, 1900, 1901, 1904, 1905, + 1906, 1910, 1901, 1907, 1908, 1909, 1915, 1912, 1906, 1902, + + 1913, 1907, 1912, 1909, 1910, 1914, 1924, 1916, 1913, 1917, + 1915, 1918, 0, 1914, 1919, 0, 1920, 1906, 0, 1918, + 1907, 1923, 1909, 1915, 1921, 1922, 0, 1913, 0, 1923, + 1925, 1917, 1914, 1916, 1916, 1926, 1917, 1928, 1918, 1927, + 1919, 1919, 1920, 1920, 0, 1922, 1921, 1927, 1923, 1931, + 1925, 1921, 1922, 1929, 1939, 1926, 1932, 1925, 1935, 1928, + 1933, 1929, 1926, 1938, 1928, 1934, 1927, 1936, 1933, 1937, + 1941, 1931, 0, 1934, 1942, 1936, 1931, 1937, 1932, 1940, + 1929, 1939, 1943, 1932, 1935, 1935, 1945, 1933, 1948, 1938, + 1938, 1951, 1934, 1952, 1936, 1949, 1937, 1941, 0, 1940, + + 0, 1942, 1943, 1949, 1950, 0, 1940, 0, 1945, 1943, + 1948, 0, 1950, 1945, 0, 1948, 0, 0, 1951, 0, + 1952, 0, 1949, 0, 0, 0, 0, 0, 0, 0, + 0, 1950, 1956, 1956, 1956, 1956, 1956, 1956, 1956, 1957, + 1957, 1957, 1957, 1957, 1957, 1957, 1958, 1958, 1958, 1958, + 1958, 1958, 1958, 1959, 1959, 1959, 1959, 1959, 1959, 1959, + 1960, 1960, 1960, 1960, 1960, 1960, 1960, 1962, 1962, 0, + 1962, 1962, 1962, 1962, 1963, 1963, 0, 0, 0, 1963, + 1963, 1964, 1964, 0, 0, 1964, 0, 1964, 1965, 0, + 0, 0, 0, 0, 1965, 1966, 1966, 0, 0, 0, + + 1966, 1966, 1967, 0, 0, 0, 0, 0, 1967, 1968, + 1968, 0, 1968, 1968, 1968, 1968, 1969, 1969, 0, 1969, + 1969, 1969, 1969, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, + 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955, 1955 } ; static yy_state_type yy_last_accepting_state; @@ -2220,6 +2373,12 @@ * See LICENSE for the license. * */ + +/* because flex keeps having sign-unsigned compare problems that are unfixed*/ +#if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + #include #include #include @@ -2388,7 +2547,7 @@ #endif #define YY_NO_INPUT 1 -#line 181 "util/configlexer.lex" +#line 187 "util/configlexer.lex" #ifndef YY_NO_UNPUT #define YY_NO_UNPUT 1 #endif @@ -2396,7 +2555,7 @@ #define YY_NO_INPUT 1 #endif -#line 2398 "" +#line 2557 "" #define INITIAL 0 #define quotedstring 1 @@ -2434,11 +2593,11 @@ FILE *yyget_in (void ); -void yyset_in (FILE * in_str ); +void yyset_in (FILE * _in_str ); FILE *yyget_out (void ); -void yyset_out (FILE * out_str ); +void yyset_out (FILE * _out_str ); yy_size_t yyget_leng (void ); @@ -2446,7 +2605,7 @@ int yyget_lineno (void ); -void yyset_lineno (int line_number ); +void yyset_lineno (int _line_number ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -2460,6 +2619,10 @@ #endif #endif +#ifndef YY_NO_UNPUT + +#endif + #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif @@ -2480,7 +2643,12 @@ /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k */ +#define YY_READ_BUF_SIZE 16384 +#else #define YY_READ_BUF_SIZE 8192 +#endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ @@ -2567,7 +2735,7 @@ /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif #define YY_RULE_SETUP \ @@ -2577,9 +2745,9 @@ */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; if ( !(yy_init) ) { @@ -2608,11 +2776,11 @@ } { -#line 201 "util/configlexer.lex" +#line 207 "util/configlexer.lex" -#line 2612 "" +#line 2780 "" - while ( 1 ) /* loops until end-of-file is reached */ + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { (yy_more_len) = 0; if ( (yy_more_flag) ) @@ -2634,7 +2802,7 @@ yy_match: do { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; + YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; @@ -2643,13 +2811,13 @@ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1800 ) + if ( yy_current_state >= 1956 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 5211 ); + while ( yy_base[yy_current_state] != 5624 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -2675,839 +2843,929 @@ case 1: YY_RULE_SETUP -#line 202 "util/configlexer.lex" +#line 208 "util/configlexer.lex" { LEXOUT(("SP ")); /* ignore */ } YY_BREAK case 2: YY_RULE_SETUP -#line 204 "util/configlexer.lex" +#line 210 "util/configlexer.lex" { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } YY_BREAK case 3: YY_RULE_SETUP -#line 207 "util/configlexer.lex" +#line 213 "util/configlexer.lex" { YDVAR(0, VAR_SERVER) } YY_BREAK case 4: YY_RULE_SETUP -#line 208 "util/configlexer.lex" +#line 214 "util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION) } YY_BREAK case 5: YY_RULE_SETUP -#line 209 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_THREADS) } +#line 215 "util/configlexer.lex" +{ YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } YY_BREAK case 6: YY_RULE_SETUP -#line 210 "util/configlexer.lex" -{ YDVAR(1, VAR_VERBOSITY) } +#line 216 "util/configlexer.lex" +{ YDVAR(1, VAR_NUM_THREADS) } YY_BREAK case 7: YY_RULE_SETUP -#line 211 "util/configlexer.lex" -{ YDVAR(1, VAR_PORT) } +#line 217 "util/configlexer.lex" +{ YDVAR(1, VAR_VERBOSITY) } YY_BREAK case 8: YY_RULE_SETUP -#line 212 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_RANGE) } +#line 218 "util/configlexer.lex" +{ YDVAR(1, VAR_PORT) } YY_BREAK case 9: YY_RULE_SETUP -#line 213 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } +#line 219 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_RANGE) } YY_BREAK case 10: YY_RULE_SETUP -#line 214 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_PORT_AVOID) } +#line 220 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } YY_BREAK case 11: YY_RULE_SETUP -#line 215 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_NUM_TCP) } +#line 221 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_PORT_AVOID) } YY_BREAK case 12: YY_RULE_SETUP -#line 216 "util/configlexer.lex" -{ YDVAR(1, VAR_INCOMING_NUM_TCP) } +#line 222 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_NUM_TCP) } YY_BREAK case 13: YY_RULE_SETUP -#line 217 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_IP4) } +#line 223 "util/configlexer.lex" +{ YDVAR(1, VAR_INCOMING_NUM_TCP) } YY_BREAK case 14: YY_RULE_SETUP -#line 218 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_IP6) } +#line 224 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_IP4) } YY_BREAK case 15: YY_RULE_SETUP -#line 219 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_UDP) } +#line 225 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_IP6) } YY_BREAK case 16: YY_RULE_SETUP -#line 220 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_TCP) } +#line 226 "util/configlexer.lex" +{ YDVAR(1, VAR_PREFER_IP6) } YY_BREAK case 17: YY_RULE_SETUP -#line 221 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_UPSTREAM) } +#line 227 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_UDP) } YY_BREAK case 18: YY_RULE_SETUP -#line 222 "util/configlexer.lex" -{ YDVAR(1, VAR_TCP_MSS) } +#line 228 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_TCP) } YY_BREAK case 19: YY_RULE_SETUP -#line 223 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } +#line 229 "util/configlexer.lex" +{ YDVAR(1, VAR_TCP_UPSTREAM) } YY_BREAK case 20: YY_RULE_SETUP -#line 224 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_UPSTREAM) } +#line 230 "util/configlexer.lex" +{ YDVAR(1, VAR_TCP_MSS) } YY_BREAK case 21: YY_RULE_SETUP -#line 225 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_KEY) } +#line 231 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_TCP_MSS) } YY_BREAK case 22: YY_RULE_SETUP -#line 226 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } +#line 232 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 23: YY_RULE_SETUP -#line 227 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } +#line 233 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 24: YY_RULE_SETUP -#line 228 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } +#line 234 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 25: YY_RULE_SETUP -#line 229 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +#line 235 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 26: YY_RULE_SETUP -#line 230 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +#line 236 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 27: YY_RULE_SETUP -#line 231 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } +#line 237 "util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 28: YY_RULE_SETUP -#line 232 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } +#line 238 "util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 29: YY_RULE_SETUP -#line 233 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } +#line 239 "util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 30: YY_RULE_SETUP -#line 234 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } +#line 240 "util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 31: YY_RULE_SETUP -#line 235 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } +#line 241 "util/configlexer.lex" +{ YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 32: YY_RULE_SETUP -#line 236 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } +#line 242 "util/configlexer.lex" +{ YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 33: YY_RULE_SETUP -#line 237 "util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } +#line 243 "util/configlexer.lex" +{ YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 34: YY_RULE_SETUP -#line 238 "util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } +#line 244 "util/configlexer.lex" +{ YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK case 35: YY_RULE_SETUP -#line 239 "util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } +#line 245 "util/configlexer.lex" +{ YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK case 36: YY_RULE_SETUP -#line 240 "util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } +#line 246 "util/configlexer.lex" +{ YDVAR(1, VAR_CHROOT) } YY_BREAK case 37: YY_RULE_SETUP -#line 241 "util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } +#line 247 "util/configlexer.lex" +{ YDVAR(1, VAR_USERNAME) } YY_BREAK case 38: YY_RULE_SETUP -#line 242 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } +#line 248 "util/configlexer.lex" +{ YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 39: YY_RULE_SETUP -#line 243 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } +#line 249 "util/configlexer.lex" +{ YDVAR(1, VAR_LOGFILE) } YY_BREAK case 40: YY_RULE_SETUP -#line 244 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } +#line 250 "util/configlexer.lex" +{ YDVAR(1, VAR_PIDFILE) } YY_BREAK case 41: YY_RULE_SETUP -#line 245 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } +#line 251 "util/configlexer.lex" +{ YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 42: YY_RULE_SETUP -#line 246 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } +#line 252 "util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 43: YY_RULE_SETUP -#line 247 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } +#line 253 "util/configlexer.lex" +{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 44: YY_RULE_SETUP -#line 248 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } +#line 254 "util/configlexer.lex" +{ YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 45: YY_RULE_SETUP -#line 249 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } +#line 255 "util/configlexer.lex" +{ YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 46: YY_RULE_SETUP -#line 250 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } +#line 256 "util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 47: YY_RULE_SETUP -#line 251 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } +#line 257 "util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 48: YY_RULE_SETUP -#line 252 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } +#line 258 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 49: YY_RULE_SETUP -#line 253 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } +#line 259 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK case 50: YY_RULE_SETUP -#line 254 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } +#line 260 "util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 51: YY_RULE_SETUP -#line 255 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } +#line 261 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 52: YY_RULE_SETUP -#line 256 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +#line 262 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 53: YY_RULE_SETUP -#line 257 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +#line 263 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 54: YY_RULE_SETUP -#line 258 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } +#line 264 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 55: YY_RULE_SETUP -#line 259 "util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } +#line 265 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 56: YY_RULE_SETUP -#line 260 "util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } +#line 266 "util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK case 57: YY_RULE_SETUP -#line 261 "util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } +#line 267 "util/configlexer.lex" +{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 58: YY_RULE_SETUP -#line 262 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } +#line 268 "util/configlexer.lex" +{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 59: YY_RULE_SETUP -#line 263 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } +#line 269 "util/configlexer.lex" +{ YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 60: YY_RULE_SETUP -#line 264 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } +#line 270 "util/configlexer.lex" +{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 61: YY_RULE_SETUP -#line 265 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } +#line 271 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 62: YY_RULE_SETUP -#line 266 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } +#line 272 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 63: YY_RULE_SETUP -#line 267 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +#line 273 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 64: YY_RULE_SETUP -#line 268 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +#line 274 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 65: YY_RULE_SETUP -#line 269 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } +#line 275 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 66: YY_RULE_SETUP -#line 270 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +#line 276 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 67: YY_RULE_SETUP -#line 271 "util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } +#line 277 "util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK case 68: YY_RULE_SETUP -#line 272 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } +#line 278 "util/configlexer.lex" +{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 69: YY_RULE_SETUP -#line 273 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } +#line 279 "util/configlexer.lex" +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 70: YY_RULE_SETUP -#line 274 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } +#line 280 "util/configlexer.lex" +{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 71: YY_RULE_SETUP -#line 275 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } +#line 281 "util/configlexer.lex" +{ YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 72: YY_RULE_SETUP -#line 276 "util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } +#line 282 "util/configlexer.lex" +{ YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 73: YY_RULE_SETUP -#line 277 "util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } +#line 283 "util/configlexer.lex" +{ YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 74: YY_RULE_SETUP -#line 278 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } +#line 284 "util/configlexer.lex" +{ YDVAR(1, VAR_PREFETCH) } YY_BREAK case 75: YY_RULE_SETUP -#line 279 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } +#line 285 "util/configlexer.lex" +{ YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 76: YY_RULE_SETUP -#line 280 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } +#line 286 "util/configlexer.lex" +{ YDVAR(1, VAR_NAME) } YY_BREAK case 77: YY_RULE_SETUP -#line 281 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } +#line 287 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 78: YY_RULE_SETUP -#line 282 "util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } +#line 288 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 79: YY_RULE_SETUP -#line 283 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } +#line 289 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 80: YY_RULE_SETUP -#line 284 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } +#line 290 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 81: YY_RULE_SETUP -#line 285 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } +#line 291 "util/configlexer.lex" +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 82: YY_RULE_SETUP -#line 286 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } +#line 292 "util/configlexer.lex" +{ YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 83: YY_RULE_SETUP -#line 287 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } +#line 293 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 84: YY_RULE_SETUP -#line 288 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } +#line 294 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 85: YY_RULE_SETUP -#line 289 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +#line 295 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 86: YY_RULE_SETUP -#line 290 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +#line 296 "util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 87: YY_RULE_SETUP -#line 291 "util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +#line 297 "util/configlexer.lex" +{ YDVAR(0, VAR_VIEW) } YY_BREAK case 88: YY_RULE_SETUP -#line 292 "util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +#line 298 "util/configlexer.lex" +{ YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK case 89: YY_RULE_SETUP -#line 293 "util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +#line 299 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 90: YY_RULE_SETUP -#line 294 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +#line 300 "util/configlexer.lex" +{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 91: YY_RULE_SETUP -#line 295 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +#line 301 "util/configlexer.lex" +{ YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 92: YY_RULE_SETUP -#line 296 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +#line 302 "util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 93: YY_RULE_SETUP -#line 297 "util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +#line 303 "util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 94: YY_RULE_SETUP -#line 298 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +#line 304 "util/configlexer.lex" +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK case 95: YY_RULE_SETUP -#line 299 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +#line 305 "util/configlexer.lex" +{ YDVAR(1, VAR_VERSION) } YY_BREAK case 96: YY_RULE_SETUP -#line 300 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +#line 306 "util/configlexer.lex" +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 97: YY_RULE_SETUP -#line 301 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +#line 307 "util/configlexer.lex" +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 98: YY_RULE_SETUP -#line 302 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +#line 308 "util/configlexer.lex" +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 99: YY_RULE_SETUP -#line 303 "util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +#line 309 "util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 100: YY_RULE_SETUP -#line 304 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +#line 310 "util/configlexer.lex" +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 101: YY_RULE_SETUP -#line 305 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +#line 311 "util/configlexer.lex" +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 102: YY_RULE_SETUP -#line 306 "util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +#line 312 "util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 103: YY_RULE_SETUP -#line 307 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +#line 313 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 104: YY_RULE_SETUP -#line 308 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +#line 314 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 105: YY_RULE_SETUP -#line 309 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +#line 315 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 106: YY_RULE_SETUP -#line 310 "util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +#line 316 "util/configlexer.lex" +{ YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 107: YY_RULE_SETUP -#line 311 "util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +#line 317 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 108: YY_RULE_SETUP -#line 313 "util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } +#line 318 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 109: YY_RULE_SETUP -#line 314 "util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } +#line 319 "util/configlexer.lex" +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 110: YY_RULE_SETUP -#line 315 "util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } +#line 320 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 111: YY_RULE_SETUP -#line 316 "util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } +#line 321 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 112: YY_RULE_SETUP -#line 317 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } +#line 322 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 113: YY_RULE_SETUP -#line 318 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } +#line 323 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 114: YY_RULE_SETUP -#line 319 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } +#line 324 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 115: YY_RULE_SETUP -#line 320 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } +#line 325 "util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 116: YY_RULE_SETUP -#line 321 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } +#line 326 "util/configlexer.lex" +{ + YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 117: YY_RULE_SETUP -#line 322 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } +#line 328 "util/configlexer.lex" +{ YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 118: YY_RULE_SETUP -#line 323 "util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } +#line 329 "util/configlexer.lex" +{ YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 119: YY_RULE_SETUP -#line 324 "util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } +#line 330 "util/configlexer.lex" +{ YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 120: YY_RULE_SETUP -#line 325 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +#line 331 "util/configlexer.lex" +{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 121: YY_RULE_SETUP -#line 326 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +#line 332 "util/configlexer.lex" +{ YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 122: YY_RULE_SETUP -#line 327 "util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +#line 333 "util/configlexer.lex" +{ YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 123: YY_RULE_SETUP -#line 328 "util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } +#line 334 "util/configlexer.lex" +{ YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 124: YY_RULE_SETUP -#line 329 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } +#line 335 "util/configlexer.lex" +{ YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 125: YY_RULE_SETUP -#line 330 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +#line 336 "util/configlexer.lex" +{ YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 126: YY_RULE_SETUP -#line 331 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } +#line 337 "util/configlexer.lex" +{ YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 127: YY_RULE_SETUP -#line 332 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } +#line 338 "util/configlexer.lex" +{ YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 128: YY_RULE_SETUP -#line 333 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +#line 339 "util/configlexer.lex" +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 129: YY_RULE_SETUP -#line 334 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +#line 340 "util/configlexer.lex" +{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 130: YY_RULE_SETUP -#line 335 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +#line 341 "util/configlexer.lex" +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 131: YY_RULE_SETUP -#line 336 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +#line 342 "util/configlexer.lex" +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 132: YY_RULE_SETUP -#line 337 "util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +#line 343 "util/configlexer.lex" +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 133: YY_RULE_SETUP -#line 338 "util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } +#line 344 "util/configlexer.lex" +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 134: YY_RULE_SETUP -#line 339 "util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +#line 345 "util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 135: YY_RULE_SETUP -#line 340 "util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +#line 346 "util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 136: YY_RULE_SETUP -#line 341 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +#line 347 "util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 137: YY_RULE_SETUP -#line 342 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +#line 348 "util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 138: YY_RULE_SETUP -#line 343 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } +#line 349 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 139: YY_RULE_SETUP -#line 344 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } +#line 350 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 140: YY_RULE_SETUP -#line 345 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } +#line 351 "util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 141: YY_RULE_SETUP -#line 346 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } +#line 352 "util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 142: YY_RULE_SETUP -#line 347 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +#line 353 "util/configlexer.lex" +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 143: YY_RULE_SETUP -#line 348 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } +#line 354 "util/configlexer.lex" +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 144: YY_RULE_SETUP -#line 349 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } +#line 355 "util/configlexer.lex" +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 145: YY_RULE_SETUP -#line 350 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } +#line 356 "util/configlexer.lex" +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 146: YY_RULE_SETUP -#line 351 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } +#line 357 "util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 147: YY_RULE_SETUP -#line 352 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } +#line 358 "util/configlexer.lex" +{ YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 148: YY_RULE_SETUP -#line 354 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } +#line 359 "util/configlexer.lex" +{ YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 149: YY_RULE_SETUP -#line 356 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } +#line 360 "util/configlexer.lex" +{ YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 150: YY_RULE_SETUP -#line 358 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } +#line 361 "util/configlexer.lex" +{ YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 151: YY_RULE_SETUP -#line 360 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } +#line 362 "util/configlexer.lex" +{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 152: YY_RULE_SETUP -#line 362 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +#line 363 "util/configlexer.lex" +{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 153: YY_RULE_SETUP #line 364 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 154: YY_RULE_SETUP #line 365 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 155: YY_RULE_SETUP #line 366 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } +{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 156: YY_RULE_SETUP #line 367 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK case 157: YY_RULE_SETUP #line 368 "util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +{ YDVAR(0, VAR_DNSTAP) } YY_BREAK case 158: YY_RULE_SETUP #line 369 "util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } +{ YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK case 159: -/* rule 159 can match eol */ YY_RULE_SETUP #line 370 "util/configlexer.lex" -{ LEXOUT(("NL\n")); cfg_parser->line++; } +{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK -/* Quoted strings. Strip leading and ending quotes */ case 160: YY_RULE_SETUP +#line 371 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } + YY_BREAK +case 161: +YY_RULE_SETUP +#line 372 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } + YY_BREAK +case 162: +YY_RULE_SETUP #line 373 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IDENTITY) } + YY_BREAK +case 163: +YY_RULE_SETUP +#line 374 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_VERSION) } + YY_BREAK +case 164: +YY_RULE_SETUP +#line 375 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } + YY_BREAK +case 165: +YY_RULE_SETUP +#line 377 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } + YY_BREAK +case 166: +YY_RULE_SETUP +#line 379 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } + YY_BREAK +case 167: +YY_RULE_SETUP +#line 381 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } + YY_BREAK +case 168: +YY_RULE_SETUP +#line 383 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } + YY_BREAK +case 169: +YY_RULE_SETUP +#line 385 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } + YY_BREAK +case 170: +YY_RULE_SETUP +#line 387 "util/configlexer.lex" +{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } + YY_BREAK +case 171: +YY_RULE_SETUP +#line 388 "util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT) } + YY_BREAK +case 172: +YY_RULE_SETUP +#line 389 "util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT_SLABS) } + YY_BREAK +case 173: +YY_RULE_SETUP +#line 390 "util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT_SIZE) } + YY_BREAK +case 174: +YY_RULE_SETUP +#line 391 "util/configlexer.lex" +{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } + YY_BREAK +case 175: +YY_RULE_SETUP +#line 392 "util/configlexer.lex" +{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } + YY_BREAK +case 176: +YY_RULE_SETUP +#line 393 "util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT_FACTOR) } + YY_BREAK +case 177: +/* rule 177 can match eol */ +YY_RULE_SETUP +#line 394 "util/configlexer.lex" +{ LEXOUT(("NL\n")); cfg_parser->line++; } + YY_BREAK +/* Quoted strings. Strip leading and ending quotes */ +case 178: +YY_RULE_SETUP +#line 397 "util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 374 "util/configlexer.lex" +#line 398 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 161: +case 179: YY_RULE_SETUP -#line 379 "util/configlexer.lex" +#line 403 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 162: -/* rule 162 can match eol */ +case 180: +/* rule 180 can match eol */ YY_RULE_SETUP -#line 380 "util/configlexer.lex" +#line 404 "util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 163: +case 181: YY_RULE_SETUP -#line 382 "util/configlexer.lex" +#line 406 "util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -3520,34 +3778,34 @@ } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 164: +case 182: YY_RULE_SETUP -#line 394 "util/configlexer.lex" +#line 418 "util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 395 "util/configlexer.lex" +#line 419 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 165: +case 183: YY_RULE_SETUP -#line 400 "util/configlexer.lex" +#line 424 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 166: -/* rule 166 can match eol */ +case 184: +/* rule 184 can match eol */ YY_RULE_SETUP -#line 401 "util/configlexer.lex" +#line 425 "util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 167: +case 185: YY_RULE_SETUP -#line 403 "util/configlexer.lex" +#line 427 "util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -3560,38 +3818,38 @@ } YY_BREAK /* include: directive */ -case 168: +case 186: YY_RULE_SETUP -#line 415 "util/configlexer.lex" +#line 439 "util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 417 "util/configlexer.lex" +#line 441 "util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 169: +case 187: YY_RULE_SETUP -#line 421 "util/configlexer.lex" +#line 445 "util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 170: -/* rule 170 can match eol */ +case 188: +/* rule 188 can match eol */ YY_RULE_SETUP -#line 422 "util/configlexer.lex" +#line 446 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 171: +case 189: YY_RULE_SETUP -#line 423 "util/configlexer.lex" +#line 447 "util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 172: +case 190: YY_RULE_SETUP -#line 424 "util/configlexer.lex" +#line 448 "util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext); @@ -3599,27 +3857,27 @@ } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 429 "util/configlexer.lex" +#line 453 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 173: +case 191: YY_RULE_SETUP -#line 433 "util/configlexer.lex" +#line 457 "util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 174: -/* rule 174 can match eol */ +case 192: +/* rule 192 can match eol */ YY_RULE_SETUP -#line 434 "util/configlexer.lex" +#line 458 "util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 175: +case 193: YY_RULE_SETUP -#line 436 "util/configlexer.lex" +#line 460 "util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -3629,7 +3887,7 @@ YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 442 "util/configlexer.lex" +#line 466 "util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -3641,33 +3899,33 @@ } } YY_BREAK -case 176: +case 194: YY_RULE_SETUP -#line 453 "util/configlexer.lex" +#line 477 "util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 177: +case 195: YY_RULE_SETUP -#line 457 "util/configlexer.lex" +#line 481 "util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 178: +case 196: YY_RULE_SETUP -#line 461 "util/configlexer.lex" +#line 485 "util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 179: +case 197: YY_RULE_SETUP -#line 465 "util/configlexer.lex" +#line 489 "util/configlexer.lex" ECHO; YY_BREAK -#line 3669 "" +#line 3927 "" case YY_END_OF_BUFFER: { @@ -3808,9 +4066,9 @@ */ static int yy_get_next_buffer (void) { - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = (yytext_ptr); + yy_size_t number_to_move, i; int ret_val; if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) @@ -3839,7 +4097,7 @@ /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (yy_size_t) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -3852,7 +4110,7 @@ else { - yy_size_t num_to_read = + int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) @@ -3942,14 +4200,14 @@ static yy_state_type yy_get_previous_state (void) { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; yy_current_state = (yy_start); for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; @@ -3958,7 +4216,7 @@ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1800 ) + if ( yy_current_state >= 1956 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -3974,10 +4232,10 @@ */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) { - register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + int yy_is_jam; + char *yy_cp = (yy_c_buf_p); - register YY_CHAR yy_c = 1; + YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; @@ -3986,15 +4244,19 @@ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1800 ) + if ( yy_current_state >= 1956 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 1799); + yy_is_jam = (yy_current_state == 1955); return yy_is_jam ? 0 : yy_current_state; } +#ifndef YY_NO_UNPUT + +#endif + #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) @@ -4144,7 +4406,7 @@ if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - b->yy_buf_size = size; + b->yy_buf_size = (yy_size_t)size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. @@ -4299,7 +4561,7 @@ * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); @@ -4316,7 +4578,7 @@ if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = (yy_buffer_stack_max) + grow_size; (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc @@ -4424,7 +4686,7 @@ static void yy_fatal_error (yyconst char* msg ) { - (void) fprintf( stderr, "%s\n", msg ); + (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } @@ -4435,7 +4697,7 @@ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ + yy_size_t yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = (yy_hold_char); \ (yy_c_buf_p) = yytext + yyless_macro_arg; \ @@ -4490,29 +4752,29 @@ } /** Set the current line number. - * @param line_number + * @param _line_number line number * */ -void yyset_lineno (int line_number ) +void yyset_lineno (int _line_number ) { - yylineno = line_number; + yylineno = _line_number; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * * @see yy_switch_to_buffer */ -void yyset_in (FILE * in_str ) +void yyset_in (FILE * _in_str ) { - yyin = in_str ; + yyin = _in_str ; } -void yyset_out (FILE * out_str ) +void yyset_out (FILE * _out_str ) { - yyout = out_str ; + yyout = _out_str ; } int yyget_debug (void) @@ -4520,9 +4782,9 @@ return yy_flex_debug; } -void yyset_debug (int bdebug ) +void yyset_debug (int _bdebug ) { - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } static int yy_init_globals (void) @@ -4582,7 +4844,8 @@ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) { - register int i; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } @@ -4591,7 +4854,7 @@ #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s ) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -4601,11 +4864,12 @@ void *yyalloc (yy_size_t size ) { - return (void *) malloc( size ); + return (void *) malloc( size ); } void *yyrealloc (void * ptr, yy_size_t size ) { + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -4618,12 +4882,12 @@ void yyfree (void * ptr ) { - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } #define YYTABLES_NAME "yytables" -#line 465 "util/configlexer.lex" +#line 489 "util/configlexer.lex" diff -Nru unbound-1.5.8/util/configlexer.lex unbound-1.6.0/util/configlexer.lex --- unbound-1.5.8/util/configlexer.lex 2016-02-09 13:25:59.000000000 +0000 +++ unbound-1.6.0/util/configlexer.lex 2016-11-04 12:07:52.000000000 +0000 @@ -7,6 +7,12 @@ * See LICENSE for the license. * */ + +/* because flex keeps having sign-unsigned compare problems that are unfixed*/ +#if defined(__clang__)||(defined(__GNUC__)&&((__GNUC__ >4)||(defined(__GNUC_MINOR__)&&(__GNUC__ ==4)&&(__GNUC_MINOR__ >=2)))) +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + #include #include #include @@ -206,6 +212,7 @@ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } server{COLON} { YDVAR(0, VAR_SERVER) } qname-minimisation{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION) } +qname-minimisation-strict{COLON} { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } num-threads{COLON} { YDVAR(1, VAR_NUM_THREADS) } verbosity{COLON} { YDVAR(1, VAR_VERBOSITY) } port{COLON} { YDVAR(1, VAR_PORT) } @@ -216,6 +223,7 @@ incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) } do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) } do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) } +prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) } do-udp{COLON} { YDVAR(1, VAR_DO_UDP) } do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) } tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } @@ -234,6 +242,7 @@ so-sndbuf{COLON} { YDVAR(1, VAR_SO_SNDBUF) } so-reuseport{COLON} { YDVAR(1, VAR_SO_REUSEPORT) } ip-transparent{COLON} { YDVAR(1, VAR_IP_TRANSPARENT) } +ip-freebind{COLON} { YDVAR(1, VAR_IP_FREEBIND) } chroot{COLON} { YDVAR(1, VAR_CHROOT) } username{COLON} { YDVAR(1, VAR_USERNAME) } directory{COLON} { YDVAR(1, VAR_DIRECTORY) } @@ -279,10 +288,14 @@ stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) } stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) } stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) } +stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) } forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) } forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) } forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) } +forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +view{COLON} { YDVAR(0, VAR_VIEW) } +view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) } do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } @@ -304,6 +317,8 @@ val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } +serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } +fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } @@ -315,6 +330,7 @@ keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) } +log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) } log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) } log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) } local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) } @@ -342,6 +358,13 @@ max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) } dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) } +define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) } +local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) } +access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } +access-control-tag-action{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } +access-control-tag-data{COLON} { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } +access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } +local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } dnstap{COLON} { YDVAR(0, VAR_DNSTAP) } dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) } dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } @@ -361,6 +384,7 @@ YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) } ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) } diff -Nru unbound-1.5.8/util/configparser.c unbound-1.6.0/util/configparser.c --- unbound-1.5.8/util/configparser.c 2016-03-02 07:52:37.000000000 +0000 +++ unbound-1.6.0/util/configparser.c 2016-12-15 08:20:10.000000000 +0000 @@ -140,153 +140,171 @@ VAR_INTERFACE = 271, VAR_DO_IP4 = 272, VAR_DO_IP6 = 273, - VAR_DO_UDP = 274, - VAR_DO_TCP = 275, - VAR_TCP_MSS = 276, - VAR_OUTGOING_TCP_MSS = 277, - VAR_CHROOT = 278, - VAR_USERNAME = 279, - VAR_DIRECTORY = 280, - VAR_LOGFILE = 281, - VAR_PIDFILE = 282, - VAR_MSG_CACHE_SIZE = 283, - VAR_MSG_CACHE_SLABS = 284, - VAR_NUM_QUERIES_PER_THREAD = 285, - VAR_RRSET_CACHE_SIZE = 286, - VAR_RRSET_CACHE_SLABS = 287, - VAR_OUTGOING_NUM_TCP = 288, - VAR_INFRA_HOST_TTL = 289, - VAR_INFRA_LAME_TTL = 290, - VAR_INFRA_CACHE_SLABS = 291, - VAR_INFRA_CACHE_NUMHOSTS = 292, - VAR_INFRA_CACHE_LAME_SIZE = 293, - VAR_NAME = 294, - VAR_STUB_ZONE = 295, - VAR_STUB_HOST = 296, - VAR_STUB_ADDR = 297, - VAR_TARGET_FETCH_POLICY = 298, - VAR_HARDEN_SHORT_BUFSIZE = 299, - VAR_HARDEN_LARGE_QUERIES = 300, - VAR_FORWARD_ZONE = 301, - VAR_FORWARD_HOST = 302, - VAR_FORWARD_ADDR = 303, - VAR_DO_NOT_QUERY_ADDRESS = 304, - VAR_HIDE_IDENTITY = 305, - VAR_HIDE_VERSION = 306, - VAR_IDENTITY = 307, - VAR_VERSION = 308, - VAR_HARDEN_GLUE = 309, - VAR_MODULE_CONF = 310, - VAR_TRUST_ANCHOR_FILE = 311, - VAR_TRUST_ANCHOR = 312, - VAR_VAL_OVERRIDE_DATE = 313, - VAR_BOGUS_TTL = 314, - VAR_VAL_CLEAN_ADDITIONAL = 315, - VAR_VAL_PERMISSIVE_MODE = 316, - VAR_INCOMING_NUM_TCP = 317, - VAR_MSG_BUFFER_SIZE = 318, - VAR_KEY_CACHE_SIZE = 319, - VAR_KEY_CACHE_SLABS = 320, - VAR_TRUSTED_KEYS_FILE = 321, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 322, - VAR_USE_SYSLOG = 323, - VAR_OUTGOING_INTERFACE = 324, - VAR_ROOT_HINTS = 325, - VAR_DO_NOT_QUERY_LOCALHOST = 326, - VAR_CACHE_MAX_TTL = 327, - VAR_HARDEN_DNSSEC_STRIPPED = 328, - VAR_ACCESS_CONTROL = 329, - VAR_LOCAL_ZONE = 330, - VAR_LOCAL_DATA = 331, - VAR_INTERFACE_AUTOMATIC = 332, - VAR_STATISTICS_INTERVAL = 333, - VAR_DO_DAEMONIZE = 334, - VAR_USE_CAPS_FOR_ID = 335, - VAR_STATISTICS_CUMULATIVE = 336, - VAR_OUTGOING_PORT_PERMIT = 337, - VAR_OUTGOING_PORT_AVOID = 338, - VAR_DLV_ANCHOR_FILE = 339, - VAR_DLV_ANCHOR = 340, - VAR_NEG_CACHE_SIZE = 341, - VAR_HARDEN_REFERRAL_PATH = 342, - VAR_PRIVATE_ADDRESS = 343, - VAR_PRIVATE_DOMAIN = 344, - VAR_REMOTE_CONTROL = 345, - VAR_CONTROL_ENABLE = 346, - VAR_CONTROL_INTERFACE = 347, - VAR_CONTROL_PORT = 348, - VAR_SERVER_KEY_FILE = 349, - VAR_SERVER_CERT_FILE = 350, - VAR_CONTROL_KEY_FILE = 351, - VAR_CONTROL_CERT_FILE = 352, - VAR_CONTROL_USE_CERT = 353, - VAR_EXTENDED_STATISTICS = 354, - VAR_LOCAL_DATA_PTR = 355, - VAR_JOSTLE_TIMEOUT = 356, - VAR_STUB_PRIME = 357, - VAR_UNWANTED_REPLY_THRESHOLD = 358, - VAR_LOG_TIME_ASCII = 359, - VAR_DOMAIN_INSECURE = 360, - VAR_PYTHON = 361, - VAR_PYTHON_SCRIPT = 362, - VAR_VAL_SIG_SKEW_MIN = 363, - VAR_VAL_SIG_SKEW_MAX = 364, - VAR_CACHE_MIN_TTL = 365, - VAR_VAL_LOG_LEVEL = 366, - VAR_AUTO_TRUST_ANCHOR_FILE = 367, - VAR_KEEP_MISSING = 368, - VAR_ADD_HOLDDOWN = 369, - VAR_DEL_HOLDDOWN = 370, - VAR_SO_RCVBUF = 371, - VAR_EDNS_BUFFER_SIZE = 372, - VAR_PREFETCH = 373, - VAR_PREFETCH_KEY = 374, - VAR_SO_SNDBUF = 375, - VAR_SO_REUSEPORT = 376, - VAR_HARDEN_BELOW_NXDOMAIN = 377, - VAR_IGNORE_CD_FLAG = 378, - VAR_LOG_QUERIES = 379, - VAR_TCP_UPSTREAM = 380, - VAR_SSL_UPSTREAM = 381, - VAR_SSL_SERVICE_KEY = 382, - VAR_SSL_SERVICE_PEM = 383, - VAR_SSL_PORT = 384, - VAR_FORWARD_FIRST = 385, - VAR_STUB_FIRST = 386, - VAR_MINIMAL_RESPONSES = 387, - VAR_RRSET_ROUNDROBIN = 388, - VAR_MAX_UDP_SIZE = 389, - VAR_DELAY_CLOSE = 390, - VAR_UNBLOCK_LAN_ZONES = 391, - VAR_INSECURE_LAN_ZONES = 392, - VAR_INFRA_CACHE_MIN_RTT = 393, - VAR_DNS64_PREFIX = 394, - VAR_DNS64_SYNTHALL = 395, - VAR_DNSTAP = 396, - VAR_DNSTAP_ENABLE = 397, - VAR_DNSTAP_SOCKET_PATH = 398, - VAR_DNSTAP_SEND_IDENTITY = 399, - VAR_DNSTAP_SEND_VERSION = 400, - VAR_DNSTAP_IDENTITY = 401, - VAR_DNSTAP_VERSION = 402, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 403, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 404, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 405, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 406, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 407, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 408, - VAR_HARDEN_ALGO_DOWNGRADE = 409, - VAR_IP_TRANSPARENT = 410, - VAR_RATELIMIT = 411, - VAR_RATELIMIT_SLABS = 412, - VAR_RATELIMIT_SIZE = 413, - VAR_RATELIMIT_FOR_DOMAIN = 414, - VAR_RATELIMIT_BELOW_DOMAIN = 415, - VAR_RATELIMIT_FACTOR = 416, - VAR_CAPS_WHITELIST = 417, - VAR_CACHE_MAX_NEGATIVE_TTL = 418, - VAR_PERMIT_SMALL_HOLDDOWN = 419, - VAR_QNAME_MINIMISATION = 420 + VAR_PREFER_IP6 = 274, + VAR_DO_UDP = 275, + VAR_DO_TCP = 276, + VAR_TCP_MSS = 277, + VAR_OUTGOING_TCP_MSS = 278, + VAR_CHROOT = 279, + VAR_USERNAME = 280, + VAR_DIRECTORY = 281, + VAR_LOGFILE = 282, + VAR_PIDFILE = 283, + VAR_MSG_CACHE_SIZE = 284, + VAR_MSG_CACHE_SLABS = 285, + VAR_NUM_QUERIES_PER_THREAD = 286, + VAR_RRSET_CACHE_SIZE = 287, + VAR_RRSET_CACHE_SLABS = 288, + VAR_OUTGOING_NUM_TCP = 289, + VAR_INFRA_HOST_TTL = 290, + VAR_INFRA_LAME_TTL = 291, + VAR_INFRA_CACHE_SLABS = 292, + VAR_INFRA_CACHE_NUMHOSTS = 293, + VAR_INFRA_CACHE_LAME_SIZE = 294, + VAR_NAME = 295, + VAR_STUB_ZONE = 296, + VAR_STUB_HOST = 297, + VAR_STUB_ADDR = 298, + VAR_TARGET_FETCH_POLICY = 299, + VAR_HARDEN_SHORT_BUFSIZE = 300, + VAR_HARDEN_LARGE_QUERIES = 301, + VAR_FORWARD_ZONE = 302, + VAR_FORWARD_HOST = 303, + VAR_FORWARD_ADDR = 304, + VAR_DO_NOT_QUERY_ADDRESS = 305, + VAR_HIDE_IDENTITY = 306, + VAR_HIDE_VERSION = 307, + VAR_IDENTITY = 308, + VAR_VERSION = 309, + VAR_HARDEN_GLUE = 310, + VAR_MODULE_CONF = 311, + VAR_TRUST_ANCHOR_FILE = 312, + VAR_TRUST_ANCHOR = 313, + VAR_VAL_OVERRIDE_DATE = 314, + VAR_BOGUS_TTL = 315, + VAR_VAL_CLEAN_ADDITIONAL = 316, + VAR_VAL_PERMISSIVE_MODE = 317, + VAR_INCOMING_NUM_TCP = 318, + VAR_MSG_BUFFER_SIZE = 319, + VAR_KEY_CACHE_SIZE = 320, + VAR_KEY_CACHE_SLABS = 321, + VAR_TRUSTED_KEYS_FILE = 322, + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 323, + VAR_USE_SYSLOG = 324, + VAR_OUTGOING_INTERFACE = 325, + VAR_ROOT_HINTS = 326, + VAR_DO_NOT_QUERY_LOCALHOST = 327, + VAR_CACHE_MAX_TTL = 328, + VAR_HARDEN_DNSSEC_STRIPPED = 329, + VAR_ACCESS_CONTROL = 330, + VAR_LOCAL_ZONE = 331, + VAR_LOCAL_DATA = 332, + VAR_INTERFACE_AUTOMATIC = 333, + VAR_STATISTICS_INTERVAL = 334, + VAR_DO_DAEMONIZE = 335, + VAR_USE_CAPS_FOR_ID = 336, + VAR_STATISTICS_CUMULATIVE = 337, + VAR_OUTGOING_PORT_PERMIT = 338, + VAR_OUTGOING_PORT_AVOID = 339, + VAR_DLV_ANCHOR_FILE = 340, + VAR_DLV_ANCHOR = 341, + VAR_NEG_CACHE_SIZE = 342, + VAR_HARDEN_REFERRAL_PATH = 343, + VAR_PRIVATE_ADDRESS = 344, + VAR_PRIVATE_DOMAIN = 345, + VAR_REMOTE_CONTROL = 346, + VAR_CONTROL_ENABLE = 347, + VAR_CONTROL_INTERFACE = 348, + VAR_CONTROL_PORT = 349, + VAR_SERVER_KEY_FILE = 350, + VAR_SERVER_CERT_FILE = 351, + VAR_CONTROL_KEY_FILE = 352, + VAR_CONTROL_CERT_FILE = 353, + VAR_CONTROL_USE_CERT = 354, + VAR_EXTENDED_STATISTICS = 355, + VAR_LOCAL_DATA_PTR = 356, + VAR_JOSTLE_TIMEOUT = 357, + VAR_STUB_PRIME = 358, + VAR_UNWANTED_REPLY_THRESHOLD = 359, + VAR_LOG_TIME_ASCII = 360, + VAR_DOMAIN_INSECURE = 361, + VAR_PYTHON = 362, + VAR_PYTHON_SCRIPT = 363, + VAR_VAL_SIG_SKEW_MIN = 364, + VAR_VAL_SIG_SKEW_MAX = 365, + VAR_CACHE_MIN_TTL = 366, + VAR_VAL_LOG_LEVEL = 367, + VAR_AUTO_TRUST_ANCHOR_FILE = 368, + VAR_KEEP_MISSING = 369, + VAR_ADD_HOLDDOWN = 370, + VAR_DEL_HOLDDOWN = 371, + VAR_SO_RCVBUF = 372, + VAR_EDNS_BUFFER_SIZE = 373, + VAR_PREFETCH = 374, + VAR_PREFETCH_KEY = 375, + VAR_SO_SNDBUF = 376, + VAR_SO_REUSEPORT = 377, + VAR_HARDEN_BELOW_NXDOMAIN = 378, + VAR_IGNORE_CD_FLAG = 379, + VAR_LOG_QUERIES = 380, + VAR_TCP_UPSTREAM = 381, + VAR_SSL_UPSTREAM = 382, + VAR_SSL_SERVICE_KEY = 383, + VAR_SSL_SERVICE_PEM = 384, + VAR_SSL_PORT = 385, + VAR_FORWARD_FIRST = 386, + VAR_STUB_SSL_UPSTREAM = 387, + VAR_FORWARD_SSL_UPSTREAM = 388, + VAR_STUB_FIRST = 389, + VAR_MINIMAL_RESPONSES = 390, + VAR_RRSET_ROUNDROBIN = 391, + VAR_MAX_UDP_SIZE = 392, + VAR_DELAY_CLOSE = 393, + VAR_UNBLOCK_LAN_ZONES = 394, + VAR_INSECURE_LAN_ZONES = 395, + VAR_INFRA_CACHE_MIN_RTT = 396, + VAR_DNS64_PREFIX = 397, + VAR_DNS64_SYNTHALL = 398, + VAR_DNSTAP = 399, + VAR_DNSTAP_ENABLE = 400, + VAR_DNSTAP_SOCKET_PATH = 401, + VAR_DNSTAP_SEND_IDENTITY = 402, + VAR_DNSTAP_SEND_VERSION = 403, + VAR_DNSTAP_IDENTITY = 404, + VAR_DNSTAP_VERSION = 405, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 406, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 407, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 408, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 409, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 410, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 411, + VAR_HARDEN_ALGO_DOWNGRADE = 412, + VAR_IP_TRANSPARENT = 413, + VAR_DISABLE_DNSSEC_LAME_CHECK = 414, + VAR_RATELIMIT = 415, + VAR_RATELIMIT_SLABS = 416, + VAR_RATELIMIT_SIZE = 417, + VAR_RATELIMIT_FOR_DOMAIN = 418, + VAR_RATELIMIT_BELOW_DOMAIN = 419, + VAR_RATELIMIT_FACTOR = 420, + VAR_CAPS_WHITELIST = 421, + VAR_CACHE_MAX_NEGATIVE_TTL = 422, + VAR_PERMIT_SMALL_HOLDDOWN = 423, + VAR_QNAME_MINIMISATION = 424, + VAR_QNAME_MINIMISATION_STRICT = 425, + VAR_IP_FREEBIND = 426, + VAR_DEFINE_TAG = 427, + VAR_LOCAL_ZONE_TAG = 428, + VAR_ACCESS_CONTROL_TAG = 429, + VAR_LOCAL_ZONE_OVERRIDE = 430, + VAR_ACCESS_CONTROL_TAG_ACTION = 431, + VAR_ACCESS_CONTROL_TAG_DATA = 432, + VAR_VIEW = 433, + VAR_ACCESS_CONTROL_VIEW = 434, + VAR_VIEW_FIRST = 435, + VAR_SERVE_EXPIRED = 436, + VAR_FAKE_DSA = 437, + VAR_LOG_IDENTITY = 438 }; #endif /* Tokens. */ @@ -306,153 +324,171 @@ #define VAR_INTERFACE 271 #define VAR_DO_IP4 272 #define VAR_DO_IP6 273 -#define VAR_DO_UDP 274 -#define VAR_DO_TCP 275 -#define VAR_TCP_MSS 276 -#define VAR_OUTGOING_TCP_MSS 277 -#define VAR_CHROOT 278 -#define VAR_USERNAME 279 -#define VAR_DIRECTORY 280 -#define VAR_LOGFILE 281 -#define VAR_PIDFILE 282 -#define VAR_MSG_CACHE_SIZE 283 -#define VAR_MSG_CACHE_SLABS 284 -#define VAR_NUM_QUERIES_PER_THREAD 285 -#define VAR_RRSET_CACHE_SIZE 286 -#define VAR_RRSET_CACHE_SLABS 287 -#define VAR_OUTGOING_NUM_TCP 288 -#define VAR_INFRA_HOST_TTL 289 -#define VAR_INFRA_LAME_TTL 290 -#define VAR_INFRA_CACHE_SLABS 291 -#define VAR_INFRA_CACHE_NUMHOSTS 292 -#define VAR_INFRA_CACHE_LAME_SIZE 293 -#define VAR_NAME 294 -#define VAR_STUB_ZONE 295 -#define VAR_STUB_HOST 296 -#define VAR_STUB_ADDR 297 -#define VAR_TARGET_FETCH_POLICY 298 -#define VAR_HARDEN_SHORT_BUFSIZE 299 -#define VAR_HARDEN_LARGE_QUERIES 300 -#define VAR_FORWARD_ZONE 301 -#define VAR_FORWARD_HOST 302 -#define VAR_FORWARD_ADDR 303 -#define VAR_DO_NOT_QUERY_ADDRESS 304 -#define VAR_HIDE_IDENTITY 305 -#define VAR_HIDE_VERSION 306 -#define VAR_IDENTITY 307 -#define VAR_VERSION 308 -#define VAR_HARDEN_GLUE 309 -#define VAR_MODULE_CONF 310 -#define VAR_TRUST_ANCHOR_FILE 311 -#define VAR_TRUST_ANCHOR 312 -#define VAR_VAL_OVERRIDE_DATE 313 -#define VAR_BOGUS_TTL 314 -#define VAR_VAL_CLEAN_ADDITIONAL 315 -#define VAR_VAL_PERMISSIVE_MODE 316 -#define VAR_INCOMING_NUM_TCP 317 -#define VAR_MSG_BUFFER_SIZE 318 -#define VAR_KEY_CACHE_SIZE 319 -#define VAR_KEY_CACHE_SLABS 320 -#define VAR_TRUSTED_KEYS_FILE 321 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 322 -#define VAR_USE_SYSLOG 323 -#define VAR_OUTGOING_INTERFACE 324 -#define VAR_ROOT_HINTS 325 -#define VAR_DO_NOT_QUERY_LOCALHOST 326 -#define VAR_CACHE_MAX_TTL 327 -#define VAR_HARDEN_DNSSEC_STRIPPED 328 -#define VAR_ACCESS_CONTROL 329 -#define VAR_LOCAL_ZONE 330 -#define VAR_LOCAL_DATA 331 -#define VAR_INTERFACE_AUTOMATIC 332 -#define VAR_STATISTICS_INTERVAL 333 -#define VAR_DO_DAEMONIZE 334 -#define VAR_USE_CAPS_FOR_ID 335 -#define VAR_STATISTICS_CUMULATIVE 336 -#define VAR_OUTGOING_PORT_PERMIT 337 -#define VAR_OUTGOING_PORT_AVOID 338 -#define VAR_DLV_ANCHOR_FILE 339 -#define VAR_DLV_ANCHOR 340 -#define VAR_NEG_CACHE_SIZE 341 -#define VAR_HARDEN_REFERRAL_PATH 342 -#define VAR_PRIVATE_ADDRESS 343 -#define VAR_PRIVATE_DOMAIN 344 -#define VAR_REMOTE_CONTROL 345 -#define VAR_CONTROL_ENABLE 346 -#define VAR_CONTROL_INTERFACE 347 -#define VAR_CONTROL_PORT 348 -#define VAR_SERVER_KEY_FILE 349 -#define VAR_SERVER_CERT_FILE 350 -#define VAR_CONTROL_KEY_FILE 351 -#define VAR_CONTROL_CERT_FILE 352 -#define VAR_CONTROL_USE_CERT 353 -#define VAR_EXTENDED_STATISTICS 354 -#define VAR_LOCAL_DATA_PTR 355 -#define VAR_JOSTLE_TIMEOUT 356 -#define VAR_STUB_PRIME 357 -#define VAR_UNWANTED_REPLY_THRESHOLD 358 -#define VAR_LOG_TIME_ASCII 359 -#define VAR_DOMAIN_INSECURE 360 -#define VAR_PYTHON 361 -#define VAR_PYTHON_SCRIPT 362 -#define VAR_VAL_SIG_SKEW_MIN 363 -#define VAR_VAL_SIG_SKEW_MAX 364 -#define VAR_CACHE_MIN_TTL 365 -#define VAR_VAL_LOG_LEVEL 366 -#define VAR_AUTO_TRUST_ANCHOR_FILE 367 -#define VAR_KEEP_MISSING 368 -#define VAR_ADD_HOLDDOWN 369 -#define VAR_DEL_HOLDDOWN 370 -#define VAR_SO_RCVBUF 371 -#define VAR_EDNS_BUFFER_SIZE 372 -#define VAR_PREFETCH 373 -#define VAR_PREFETCH_KEY 374 -#define VAR_SO_SNDBUF 375 -#define VAR_SO_REUSEPORT 376 -#define VAR_HARDEN_BELOW_NXDOMAIN 377 -#define VAR_IGNORE_CD_FLAG 378 -#define VAR_LOG_QUERIES 379 -#define VAR_TCP_UPSTREAM 380 -#define VAR_SSL_UPSTREAM 381 -#define VAR_SSL_SERVICE_KEY 382 -#define VAR_SSL_SERVICE_PEM 383 -#define VAR_SSL_PORT 384 -#define VAR_FORWARD_FIRST 385 -#define VAR_STUB_FIRST 386 -#define VAR_MINIMAL_RESPONSES 387 -#define VAR_RRSET_ROUNDROBIN 388 -#define VAR_MAX_UDP_SIZE 389 -#define VAR_DELAY_CLOSE 390 -#define VAR_UNBLOCK_LAN_ZONES 391 -#define VAR_INSECURE_LAN_ZONES 392 -#define VAR_INFRA_CACHE_MIN_RTT 393 -#define VAR_DNS64_PREFIX 394 -#define VAR_DNS64_SYNTHALL 395 -#define VAR_DNSTAP 396 -#define VAR_DNSTAP_ENABLE 397 -#define VAR_DNSTAP_SOCKET_PATH 398 -#define VAR_DNSTAP_SEND_IDENTITY 399 -#define VAR_DNSTAP_SEND_VERSION 400 -#define VAR_DNSTAP_IDENTITY 401 -#define VAR_DNSTAP_VERSION 402 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 403 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 404 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 405 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 406 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 407 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 408 -#define VAR_HARDEN_ALGO_DOWNGRADE 409 -#define VAR_IP_TRANSPARENT 410 -#define VAR_RATELIMIT 411 -#define VAR_RATELIMIT_SLABS 412 -#define VAR_RATELIMIT_SIZE 413 -#define VAR_RATELIMIT_FOR_DOMAIN 414 -#define VAR_RATELIMIT_BELOW_DOMAIN 415 -#define VAR_RATELIMIT_FACTOR 416 -#define VAR_CAPS_WHITELIST 417 -#define VAR_CACHE_MAX_NEGATIVE_TTL 418 -#define VAR_PERMIT_SMALL_HOLDDOWN 419 -#define VAR_QNAME_MINIMISATION 420 +#define VAR_PREFER_IP6 274 +#define VAR_DO_UDP 275 +#define VAR_DO_TCP 276 +#define VAR_TCP_MSS 277 +#define VAR_OUTGOING_TCP_MSS 278 +#define VAR_CHROOT 279 +#define VAR_USERNAME 280 +#define VAR_DIRECTORY 281 +#define VAR_LOGFILE 282 +#define VAR_PIDFILE 283 +#define VAR_MSG_CACHE_SIZE 284 +#define VAR_MSG_CACHE_SLABS 285 +#define VAR_NUM_QUERIES_PER_THREAD 286 +#define VAR_RRSET_CACHE_SIZE 287 +#define VAR_RRSET_CACHE_SLABS 288 +#define VAR_OUTGOING_NUM_TCP 289 +#define VAR_INFRA_HOST_TTL 290 +#define VAR_INFRA_LAME_TTL 291 +#define VAR_INFRA_CACHE_SLABS 292 +#define VAR_INFRA_CACHE_NUMHOSTS 293 +#define VAR_INFRA_CACHE_LAME_SIZE 294 +#define VAR_NAME 295 +#define VAR_STUB_ZONE 296 +#define VAR_STUB_HOST 297 +#define VAR_STUB_ADDR 298 +#define VAR_TARGET_FETCH_POLICY 299 +#define VAR_HARDEN_SHORT_BUFSIZE 300 +#define VAR_HARDEN_LARGE_QUERIES 301 +#define VAR_FORWARD_ZONE 302 +#define VAR_FORWARD_HOST 303 +#define VAR_FORWARD_ADDR 304 +#define VAR_DO_NOT_QUERY_ADDRESS 305 +#define VAR_HIDE_IDENTITY 306 +#define VAR_HIDE_VERSION 307 +#define VAR_IDENTITY 308 +#define VAR_VERSION 309 +#define VAR_HARDEN_GLUE 310 +#define VAR_MODULE_CONF 311 +#define VAR_TRUST_ANCHOR_FILE 312 +#define VAR_TRUST_ANCHOR 313 +#define VAR_VAL_OVERRIDE_DATE 314 +#define VAR_BOGUS_TTL 315 +#define VAR_VAL_CLEAN_ADDITIONAL 316 +#define VAR_VAL_PERMISSIVE_MODE 317 +#define VAR_INCOMING_NUM_TCP 318 +#define VAR_MSG_BUFFER_SIZE 319 +#define VAR_KEY_CACHE_SIZE 320 +#define VAR_KEY_CACHE_SLABS 321 +#define VAR_TRUSTED_KEYS_FILE 322 +#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 323 +#define VAR_USE_SYSLOG 324 +#define VAR_OUTGOING_INTERFACE 325 +#define VAR_ROOT_HINTS 326 +#define VAR_DO_NOT_QUERY_LOCALHOST 327 +#define VAR_CACHE_MAX_TTL 328 +#define VAR_HARDEN_DNSSEC_STRIPPED 329 +#define VAR_ACCESS_CONTROL 330 +#define VAR_LOCAL_ZONE 331 +#define VAR_LOCAL_DATA 332 +#define VAR_INTERFACE_AUTOMATIC 333 +#define VAR_STATISTICS_INTERVAL 334 +#define VAR_DO_DAEMONIZE 335 +#define VAR_USE_CAPS_FOR_ID 336 +#define VAR_STATISTICS_CUMULATIVE 337 +#define VAR_OUTGOING_PORT_PERMIT 338 +#define VAR_OUTGOING_PORT_AVOID 339 +#define VAR_DLV_ANCHOR_FILE 340 +#define VAR_DLV_ANCHOR 341 +#define VAR_NEG_CACHE_SIZE 342 +#define VAR_HARDEN_REFERRAL_PATH 343 +#define VAR_PRIVATE_ADDRESS 344 +#define VAR_PRIVATE_DOMAIN 345 +#define VAR_REMOTE_CONTROL 346 +#define VAR_CONTROL_ENABLE 347 +#define VAR_CONTROL_INTERFACE 348 +#define VAR_CONTROL_PORT 349 +#define VAR_SERVER_KEY_FILE 350 +#define VAR_SERVER_CERT_FILE 351 +#define VAR_CONTROL_KEY_FILE 352 +#define VAR_CONTROL_CERT_FILE 353 +#define VAR_CONTROL_USE_CERT 354 +#define VAR_EXTENDED_STATISTICS 355 +#define VAR_LOCAL_DATA_PTR 356 +#define VAR_JOSTLE_TIMEOUT 357 +#define VAR_STUB_PRIME 358 +#define VAR_UNWANTED_REPLY_THRESHOLD 359 +#define VAR_LOG_TIME_ASCII 360 +#define VAR_DOMAIN_INSECURE 361 +#define VAR_PYTHON 362 +#define VAR_PYTHON_SCRIPT 363 +#define VAR_VAL_SIG_SKEW_MIN 364 +#define VAR_VAL_SIG_SKEW_MAX 365 +#define VAR_CACHE_MIN_TTL 366 +#define VAR_VAL_LOG_LEVEL 367 +#define VAR_AUTO_TRUST_ANCHOR_FILE 368 +#define VAR_KEEP_MISSING 369 +#define VAR_ADD_HOLDDOWN 370 +#define VAR_DEL_HOLDDOWN 371 +#define VAR_SO_RCVBUF 372 +#define VAR_EDNS_BUFFER_SIZE 373 +#define VAR_PREFETCH 374 +#define VAR_PREFETCH_KEY 375 +#define VAR_SO_SNDBUF 376 +#define VAR_SO_REUSEPORT 377 +#define VAR_HARDEN_BELOW_NXDOMAIN 378 +#define VAR_IGNORE_CD_FLAG 379 +#define VAR_LOG_QUERIES 380 +#define VAR_TCP_UPSTREAM 381 +#define VAR_SSL_UPSTREAM 382 +#define VAR_SSL_SERVICE_KEY 383 +#define VAR_SSL_SERVICE_PEM 384 +#define VAR_SSL_PORT 385 +#define VAR_FORWARD_FIRST 386 +#define VAR_STUB_SSL_UPSTREAM 387 +#define VAR_FORWARD_SSL_UPSTREAM 388 +#define VAR_STUB_FIRST 389 +#define VAR_MINIMAL_RESPONSES 390 +#define VAR_RRSET_ROUNDROBIN 391 +#define VAR_MAX_UDP_SIZE 392 +#define VAR_DELAY_CLOSE 393 +#define VAR_UNBLOCK_LAN_ZONES 394 +#define VAR_INSECURE_LAN_ZONES 395 +#define VAR_INFRA_CACHE_MIN_RTT 396 +#define VAR_DNS64_PREFIX 397 +#define VAR_DNS64_SYNTHALL 398 +#define VAR_DNSTAP 399 +#define VAR_DNSTAP_ENABLE 400 +#define VAR_DNSTAP_SOCKET_PATH 401 +#define VAR_DNSTAP_SEND_IDENTITY 402 +#define VAR_DNSTAP_SEND_VERSION 403 +#define VAR_DNSTAP_IDENTITY 404 +#define VAR_DNSTAP_VERSION 405 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 406 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 407 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 408 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 409 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 410 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 411 +#define VAR_HARDEN_ALGO_DOWNGRADE 412 +#define VAR_IP_TRANSPARENT 413 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 414 +#define VAR_RATELIMIT 415 +#define VAR_RATELIMIT_SLABS 416 +#define VAR_RATELIMIT_SIZE 417 +#define VAR_RATELIMIT_FOR_DOMAIN 418 +#define VAR_RATELIMIT_BELOW_DOMAIN 419 +#define VAR_RATELIMIT_FACTOR 420 +#define VAR_CAPS_WHITELIST 421 +#define VAR_CACHE_MAX_NEGATIVE_TTL 422 +#define VAR_PERMIT_SMALL_HOLDDOWN 423 +#define VAR_QNAME_MINIMISATION 424 +#define VAR_QNAME_MINIMISATION_STRICT 425 +#define VAR_IP_FREEBIND 426 +#define VAR_DEFINE_TAG 427 +#define VAR_LOCAL_ZONE_TAG 428 +#define VAR_ACCESS_CONTROL_TAG 429 +#define VAR_LOCAL_ZONE_OVERRIDE 430 +#define VAR_ACCESS_CONTROL_TAG_ACTION 431 +#define VAR_ACCESS_CONTROL_TAG_DATA 432 +#define VAR_VIEW 433 +#define VAR_ACCESS_CONTROL_VIEW 434 +#define VAR_VIEW_FIRST 435 +#define VAR_SERVE_EXPIRED 436 +#define VAR_FAKE_DSA 437 +#define VAR_LOG_IDENTITY 438 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -463,7 +499,7 @@ char* str; -#line 467 "util/configparser.c" /* yacc.c:355 */ +#line 503 "util/configparser.c" /* yacc.c:355 */ }; typedef union YYSTYPE YYSTYPE; @@ -480,7 +516,7 @@ /* Copy the second part of user declarations. */ -#line 484 "util/configparser.c" /* yacc.c:358 */ +#line 520 "util/configparser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -722,21 +758,21 @@ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 310 +#define YYLAST 363 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 166 +#define YYNTOKENS 184 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 171 +#define YYNNTS 194 /* YYNRULES -- Number of rules. */ -#define YYNRULES 327 +#define YYNRULES 371 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 482 +#define YYNSTATES 556 /* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned by yylex, with out-of-bounds checking. */ #define YYUNDEFTOK 2 -#define YYMAXUTOK 420 +#define YYMAXUTOK 438 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) @@ -787,46 +823,52 @@ 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165 + 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, + 175, 176, 177, 178, 179, 180, 181, 182, 183 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 130, 130, 130, 131, 131, 132, 132, 133, 133, - 137, 142, 143, 144, 144, 144, 145, 145, 146, 146, - 146, 147, 147, 148, 148, 148, 149, 149, 149, 150, - 150, 151, 151, 152, 152, 153, 153, 154, 154, 155, - 155, 156, 156, 157, 157, 158, 158, 158, 159, 159, - 159, 160, 160, 160, 161, 161, 162, 162, 163, 163, - 164, 164, 165, 165, 165, 166, 166, 167, 167, 168, - 168, 168, 169, 169, 170, 170, 171, 171, 172, 172, - 172, 173, 173, 174, 174, 175, 175, 176, 176, 177, - 177, 178, 178, 178, 179, 179, 180, 180, 180, 181, - 181, 181, 182, 182, 182, 183, 183, 183, 184, 184, - 184, 185, 185, 185, 186, 186, 187, 187, 188, 188, - 189, 189, 190, 190, 190, 191, 191, 192, 192, 193, - 193, 194, 194, 196, 208, 209, 210, 210, 210, 210, - 210, 212, 224, 225, 226, 226, 226, 226, 228, 237, - 246, 257, 266, 275, 284, 297, 312, 321, 330, 339, - 348, 357, 366, 375, 384, 393, 402, 411, 420, 429, - 438, 445, 452, 461, 470, 484, 493, 502, 509, 516, - 523, 531, 538, 545, 552, 559, 567, 575, 583, 590, - 597, 606, 615, 622, 629, 637, 645, 655, 665, 678, - 689, 697, 710, 719, 728, 737, 747, 757, 765, 778, - 787, 795, 804, 812, 825, 834, 841, 851, 861, 871, - 881, 891, 901, 911, 921, 928, 935, 942, 951, 960, - 969, 976, 986, 1003, 1010, 1028, 1041, 1054, 1063, 1072, - 1081, 1090, 1100, 1110, 1119, 1128, 1135, 1144, 1153, 1162, - 1171, 1179, 1192, 1200, 1224, 1231, 1246, 1256, 1266, 1273, - 1280, 1289, 1298, 1306, 1319, 1332, 1345, 1354, 1364, 1374, - 1381, 1388, 1397, 1407, 1417, 1424, 1431, 1440, 1445, 1446, - 1447, 1447, 1447, 1448, 1448, 1448, 1449, 1449, 1451, 1461, - 1470, 1477, 1487, 1494, 1501, 1508, 1515, 1520, 1521, 1522, - 1522, 1523, 1523, 1524, 1524, 1525, 1526, 1527, 1528, 1529, - 1530, 1532, 1540, 1547, 1555, 1563, 1570, 1577, 1586, 1595, - 1604, 1613, 1622, 1631, 1636, 1637, 1638, 1640 + 0, 137, 137, 137, 138, 138, 139, 139, 140, 140, + 140, 145, 150, 151, 152, 152, 152, 153, 153, 154, + 154, 155, 155, 156, 156, 157, 157, 157, 158, 158, + 158, 159, 159, 160, 160, 161, 161, 162, 162, 163, + 163, 164, 164, 165, 165, 166, 166, 167, 167, 167, + 168, 168, 168, 169, 169, 169, 170, 170, 171, 171, + 172, 172, 173, 173, 174, 174, 174, 175, 175, 176, + 176, 177, 177, 177, 178, 178, 179, 179, 180, 180, + 181, 181, 181, 182, 182, 183, 183, 184, 184, 185, + 185, 186, 186, 187, 187, 187, 188, 188, 189, 189, + 189, 190, 190, 190, 191, 191, 191, 192, 192, 192, + 193, 193, 193, 194, 194, 194, 195, 195, 196, 196, + 197, 197, 198, 198, 199, 199, 199, 200, 200, 201, + 201, 202, 202, 203, 203, 204, 204, 204, 205, 205, + 206, 206, 207, 207, 208, 208, 209, 209, 211, 223, + 224, 225, 225, 225, 225, 225, 226, 228, 240, 241, + 242, 242, 242, 242, 243, 245, 259, 260, 261, 261, + 261, 261, 263, 272, 281, 292, 301, 310, 319, 332, + 347, 356, 365, 374, 383, 392, 401, 410, 419, 428, + 437, 446, 455, 464, 473, 482, 489, 496, 505, 514, + 528, 537, 546, 553, 560, 584, 592, 599, 606, 613, + 620, 628, 636, 644, 651, 658, 667, 676, 683, 690, + 698, 706, 716, 726, 736, 749, 760, 768, 781, 790, + 799, 808, 818, 828, 836, 849, 858, 866, 875, 883, + 896, 905, 912, 922, 932, 942, 952, 962, 972, 982, + 992, 999, 1006, 1013, 1022, 1031, 1040, 1047, 1057, 1074, + 1081, 1099, 1112, 1125, 1134, 1143, 1152, 1161, 1171, 1181, + 1190, 1199, 1210, 1219, 1226, 1235, 1244, 1253, 1262, 1270, + 1283, 1291, 1319, 1326, 1341, 1351, 1361, 1368, 1375, 1384, + 1398, 1417, 1436, 1448, 1460, 1472, 1483, 1492, 1500, 1513, + 1526, 1539, 1548, 1558, 1568, 1578, 1585, 1592, 1601, 1611, + 1621, 1631, 1638, 1645, 1654, 1664, 1674, 1703, 1712, 1721, + 1726, 1727, 1728, 1728, 1728, 1729, 1729, 1729, 1730, 1730, + 1732, 1742, 1751, 1758, 1768, 1775, 1782, 1789, 1796, 1801, + 1802, 1803, 1803, 1804, 1804, 1805, 1805, 1806, 1807, 1808, + 1809, 1810, 1811, 1813, 1821, 1828, 1836, 1844, 1851, 1858, + 1867, 1876, 1885, 1894, 1903, 1912, 1917, 1918, 1919, 1921, + 1927, 1937 }; #endif @@ -838,9 +880,9 @@ "$end", "error", "$undefined", "SPACE", "LETTER", "NEWLINE", "COMMENT", "COLON", "ANY", "ZONESTR", "STRING_ARG", "VAR_SERVER", "VAR_VERBOSITY", "VAR_NUM_THREADS", "VAR_PORT", "VAR_OUTGOING_RANGE", "VAR_INTERFACE", - "VAR_DO_IP4", "VAR_DO_IP6", "VAR_DO_UDP", "VAR_DO_TCP", "VAR_TCP_MSS", - "VAR_OUTGOING_TCP_MSS", "VAR_CHROOT", "VAR_USERNAME", "VAR_DIRECTORY", - "VAR_LOGFILE", "VAR_PIDFILE", "VAR_MSG_CACHE_SIZE", + "VAR_DO_IP4", "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", + "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", "VAR_CHROOT", "VAR_USERNAME", + "VAR_DIRECTORY", "VAR_LOGFILE", "VAR_PIDFILE", "VAR_MSG_CACHE_SIZE", "VAR_MSG_CACHE_SLABS", "VAR_NUM_QUERIES_PER_THREAD", "VAR_RRSET_CACHE_SIZE", "VAR_RRSET_CACHE_SLABS", "VAR_OUTGOING_NUM_TCP", "VAR_INFRA_HOST_TTL", "VAR_INFRA_LAME_TTL", "VAR_INFRA_CACHE_SLABS", @@ -876,79 +918,94 @@ "VAR_HARDEN_BELOW_NXDOMAIN", "VAR_IGNORE_CD_FLAG", "VAR_LOG_QUERIES", "VAR_TCP_UPSTREAM", "VAR_SSL_UPSTREAM", "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", "VAR_FORWARD_FIRST", - "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", - "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", - "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", - "VAR_DNS64_SYNTHALL", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", - "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_SEND_IDENTITY", - "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", + "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM", "VAR_STUB_FIRST", + "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", + "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", + "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", + "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", "VAR_DNSTAP_SOCKET_PATH", + "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", + "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", "VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES", "VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", - "VAR_HARDEN_ALGO_DOWNGRADE", "VAR_IP_TRANSPARENT", "VAR_RATELIMIT", - "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", "VAR_RATELIMIT_FOR_DOMAIN", + "VAR_HARDEN_ALGO_DOWNGRADE", "VAR_IP_TRANSPARENT", + "VAR_DISABLE_DNSSEC_LAME_CHECK", "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", + "VAR_RATELIMIT_SIZE", "VAR_RATELIMIT_FOR_DOMAIN", "VAR_RATELIMIT_BELOW_DOMAIN", "VAR_RATELIMIT_FACTOR", "VAR_CAPS_WHITELIST", "VAR_CACHE_MAX_NEGATIVE_TTL", - "VAR_PERMIT_SMALL_HOLDDOWN", "VAR_QNAME_MINIMISATION", "$accept", - "toplevelvars", "toplevelvar", "serverstart", "contents_server", - "content_server", "stubstart", "contents_stub", "content_stub", - "forwardstart", "contents_forward", "content_forward", + "VAR_PERMIT_SMALL_HOLDDOWN", "VAR_QNAME_MINIMISATION", + "VAR_QNAME_MINIMISATION_STRICT", "VAR_IP_FREEBIND", "VAR_DEFINE_TAG", + "VAR_LOCAL_ZONE_TAG", "VAR_ACCESS_CONTROL_TAG", + "VAR_LOCAL_ZONE_OVERRIDE", "VAR_ACCESS_CONTROL_TAG_ACTION", + "VAR_ACCESS_CONTROL_TAG_DATA", "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", + "VAR_VIEW_FIRST", "VAR_SERVE_EXPIRED", "VAR_FAKE_DSA", + "VAR_LOG_IDENTITY", "$accept", "toplevelvars", "toplevelvar", + "serverstart", "contents_server", "content_server", "stubstart", + "contents_stub", "content_stub", "forwardstart", "contents_forward", + "content_forward", "viewstart", "contents_view", "content_view", "server_num_threads", "server_verbosity", "server_statistics_interval", "server_statistics_cumulative", "server_extended_statistics", "server_port", "server_interface", "server_outgoing_interface", "server_outgoing_range", "server_outgoing_port_permit", "server_outgoing_port_avoid", "server_outgoing_num_tcp", "server_incoming_num_tcp", "server_interface_automatic", "server_do_ip4", - "server_do_ip6", "server_do_udp", "server_do_tcp", "server_tcp_mss", - "server_outgoing_tcp_mss", "server_tcp_upstream", "server_ssl_upstream", - "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", - "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", - "server_log_queries", "server_chroot", "server_username", - "server_directory", "server_logfile", "server_pidfile", - "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor", - "server_auto_trust_anchor_file", "server_trust_anchor_file", - "server_trusted_keys_file", "server_trust_anchor", - "server_domain_insecure", "server_hide_identity", "server_hide_version", - "server_identity", "server_version", "server_so_rcvbuf", - "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", - "server_edns_buffer_size", "server_msg_buffer_size", - "server_msg_cache_size", "server_msg_cache_slabs", - "server_num_queries_per_thread", "server_jostle_timeout", - "server_delay_close", "server_unblock_lan_zones", - "server_insecure_lan_zones", "server_rrset_cache_size", - "server_rrset_cache_slabs", "server_infra_host_ttl", - "server_infra_lame_ttl", "server_infra_cache_numhosts", - "server_infra_cache_lame_size", "server_infra_cache_slabs", - "server_infra_cache_min_rtt", "server_target_fetch_policy", - "server_harden_short_bufsize", "server_harden_large_queries", - "server_harden_glue", "server_harden_dnssec_stripped", - "server_harden_below_nxdomain", "server_harden_referral_path", - "server_harden_algo_downgrade", "server_use_caps_for_id", - "server_caps_whitelist", "server_private_address", - "server_private_domain", "server_prefetch", "server_prefetch_key", - "server_unwanted_reply_threshold", "server_do_not_query_address", - "server_do_not_query_localhost", "server_access_control", - "server_module_conf", "server_val_override_date", - "server_val_sig_skew_min", "server_val_sig_skew_max", - "server_cache_max_ttl", "server_cache_max_negative_ttl", - "server_cache_min_ttl", "server_bogus_ttl", - "server_val_clean_additional", "server_val_permissive_mode", - "server_ignore_cd_flag", "server_val_log_level", + "server_do_ip6", "server_do_udp", "server_do_tcp", "server_prefer_ip6", + "server_tcp_mss", "server_outgoing_tcp_mss", "server_tcp_upstream", + "server_ssl_upstream", "server_ssl_service_key", + "server_ssl_service_pem", "server_ssl_port", "server_do_daemonize", + "server_use_syslog", "server_log_time_ascii", "server_log_queries", + "server_chroot", "server_username", "server_directory", "server_logfile", + "server_pidfile", "server_root_hints", "server_dlv_anchor_file", + "server_dlv_anchor", "server_auto_trust_anchor_file", + "server_trust_anchor_file", "server_trusted_keys_file", + "server_trust_anchor", "server_domain_insecure", "server_hide_identity", + "server_hide_version", "server_identity", "server_version", + "server_so_rcvbuf", "server_so_sndbuf", "server_so_reuseport", + "server_ip_transparent", "server_ip_freebind", "server_edns_buffer_size", + "server_msg_buffer_size", "server_msg_cache_size", + "server_msg_cache_slabs", "server_num_queries_per_thread", + "server_jostle_timeout", "server_delay_close", + "server_unblock_lan_zones", "server_insecure_lan_zones", + "server_rrset_cache_size", "server_rrset_cache_slabs", + "server_infra_host_ttl", "server_infra_lame_ttl", + "server_infra_cache_numhosts", "server_infra_cache_lame_size", + "server_infra_cache_slabs", "server_infra_cache_min_rtt", + "server_target_fetch_policy", "server_harden_short_bufsize", + "server_harden_large_queries", "server_harden_glue", + "server_harden_dnssec_stripped", "server_harden_below_nxdomain", + "server_harden_referral_path", "server_harden_algo_downgrade", + "server_use_caps_for_id", "server_caps_whitelist", + "server_private_address", "server_private_domain", "server_prefetch", + "server_prefetch_key", "server_unwanted_reply_threshold", + "server_do_not_query_address", "server_do_not_query_localhost", + "server_access_control", "server_module_conf", + "server_val_override_date", "server_val_sig_skew_min", + "server_val_sig_skew_max", "server_cache_max_ttl", + "server_cache_max_negative_ttl", "server_cache_min_ttl", + "server_bogus_ttl", "server_val_clean_additional", + "server_val_permissive_mode", "server_ignore_cd_flag", + "server_serve_expired", "server_fake_dsa", "server_val_log_level", "server_val_nsec3_keysize_iterations", "server_add_holddown", "server_del_holddown", "server_keep_missing", "server_permit_small_holddown", "server_key_cache_size", "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", "server_local_data", "server_local_data_ptr", "server_minimal_responses", "server_rrset_roundrobin", "server_max_udp_size", "server_dns64_prefix", - "server_dns64_synthall", "server_ratelimit", "server_ratelimit_size", - "server_ratelimit_slabs", "server_ratelimit_for_domain", - "server_ratelimit_below_domain", "server_ratelimit_factor", - "server_qname_minimisation", "stub_name", "stub_host", "stub_addr", - "stub_first", "stub_prime", "forward_name", "forward_host", - "forward_addr", "forward_first", "rcstart", "contents_rc", "content_rc", + "server_dns64_synthall", "server_define_tag", "server_local_zone_tag", + "server_access_control_tag", "server_access_control_tag_action", + "server_access_control_tag_data", "server_local_zone_override", + "server_access_control_view", "server_ratelimit", + "server_ratelimit_size", "server_ratelimit_slabs", + "server_ratelimit_for_domain", "server_ratelimit_below_domain", + "server_ratelimit_factor", "server_qname_minimisation", + "server_qname_minimisation_strict", "stub_name", "stub_host", + "stub_addr", "stub_first", "stub_ssl_upstream", "stub_prime", + "forward_name", "forward_host", "forward_addr", "forward_first", + "forward_ssl_upstream", "view_name", "view_local_zone", + "view_local_data", "view_first", "rcstart", "contents_rc", "content_rc", "rc_control_enable", "rc_control_port", "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", @@ -961,7 +1018,8 @@ "dt_dnstap_log_client_response_messages", "dt_dnstap_log_forwarder_query_messages", "dt_dnstap_log_forwarder_response_messages", "pythonstart", - "contents_py", "content_py", "py_script", YY_NULLPTR + "contents_py", "content_py", "py_script", + "server_disable_dnssec_lame_check", "server_log_identity", YY_NULLPTR }; #endif @@ -986,14 +1044,16 @@ 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420 + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438 }; # endif -#define YYPACT_NINF -81 +#define YYPACT_NINF -130 #define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-81))) + (!!((Yystate) == (-130))) #define YYTABLE_NINF -1 @@ -1004,55 +1064,62 @@ STATE-NUM. */ static const yytype_int16 yypact[] = { - -81, 118, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -12, 39, 47, 40, - 36, -80, 18, 19, 20, 24, 25, 26, 69, 72, - 73, 74, 75, 80, 109, 120, 129, 130, 144, 145, - 146, 147, 149, 150, 151, 152, 153, 155, 156, 157, - 158, 159, 161, 162, 163, 164, 165, 166, 180, 181, - 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, - 192, 193, 194, 195, 196, 197, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 215, 216, 217, 218, 219, 220, 221, 222, 223, - 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, - 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, - 244, 245, 246, 247, 248, 250, 251, 252, 253, 254, - 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, 267, 268, 269, 270, 271, -81, -81, - -81, -81, -81, -81, 272, 273, 274, 275, -81, -81, - -81, -81, -81, 276, 277, 278, 279, 280, 281, 282, - 283, -81, -81, -81, -81, -81, -81, -81, -81, -81, - 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, - 294, 295, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, 296, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, 297, 298, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, 299, 300, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81 + -130, 0, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, 135, -38, + -34, -39, -64, -129, -105, -3, -2, -1, 2, 3, + 26, 29, 30, 32, 33, 34, 35, 36, 38, 39, + 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 56, 57, 58, 59, 60, + 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, + 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, + 82, 83, 85, 88, 90, 91, 92, 93, 94, 95, + 96, 98, 99, 100, 101, 102, 103, 104, 105, 106, + 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, + 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 128, 129, 130, 132, 133, 136, 165, 166, 167, + 172, 173, 174, 216, 217, 218, 219, 220, 221, 222, + 223, 224, 228, 232, 233, 256, 257, 258, 259, 269, + 270, 271, 272, 273, 274, 275, 276, 277, 278, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, 279, 280, 281, 303, 305, 309, + -130, -130, -130, -130, -130, -130, -130, 310, 311, 312, + 313, 314, -130, -130, -130, -130, -130, -130, 315, 316, + 317, 318, -130, -130, -130, -130, -130, 319, 320, 321, + 322, 323, 324, 325, 326, -130, -130, -130, -130, -130, + -130, -130, -130, -130, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, 339, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, 340, 341, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, 342, 343, -130, + -130, -130, -130, -130, -130, -130, -130, 344, 345, 346, + 347, 348, 349, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, 350, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, 351, 352, + 353, -130, -130, -130, -130, -130 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -1060,9 +1127,9 @@ means the default is an error. */ static const yytype_uint16 yydefact[] = { - 2, 0, 1, 10, 133, 141, 277, 323, 296, 3, - 12, 135, 143, 279, 298, 325, 4, 5, 6, 8, - 9, 7, 0, 0, 0, 0, 0, 0, 0, 0, + 2, 0, 1, 11, 148, 157, 319, 365, 338, 165, + 3, 13, 150, 159, 167, 321, 340, 367, 4, 5, + 6, 10, 8, 9, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1074,87 +1141,98 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 11, 13, 14, 72, 75, 84, 15, 23, - 63, 16, 76, 77, 34, 56, 71, 17, 18, 19, - 20, 21, 22, 106, 107, 108, 109, 110, 73, 62, - 88, 105, 24, 25, 26, 27, 28, 64, 78, 79, - 94, 50, 60, 51, 89, 44, 45, 46, 47, 98, - 102, 114, 122, 99, 57, 29, 30, 31, 86, 115, - 116, 117, 32, 33, 35, 36, 38, 39, 37, 120, - 40, 41, 42, 48, 67, 103, 81, 121, 74, 129, - 82, 83, 100, 101, 87, 43, 65, 68, 49, 52, - 90, 91, 66, 130, 92, 53, 54, 55, 104, 93, - 61, 95, 96, 97, 131, 58, 59, 80, 69, 70, - 85, 111, 112, 113, 118, 119, 123, 125, 124, 126, - 127, 128, 132, 0, 0, 0, 0, 0, 134, 136, - 137, 138, 140, 139, 0, 0, 0, 0, 142, 144, - 145, 146, 147, 0, 0, 0, 0, 0, 0, 0, - 0, 278, 280, 282, 281, 287, 283, 284, 285, 286, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 297, 299, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 0, 324, 326, 149, 148, - 153, 156, 154, 162, 163, 164, 165, 166, 167, 177, - 178, 179, 180, 181, 200, 201, 202, 207, 208, 159, - 209, 210, 213, 211, 212, 215, 216, 217, 230, 190, - 191, 192, 193, 218, 233, 186, 188, 234, 240, 241, - 242, 160, 199, 250, 251, 187, 245, 174, 155, 182, - 231, 237, 219, 0, 0, 254, 161, 150, 173, 223, - 151, 157, 158, 183, 184, 252, 221, 225, 226, 152, - 255, 203, 229, 175, 189, 235, 236, 239, 244, 185, - 248, 246, 247, 194, 198, 227, 228, 195, 196, 220, - 243, 176, 168, 169, 170, 171, 172, 256, 257, 258, - 204, 205, 206, 214, 259, 260, 222, 197, 261, 263, - 262, 0, 0, 266, 224, 238, 249, 267, 268, 269, - 270, 272, 271, 273, 274, 275, 276, 288, 290, 289, - 292, 293, 294, 295, 291, 311, 312, 313, 314, 315, - 316, 317, 318, 319, 320, 321, 322, 327, 232, 253, - 264, 265 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, + 14, 15, 74, 77, 86, 16, 25, 65, 17, 78, + 79, 36, 58, 73, 18, 19, 21, 22, 20, 23, + 24, 108, 109, 110, 111, 112, 75, 64, 90, 107, + 26, 27, 28, 29, 30, 66, 80, 81, 96, 52, + 62, 53, 91, 46, 47, 48, 49, 100, 104, 116, + 124, 135, 101, 59, 31, 32, 33, 88, 117, 118, + 119, 34, 35, 37, 38, 40, 41, 39, 122, 42, + 43, 44, 50, 69, 105, 83, 123, 76, 131, 84, + 85, 102, 103, 89, 45, 67, 70, 51, 54, 92, + 93, 68, 132, 94, 55, 56, 57, 106, 145, 146, + 95, 63, 97, 98, 99, 133, 60, 61, 82, 71, + 72, 87, 113, 114, 115, 120, 121, 136, 137, 139, + 141, 142, 140, 143, 125, 127, 126, 128, 129, 130, + 134, 144, 138, 147, 0, 0, 0, 0, 0, 0, + 149, 151, 152, 153, 155, 156, 154, 0, 0, 0, + 0, 0, 158, 160, 161, 162, 163, 164, 0, 0, + 0, 0, 166, 168, 169, 170, 171, 0, 0, 0, + 0, 0, 0, 0, 0, 320, 322, 324, 323, 329, + 325, 326, 327, 328, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 339, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 0, + 366, 368, 173, 172, 177, 180, 178, 186, 187, 190, + 188, 189, 191, 192, 202, 203, 204, 205, 206, 226, + 227, 228, 233, 234, 183, 235, 236, 239, 237, 238, + 241, 242, 243, 256, 215, 216, 217, 218, 244, 259, + 211, 213, 260, 266, 267, 268, 184, 225, 278, 279, + 212, 273, 199, 179, 207, 257, 263, 245, 0, 0, + 282, 185, 174, 198, 249, 175, 181, 182, 208, 209, + 280, 247, 251, 252, 176, 283, 229, 255, 200, 214, + 261, 262, 265, 272, 210, 276, 274, 275, 219, 224, + 253, 254, 220, 221, 246, 269, 201, 193, 194, 195, + 196, 197, 284, 285, 286, 230, 231, 232, 240, 287, + 288, 248, 222, 370, 296, 298, 297, 0, 0, 301, + 250, 264, 277, 302, 303, 223, 289, 0, 0, 0, + 0, 0, 0, 270, 271, 371, 304, 305, 306, 309, + 308, 307, 310, 311, 312, 313, 314, 315, 0, 317, + 318, 330, 332, 331, 334, 335, 336, 337, 333, 353, + 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, + 364, 369, 258, 281, 299, 300, 290, 291, 0, 0, + 0, 295, 316, 294, 292, 293 }; /* YYPGOTO[NTERM-NUM]. */ -static const yytype_int8 yypgoto[] = +static const yytype_int16 yypgoto[] = { - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, - -81 + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130, -130, -130, -130, -130, -130, -130, + -130, -130, -130, -130 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 1, 9, 10, 16, 142, 11, 17, 268, 12, - 18, 278, 143, 144, 145, 146, 147, 148, 149, 150, - 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, - 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, - 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 269, 270, 271, 272, 273, 279, 280, 281, - 282, 13, 19, 291, 292, 293, 294, 295, 296, 297, - 298, 299, 14, 20, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 321, 322, 323, 324, 15, 21, 326, - 327 + -1, 1, 10, 11, 18, 159, 12, 19, 300, 13, + 20, 312, 14, 21, 322, 160, 161, 162, 163, 164, + 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, + 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, + 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, + 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, + 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 285, 286, 287, 288, 289, 290, 291, 301, 302, 303, + 304, 305, 306, 313, 314, 315, 316, 317, 323, 324, + 325, 326, 15, 22, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 16, 23, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 17, 24, + 370, 371, 292, 293 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -1162,113 +1240,130 @@ number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_uint16 yytable[] = { - 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, - 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, - 42, 43, 44, 45, 46, 47, 48, 325, 328, 329, - 330, 49, 50, 51, 331, 332, 333, 52, 53, 54, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, - 85, 86, 87, 88, 89, 90, 91, 92, 263, 334, - 264, 265, 335, 336, 337, 338, 274, 93, 94, 95, - 339, 96, 97, 98, 275, 276, 99, 100, 101, 102, - 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, - 113, 114, 115, 116, 117, 118, 119, 120, 2, 340, - 121, 122, 123, 124, 125, 126, 127, 128, 129, 3, - 341, 283, 284, 285, 286, 287, 288, 289, 290, 342, - 343, 266, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 141, 344, 345, 346, 347, 4, 348, - 349, 350, 351, 352, 5, 353, 354, 355, 356, 357, - 267, 358, 359, 360, 361, 362, 363, 277, 300, 301, - 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, - 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 6, 382, - 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, - 393, 394, 395, 396, 7, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 8, - 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, - 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481 + 2, 318, 294, 369, 295, 296, 307, 372, 373, 374, + 0, 3, 375, 376, 308, 309, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 327, 328, + 329, 330, 331, 332, 333, 334, 377, 319, 320, 378, + 379, 4, 380, 381, 382, 383, 384, 5, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 297, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 6, 427, 428, 298, 429, 299, 310, 430, 311, + 431, 432, 433, 434, 435, 436, 437, 7, 438, 439, + 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, + 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, + 470, 321, 471, 472, 8, 0, 473, 25, 26, 27, + 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, + 48, 49, 50, 51, 52, 474, 475, 476, 9, 53, + 54, 55, 477, 478, 479, 56, 57, 58, 59, 60, + 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, + 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, + 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, + 91, 92, 93, 94, 95, 96, 480, 481, 482, 483, + 484, 485, 486, 487, 488, 97, 98, 99, 489, 100, + 101, 102, 490, 491, 103, 104, 105, 106, 107, 108, + 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, + 119, 120, 121, 122, 123, 124, 492, 493, 494, 495, + 125, 126, 127, 128, 129, 130, 131, 132, 133, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 134, 135, 136, 137, 138, 139, 140, 141, + 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, + 152, 153, 154, 509, 155, 510, 156, 157, 158, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555 }; -static const yytype_uint8 yycheck[] = +static const yytype_int16 yycheck[] = { - 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, - 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, - 32, 33, 34, 35, 36, 37, 38, 107, 10, 10, - 10, 43, 44, 45, 10, 10, 10, 49, 50, 51, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, - 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 83, 84, 85, 86, 87, 88, 89, 39, 10, - 41, 42, 10, 10, 10, 10, 39, 99, 100, 101, - 10, 103, 104, 105, 47, 48, 108, 109, 110, 111, - 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, - 122, 123, 124, 125, 126, 127, 128, 129, 0, 10, - 132, 133, 134, 135, 136, 137, 138, 139, 140, 11, - 10, 91, 92, 93, 94, 95, 96, 97, 98, 10, - 10, 102, 154, 155, 156, 157, 158, 159, 160, 161, - 162, 163, 164, 165, 10, 10, 10, 10, 40, 10, - 10, 10, 10, 10, 46, 10, 10, 10, 10, 10, - 131, 10, 10, 10, 10, 10, 10, 130, 142, 143, - 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, + 0, 40, 40, 108, 42, 43, 40, 10, 10, 10, + -1, 11, 10, 10, 48, 49, 145, 146, 147, 148, + 149, 150, 151, 152, 153, 154, 155, 156, 92, 93, + 94, 95, 96, 97, 98, 99, 10, 76, 77, 10, + 10, 41, 10, 10, 10, 10, 10, 47, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 90, 10, + 10, 10, 10, 10, 10, 103, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 106, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 91, 10, 10, 132, 10, 134, 131, 10, 133, + 10, 10, 10, 10, 10, 10, 10, 107, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 141, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 180, 10, 10, 144, -1, 10, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 10, 10, 10, 178, 44, + 45, 46, 10, 10, 10, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, 86, 87, 88, 89, 90, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 100, 101, 102, 10, 104, + 105, 106, 10, 10, 109, 110, 111, 112, 113, 114, + 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, + 125, 126, 127, 128, 129, 130, 10, 10, 10, 10, + 135, 136, 137, 138, 139, 140, 141, 142, 143, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 157, 158, 159, 160, 161, 162, 163, 164, + 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, + 175, 176, 177, 10, 179, 10, 181, 182, 183, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10 + 10, 10, 10, 10 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint16 yystos[] = { - 0, 167, 0, 11, 40, 46, 90, 106, 141, 168, - 169, 172, 175, 307, 318, 333, 170, 173, 176, 308, - 319, 334, 12, 13, 14, 15, 16, 17, 18, 19, - 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, 33, 34, 35, 36, 37, 38, 43, - 44, 45, 49, 50, 51, 52, 53, 54, 55, 56, - 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, - 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, - 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, - 87, 88, 89, 99, 100, 101, 103, 104, 105, 108, - 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, - 129, 132, 133, 134, 135, 136, 137, 138, 139, 140, - 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, - 164, 165, 171, 178, 179, 180, 181, 182, 183, 184, - 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, - 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, - 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, - 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 39, 41, 42, 102, 131, 174, 298, - 299, 300, 301, 302, 39, 47, 48, 130, 177, 303, - 304, 305, 306, 91, 92, 93, 94, 95, 96, 97, - 98, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, - 152, 153, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 107, 335, 336, 10, 10, + 0, 185, 0, 11, 41, 47, 91, 107, 144, 178, + 186, 187, 190, 193, 196, 346, 357, 372, 188, 191, + 194, 197, 347, 358, 373, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, + 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, + 37, 38, 39, 44, 45, 46, 50, 51, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, + 84, 85, 86, 87, 88, 89, 90, 100, 101, 102, + 104, 105, 106, 109, 110, 111, 112, 113, 114, 115, + 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, + 126, 127, 128, 129, 130, 135, 136, 137, 138, 139, + 140, 141, 142, 143, 157, 158, 159, 160, 161, 162, + 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, + 173, 174, 175, 176, 177, 179, 181, 182, 183, 189, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, + 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, + 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, + 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, + 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, + 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, + 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 376, 377, 40, 42, 43, 103, 132, 134, + 192, 331, 332, 333, 334, 335, 336, 40, 48, 49, + 131, 133, 195, 337, 338, 339, 340, 341, 40, 76, + 77, 180, 198, 342, 343, 344, 345, 92, 93, 94, + 95, 96, 97, 98, 99, 348, 349, 350, 351, 352, + 353, 354, 355, 356, 145, 146, 147, 148, 149, 150, + 151, 152, 153, 154, 155, 156, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 108, + 374, 375, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -1284,52 +1379,57 @@ 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10 + 10, 10, 10, 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint16 yyr1[] = { - 0, 166, 167, 167, 168, 168, 168, 168, 168, 168, - 169, 170, 170, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, - 171, 171, 171, 172, 173, 173, 174, 174, 174, 174, - 174, 175, 176, 176, 177, 177, 177, 177, 178, 179, - 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, - 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 307, 308, 308, - 309, 309, 309, 309, 309, 309, 309, 309, 310, 311, - 312, 313, 314, 315, 316, 317, 318, 319, 319, 320, - 320, 320, 320, 320, 320, 320, 320, 320, 320, 320, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 334, 335, 336 + 0, 184, 185, 185, 186, 186, 186, 186, 186, 186, + 186, 187, 188, 188, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 189, 189, + 189, 189, 189, 189, 189, 189, 189, 189, 190, 191, + 191, 192, 192, 192, 192, 192, 192, 193, 194, 194, + 195, 195, 195, 195, 195, 196, 197, 197, 198, 198, + 198, 198, 199, 200, 201, 202, 203, 204, 205, 206, + 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, + 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, + 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, + 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, + 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, + 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, + 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, + 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, + 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, + 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 347, 347, 348, 348, 348, 348, 348, 348, 348, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 358, 359, 359, 359, 359, 359, 359, 359, 359, 359, + 359, 359, 359, 360, 361, 362, 363, 364, 365, 366, + 367, 368, 369, 370, 371, 372, 373, 373, 374, 375, + 376, 377 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, + 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1341,8 +1441,11 @@ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 2, 0, 1, 1, 1, 1, 2, 2, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 1, 2, 0, + 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, + 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1350,17 +1453,19 @@ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 3, 3, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 1, 2, 0, 1, 2 + 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, + 3, 3, 4, 4, 4, 3, 2, 2, 2, 3, + 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 3, 2, 2, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 1, 2, 0, 1, 2, + 2, 2 }; @@ -2036,16 +2141,16 @@ YY_REDUCE_PRINT (yyn); switch (yyn) { - case 10: -#line 138 "util/configparser.y" /* yacc.c:1646 */ + case 11: +#line 146 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(server:)\n")); } -#line 2045 "util/configparser.c" /* yacc.c:1646 */ +#line 2150 "util/configparser.c" /* yacc.c:1646 */ break; - case 133: -#line 197 "util/configparser.y" /* yacc.c:1646 */ + case 148: +#line 212 "util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -2056,11 +2161,11 @@ } else yyerror("out of memory"); } -#line 2060 "util/configparser.c" /* yacc.c:1646 */ +#line 2165 "util/configparser.c" /* yacc.c:1646 */ break; - case 141: -#line 213 "util/configparser.y" /* yacc.c:1646 */ + case 157: +#line 229 "util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -2071,11 +2176,28 @@ } else yyerror("out of memory"); } -#line 2075 "util/configparser.c" /* yacc.c:1646 */ +#line 2180 "util/configparser.c" /* yacc.c:1646 */ break; - case 148: -#line 229 "util/configparser.y" /* yacc.c:1646 */ + case 165: +#line 246 "util/configparser.y" /* yacc.c:1646 */ + { + struct config_view* s; + OUTYY(("\nP(view:)\n")); + s = (struct config_view*)calloc(1, sizeof(struct config_view)); + if(s) { + s->next = cfg_parser->cfg->views; + if(s->next && !s->next->name) + yyerror("view without name"); + cfg_parser->cfg->views = s; + } else + yyerror("out of memory"); + } +#line 2197 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 172: +#line 264 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2083,11 +2205,11 @@ else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2087 "util/configparser.c" /* yacc.c:1646 */ +#line 2209 "util/configparser.c" /* yacc.c:1646 */ break; - case 149: -#line 238 "util/configparser.y" /* yacc.c:1646 */ + case 173: +#line 273 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2095,11 +2217,11 @@ else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2099 "util/configparser.c" /* yacc.c:1646 */ +#line 2221 "util/configparser.c" /* yacc.c:1646 */ break; - case 150: -#line 247 "util/configparser.y" /* yacc.c:1646 */ + case 174: +#line 282 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2109,11 +2231,11 @@ else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2113 "util/configparser.c" /* yacc.c:1646 */ +#line 2235 "util/configparser.c" /* yacc.c:1646 */ break; - case 151: -#line 258 "util/configparser.y" /* yacc.c:1646 */ + case 175: +#line 293 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2121,11 +2243,11 @@ else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2125 "util/configparser.c" /* yacc.c:1646 */ +#line 2247 "util/configparser.c" /* yacc.c:1646 */ break; - case 152: -#line 267 "util/configparser.y" /* yacc.c:1646 */ + case 176: +#line 302 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2133,11 +2255,11 @@ else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2137 "util/configparser.c" /* yacc.c:1646 */ +#line 2259 "util/configparser.c" /* yacc.c:1646 */ break; - case 153: -#line 276 "util/configparser.y" /* yacc.c:1646 */ + case 177: +#line 311 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2145,11 +2267,11 @@ else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2149 "util/configparser.c" /* yacc.c:1646 */ +#line 2271 "util/configparser.c" /* yacc.c:1646 */ break; - case 154: -#line 285 "util/configparser.y" /* yacc.c:1646 */ + case 178: +#line 320 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -2161,11 +2283,11 @@ else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 2165 "util/configparser.c" /* yacc.c:1646 */ +#line 2287 "util/configparser.c" /* yacc.c:1646 */ break; - case 155: -#line 298 "util/configparser.y" /* yacc.c:1646 */ + case 179: +#line 333 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -2179,11 +2301,11 @@ cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 2183 "util/configparser.c" /* yacc.c:1646 */ +#line 2305 "util/configparser.c" /* yacc.c:1646 */ break; - case 156: -#line 313 "util/configparser.y" /* yacc.c:1646 */ + case 180: +#line 348 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2191,11 +2313,11 @@ else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2195 "util/configparser.c" /* yacc.c:1646 */ +#line 2317 "util/configparser.c" /* yacc.c:1646 */ break; - case 157: -#line 322 "util/configparser.y" /* yacc.c:1646 */ + case 181: +#line 357 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -2203,11 +2325,11 @@ yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 2207 "util/configparser.c" /* yacc.c:1646 */ +#line 2329 "util/configparser.c" /* yacc.c:1646 */ break; - case 158: -#line 331 "util/configparser.y" /* yacc.c:1646 */ + case 182: +#line 366 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -2215,11 +2337,11 @@ yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 2219 "util/configparser.c" /* yacc.c:1646 */ +#line 2341 "util/configparser.c" /* yacc.c:1646 */ break; - case 159: -#line 340 "util/configparser.y" /* yacc.c:1646 */ + case 183: +#line 375 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2227,11 +2349,11 @@ else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2231 "util/configparser.c" /* yacc.c:1646 */ +#line 2353 "util/configparser.c" /* yacc.c:1646 */ break; - case 160: -#line 349 "util/configparser.y" /* yacc.c:1646 */ + case 184: +#line 384 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2239,11 +2361,11 @@ else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2243 "util/configparser.c" /* yacc.c:1646 */ +#line 2365 "util/configparser.c" /* yacc.c:1646 */ break; - case 161: -#line 358 "util/configparser.y" /* yacc.c:1646 */ + case 185: +#line 393 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2251,11 +2373,11 @@ else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2255 "util/configparser.c" /* yacc.c:1646 */ +#line 2377 "util/configparser.c" /* yacc.c:1646 */ break; - case 162: -#line 367 "util/configparser.y" /* yacc.c:1646 */ + case 186: +#line 402 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2263,11 +2385,11 @@ else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2267 "util/configparser.c" /* yacc.c:1646 */ +#line 2389 "util/configparser.c" /* yacc.c:1646 */ break; - case 163: -#line 376 "util/configparser.y" /* yacc.c:1646 */ + case 187: +#line 411 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2275,11 +2397,11 @@ else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2279 "util/configparser.c" /* yacc.c:1646 */ +#line 2401 "util/configparser.c" /* yacc.c:1646 */ break; - case 164: -#line 385 "util/configparser.y" /* yacc.c:1646 */ + case 188: +#line 420 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2287,11 +2409,11 @@ else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2291 "util/configparser.c" /* yacc.c:1646 */ +#line 2413 "util/configparser.c" /* yacc.c:1646 */ break; - case 165: -#line 394 "util/configparser.y" /* yacc.c:1646 */ + case 189: +#line 429 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2299,11 +2421,23 @@ else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2303 "util/configparser.c" /* yacc.c:1646 */ +#line 2425 "util/configparser.c" /* yacc.c:1646 */ break; - case 166: -#line 403 "util/configparser.y" /* yacc.c:1646 */ + case 190: +#line 438 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 2437 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 191: +#line 447 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2311,11 +2445,11 @@ else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2315 "util/configparser.c" /* yacc.c:1646 */ +#line 2449 "util/configparser.c" /* yacc.c:1646 */ break; - case 167: -#line 412 "util/configparser.y" /* yacc.c:1646 */ + case 192: +#line 456 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2323,11 +2457,11 @@ else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2327 "util/configparser.c" /* yacc.c:1646 */ +#line 2461 "util/configparser.c" /* yacc.c:1646 */ break; - case 168: -#line 421 "util/configparser.y" /* yacc.c:1646 */ + case 193: +#line 465 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2335,11 +2469,11 @@ else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2339 "util/configparser.c" /* yacc.c:1646 */ +#line 2473 "util/configparser.c" /* yacc.c:1646 */ break; - case 169: -#line 430 "util/configparser.y" /* yacc.c:1646 */ + case 194: +#line 474 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2347,31 +2481,31 @@ else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2351 "util/configparser.c" /* yacc.c:1646 */ +#line 2485 "util/configparser.c" /* yacc.c:1646 */ break; - case 170: -#line 439 "util/configparser.y" /* yacc.c:1646 */ + case 195: +#line 483 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 2361 "util/configparser.c" /* yacc.c:1646 */ +#line 2495 "util/configparser.c" /* yacc.c:1646 */ break; - case 171: -#line 446 "util/configparser.y" /* yacc.c:1646 */ + case 196: +#line 490 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 2371 "util/configparser.c" /* yacc.c:1646 */ +#line 2505 "util/configparser.c" /* yacc.c:1646 */ break; - case 172: -#line 453 "util/configparser.y" /* yacc.c:1646 */ + case 197: +#line 497 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2379,11 +2513,11 @@ else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2383 "util/configparser.c" /* yacc.c:1646 */ +#line 2517 "util/configparser.c" /* yacc.c:1646 */ break; - case 173: -#line 462 "util/configparser.y" /* yacc.c:1646 */ + case 198: +#line 506 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2391,11 +2525,11 @@ else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2395 "util/configparser.c" /* yacc.c:1646 */ +#line 2529 "util/configparser.c" /* yacc.c:1646 */ break; - case 174: -#line 471 "util/configparser.y" /* yacc.c:1646 */ + case 199: +#line 515 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2408,11 +2542,11 @@ #endif free((yyvsp[0].str)); } -#line 2412 "util/configparser.c" /* yacc.c:1646 */ +#line 2546 "util/configparser.c" /* yacc.c:1646 */ break; - case 175: -#line 485 "util/configparser.y" /* yacc.c:1646 */ + case 200: +#line 529 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2420,11 +2554,11 @@ else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2424 "util/configparser.c" /* yacc.c:1646 */ +#line 2558 "util/configparser.c" /* yacc.c:1646 */ break; - case 176: -#line 494 "util/configparser.y" /* yacc.c:1646 */ + case 201: +#line 538 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2432,145 +2566,162 @@ else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2436 "util/configparser.c" /* yacc.c:1646 */ +#line 2570 "util/configparser.c" /* yacc.c:1646 */ break; - case 177: -#line 503 "util/configparser.y" /* yacc.c:1646 */ + case 202: +#line 547 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 2446 "util/configparser.c" /* yacc.c:1646 */ +#line 2580 "util/configparser.c" /* yacc.c:1646 */ break; - case 178: -#line 510 "util/configparser.y" /* yacc.c:1646 */ + case 203: +#line 554 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 2456 "util/configparser.c" /* yacc.c:1646 */ +#line 2590 "util/configparser.c" /* yacc.c:1646 */ break; - case 179: -#line 517 "util/configparser.y" /* yacc.c:1646 */ + case 204: +#line 561 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); cfg_parser->cfg->directory = (yyvsp[0].str); + /* change there right away for includes relative to this */ + if((yyvsp[0].str)[0]) { + char* d; +#ifdef UB_ON_WINDOWS + w_config_adjust_directory(cfg_parser->cfg); +#endif + d = cfg_parser->cfg->directory; + /* adjust directory if we have already chroot, + * like, we reread after sighup */ + if(cfg_parser->chroot && cfg_parser->chroot[0] && + strncmp(d, cfg_parser->chroot, strlen( + cfg_parser->chroot)) == 0) + d += strlen(cfg_parser->chroot); + if(chdir(d)) + log_err("cannot chdir to directory: %s (%s)", + d, strerror(errno)); + } } -#line 2466 "util/configparser.c" /* yacc.c:1646 */ +#line 2617 "util/configparser.c" /* yacc.c:1646 */ break; - case 180: -#line 524 "util/configparser.y" /* yacc.c:1646 */ + case 205: +#line 585 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 2477 "util/configparser.c" /* yacc.c:1646 */ +#line 2628 "util/configparser.c" /* yacc.c:1646 */ break; - case 181: -#line 532 "util/configparser.y" /* yacc.c:1646 */ + case 206: +#line 593 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 2487 "util/configparser.c" /* yacc.c:1646 */ +#line 2638 "util/configparser.c" /* yacc.c:1646 */ break; - case 182: -#line 539 "util/configparser.y" /* yacc.c:1646 */ + case 207: +#line 600 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2497 "util/configparser.c" /* yacc.c:1646 */ +#line 2648 "util/configparser.c" /* yacc.c:1646 */ break; - case 183: -#line 546 "util/configparser.y" /* yacc.c:1646 */ + case 208: +#line 607 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); } -#line 2507 "util/configparser.c" /* yacc.c:1646 */ +#line 2658 "util/configparser.c" /* yacc.c:1646 */ break; - case 184: -#line 553 "util/configparser.y" /* yacc.c:1646 */ + case 209: +#line 614 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2517 "util/configparser.c" /* yacc.c:1646 */ +#line 2668 "util/configparser.c" /* yacc.c:1646 */ break; - case 185: -#line 560 "util/configparser.y" /* yacc.c:1646 */ + case 210: +#line 621 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2528 "util/configparser.c" /* yacc.c:1646 */ +#line 2679 "util/configparser.c" /* yacc.c:1646 */ break; - case 186: -#line 568 "util/configparser.y" /* yacc.c:1646 */ + case 211: +#line 629 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2539 "util/configparser.c" /* yacc.c:1646 */ +#line 2690 "util/configparser.c" /* yacc.c:1646 */ break; - case 187: -#line 576 "util/configparser.y" /* yacc.c:1646 */ + case 212: +#line 637 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2550 "util/configparser.c" /* yacc.c:1646 */ +#line 2701 "util/configparser.c" /* yacc.c:1646 */ break; - case 188: -#line 584 "util/configparser.y" /* yacc.c:1646 */ + case 213: +#line 645 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2560 "util/configparser.c" /* yacc.c:1646 */ +#line 2711 "util/configparser.c" /* yacc.c:1646 */ break; - case 189: -#line 591 "util/configparser.y" /* yacc.c:1646 */ + case 214: +#line 652 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2570 "util/configparser.c" /* yacc.c:1646 */ +#line 2721 "util/configparser.c" /* yacc.c:1646 */ break; - case 190: -#line 598 "util/configparser.y" /* yacc.c:1646 */ + case 215: +#line 659 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2578,11 +2729,11 @@ else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2582 "util/configparser.c" /* yacc.c:1646 */ +#line 2733 "util/configparser.c" /* yacc.c:1646 */ break; - case 191: -#line 607 "util/configparser.y" /* yacc.c:1646 */ + case 216: +#line 668 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2590,53 +2741,53 @@ else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2594 "util/configparser.c" /* yacc.c:1646 */ +#line 2745 "util/configparser.c" /* yacc.c:1646 */ break; - case 192: -#line 616 "util/configparser.y" /* yacc.c:1646 */ + case 217: +#line 677 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 2604 "util/configparser.c" /* yacc.c:1646 */ +#line 2755 "util/configparser.c" /* yacc.c:1646 */ break; - case 193: -#line 623 "util/configparser.y" /* yacc.c:1646 */ + case 218: +#line 684 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 2614 "util/configparser.c" /* yacc.c:1646 */ +#line 2765 "util/configparser.c" /* yacc.c:1646 */ break; - case 194: -#line 630 "util/configparser.y" /* yacc.c:1646 */ + case 219: +#line 691 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 2625 "util/configparser.c" /* yacc.c:1646 */ +#line 2776 "util/configparser.c" /* yacc.c:1646 */ break; - case 195: -#line 638 "util/configparser.y" /* yacc.c:1646 */ + case 220: +#line 699 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 2636 "util/configparser.c" /* yacc.c:1646 */ +#line 2787 "util/configparser.c" /* yacc.c:1646 */ break; - case 196: -#line 646 "util/configparser.y" /* yacc.c:1646 */ + case 221: +#line 707 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2645,11 +2796,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2649 "util/configparser.c" /* yacc.c:1646 */ +#line 2800 "util/configparser.c" /* yacc.c:1646 */ break; - case 197: -#line 656 "util/configparser.y" /* yacc.c:1646 */ + case 222: +#line 717 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2658,11 +2809,24 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2662 "util/configparser.c" /* yacc.c:1646 */ +#line 2813 "util/configparser.c" /* yacc.c:1646 */ break; - case 198: -#line 666 "util/configparser.y" /* yacc.c:1646 */ + case 223: +#line 727 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ip_freebind = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 2826 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 224: +#line 737 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2674,11 +2838,11 @@ else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2678 "util/configparser.c" /* yacc.c:1646 */ +#line 2842 "util/configparser.c" /* yacc.c:1646 */ break; - case 199: -#line 679 "util/configparser.y" /* yacc.c:1646 */ + case 225: +#line 750 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2688,22 +2852,22 @@ else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2692 "util/configparser.c" /* yacc.c:1646 */ +#line 2856 "util/configparser.c" /* yacc.c:1646 */ break; - case 200: -#line 690 "util/configparser.y" /* yacc.c:1646 */ + case 226: +#line 761 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 2703 "util/configparser.c" /* yacc.c:1646 */ +#line 2867 "util/configparser.c" /* yacc.c:1646 */ break; - case 201: -#line 698 "util/configparser.y" /* yacc.c:1646 */ + case 227: +#line 769 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2715,11 +2879,11 @@ } free((yyvsp[0].str)); } -#line 2719 "util/configparser.c" /* yacc.c:1646 */ +#line 2883 "util/configparser.c" /* yacc.c:1646 */ break; - case 202: -#line 711 "util/configparser.y" /* yacc.c:1646 */ + case 228: +#line 782 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2727,11 +2891,11 @@ else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2731 "util/configparser.c" /* yacc.c:1646 */ +#line 2895 "util/configparser.c" /* yacc.c:1646 */ break; - case 203: -#line 720 "util/configparser.y" /* yacc.c:1646 */ + case 229: +#line 791 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2739,11 +2903,11 @@ else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2743 "util/configparser.c" /* yacc.c:1646 */ +#line 2907 "util/configparser.c" /* yacc.c:1646 */ break; - case 204: -#line 729 "util/configparser.y" /* yacc.c:1646 */ + case 230: +#line 800 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2751,11 +2915,11 @@ else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2755 "util/configparser.c" /* yacc.c:1646 */ +#line 2919 "util/configparser.c" /* yacc.c:1646 */ break; - case 205: -#line 738 "util/configparser.y" /* yacc.c:1646 */ + case 231: +#line 809 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2764,11 +2928,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2768 "util/configparser.c" /* yacc.c:1646 */ +#line 2932 "util/configparser.c" /* yacc.c:1646 */ break; - case 206: -#line 748 "util/configparser.y" /* yacc.c:1646 */ + case 232: +#line 819 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2777,22 +2941,22 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2781 "util/configparser.c" /* yacc.c:1646 */ +#line 2945 "util/configparser.c" /* yacc.c:1646 */ break; - case 207: -#line 758 "util/configparser.y" /* yacc.c:1646 */ + case 233: +#line 829 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 2792 "util/configparser.c" /* yacc.c:1646 */ +#line 2956 "util/configparser.c" /* yacc.c:1646 */ break; - case 208: -#line 766 "util/configparser.y" /* yacc.c:1646 */ + case 234: +#line 837 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2804,11 +2968,11 @@ } free((yyvsp[0].str)); } -#line 2808 "util/configparser.c" /* yacc.c:1646 */ +#line 2972 "util/configparser.c" /* yacc.c:1646 */ break; - case 209: -#line 779 "util/configparser.y" /* yacc.c:1646 */ + case 235: +#line 850 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2816,22 +2980,22 @@ else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2820 "util/configparser.c" /* yacc.c:1646 */ +#line 2984 "util/configparser.c" /* yacc.c:1646 */ break; - case 210: -#line 788 "util/configparser.y" /* yacc.c:1646 */ + case 236: +#line 859 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2831 "util/configparser.c" /* yacc.c:1646 */ +#line 2995 "util/configparser.c" /* yacc.c:1646 */ break; - case 211: -#line 796 "util/configparser.y" /* yacc.c:1646 */ + case 237: +#line 867 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2839,22 +3003,22 @@ else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2843 "util/configparser.c" /* yacc.c:1646 */ +#line 3007 "util/configparser.c" /* yacc.c:1646 */ break; - case 212: -#line 805 "util/configparser.y" /* yacc.c:1646 */ + case 238: +#line 876 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2854 "util/configparser.c" /* yacc.c:1646 */ +#line 3018 "util/configparser.c" /* yacc.c:1646 */ break; - case 213: -#line 813 "util/configparser.y" /* yacc.c:1646 */ + case 239: +#line 884 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2866,11 +3030,11 @@ } free((yyvsp[0].str)); } -#line 2870 "util/configparser.c" /* yacc.c:1646 */ +#line 3034 "util/configparser.c" /* yacc.c:1646 */ break; - case 214: -#line 826 "util/configparser.y" /* yacc.c:1646 */ + case 240: +#line 897 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2878,21 +3042,21 @@ else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2882 "util/configparser.c" /* yacc.c:1646 */ +#line 3046 "util/configparser.c" /* yacc.c:1646 */ break; - case 215: -#line 835 "util/configparser.y" /* yacc.c:1646 */ + case 241: +#line 906 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 2892 "util/configparser.c" /* yacc.c:1646 */ +#line 3056 "util/configparser.c" /* yacc.c:1646 */ break; - case 216: -#line 842 "util/configparser.y" /* yacc.c:1646 */ + case 242: +#line 913 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2901,11 +3065,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2905 "util/configparser.c" /* yacc.c:1646 */ +#line 3069 "util/configparser.c" /* yacc.c:1646 */ break; - case 217: -#line 852 "util/configparser.y" /* yacc.c:1646 */ + case 243: +#line 923 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2914,11 +3078,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2918 "util/configparser.c" /* yacc.c:1646 */ +#line 3082 "util/configparser.c" /* yacc.c:1646 */ break; - case 218: -#line 862 "util/configparser.y" /* yacc.c:1646 */ + case 244: +#line 933 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2927,11 +3091,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2931 "util/configparser.c" /* yacc.c:1646 */ +#line 3095 "util/configparser.c" /* yacc.c:1646 */ break; - case 219: -#line 872 "util/configparser.y" /* yacc.c:1646 */ + case 245: +#line 943 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2940,11 +3104,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2944 "util/configparser.c" /* yacc.c:1646 */ +#line 3108 "util/configparser.c" /* yacc.c:1646 */ break; - case 220: -#line 882 "util/configparser.y" /* yacc.c:1646 */ + case 246: +#line 953 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2953,11 +3117,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2957 "util/configparser.c" /* yacc.c:1646 */ +#line 3121 "util/configparser.c" /* yacc.c:1646 */ break; - case 221: -#line 892 "util/configparser.y" /* yacc.c:1646 */ + case 247: +#line 963 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2966,11 +3130,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2970 "util/configparser.c" /* yacc.c:1646 */ +#line 3134 "util/configparser.c" /* yacc.c:1646 */ break; - case 222: -#line 902 "util/configparser.y" /* yacc.c:1646 */ + case 248: +#line 973 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2979,11 +3143,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2983 "util/configparser.c" /* yacc.c:1646 */ +#line 3147 "util/configparser.c" /* yacc.c:1646 */ break; - case 223: -#line 912 "util/configparser.y" /* yacc.c:1646 */ + case 249: +#line 983 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2992,41 +3156,41 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2996 "util/configparser.c" /* yacc.c:1646 */ +#line 3160 "util/configparser.c" /* yacc.c:1646 */ break; - case 224: -#line 922 "util/configparser.y" /* yacc.c:1646 */ + case 250: +#line 993 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3006 "util/configparser.c" /* yacc.c:1646 */ +#line 3170 "util/configparser.c" /* yacc.c:1646 */ break; - case 225: -#line 929 "util/configparser.y" /* yacc.c:1646 */ + case 251: +#line 1000 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3016 "util/configparser.c" /* yacc.c:1646 */ +#line 3180 "util/configparser.c" /* yacc.c:1646 */ break; - case 226: -#line 936 "util/configparser.y" /* yacc.c:1646 */ + case 252: +#line 1007 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3026 "util/configparser.c" /* yacc.c:1646 */ +#line 3190 "util/configparser.c" /* yacc.c:1646 */ break; - case 227: -#line 943 "util/configparser.y" /* yacc.c:1646 */ + case 253: +#line 1014 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3034,11 +3198,11 @@ else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3038 "util/configparser.c" /* yacc.c:1646 */ +#line 3202 "util/configparser.c" /* yacc.c:1646 */ break; - case 228: -#line 952 "util/configparser.y" /* yacc.c:1646 */ + case 254: +#line 1023 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3046,11 +3210,11 @@ else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3050 "util/configparser.c" /* yacc.c:1646 */ +#line 3214 "util/configparser.c" /* yacc.c:1646 */ break; - case 229: -#line 961 "util/configparser.y" /* yacc.c:1646 */ + case 255: +#line 1032 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3058,21 +3222,21 @@ else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3062 "util/configparser.c" /* yacc.c:1646 */ +#line 3226 "util/configparser.c" /* yacc.c:1646 */ break; - case 230: -#line 970 "util/configparser.y" /* yacc.c:1646 */ + case 256: +#line 1041 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3072 "util/configparser.c" /* yacc.c:1646 */ +#line 3236 "util/configparser.c" /* yacc.c:1646 */ break; - case 231: -#line 977 "util/configparser.y" /* yacc.c:1646 */ + case 257: +#line 1048 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3081,11 +3245,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3085 "util/configparser.c" /* yacc.c:1646 */ +#line 3249 "util/configparser.c" /* yacc.c:1646 */ break; - case 232: -#line 987 "util/configparser.y" /* yacc.c:1646 */ + case 258: +#line 1058 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -3101,21 +3265,21 @@ fatal_exit("out of memory adding acl"); } } -#line 3105 "util/configparser.c" /* yacc.c:1646 */ +#line 3269 "util/configparser.c" /* yacc.c:1646 */ break; - case 233: -#line 1004 "util/configparser.y" /* yacc.c:1646 */ + case 259: +#line 1075 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 3115 "util/configparser.c" /* yacc.c:1646 */ +#line 3279 "util/configparser.c" /* yacc.c:1646 */ break; - case 234: -#line 1011 "util/configparser.y" /* yacc.c:1646 */ + case 260: +#line 1082 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3132,11 +3296,11 @@ } free((yyvsp[0].str)); } -#line 3136 "util/configparser.c" /* yacc.c:1646 */ +#line 3300 "util/configparser.c" /* yacc.c:1646 */ break; - case 235: -#line 1029 "util/configparser.y" /* yacc.c:1646 */ + case 261: +#line 1100 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3148,11 +3312,11 @@ } free((yyvsp[0].str)); } -#line 3152 "util/configparser.c" /* yacc.c:1646 */ +#line 3316 "util/configparser.c" /* yacc.c:1646 */ break; - case 236: -#line 1042 "util/configparser.y" /* yacc.c:1646 */ + case 262: +#line 1113 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3164,11 +3328,11 @@ } free((yyvsp[0].str)); } -#line 3168 "util/configparser.c" /* yacc.c:1646 */ +#line 3332 "util/configparser.c" /* yacc.c:1646 */ break; - case 237: -#line 1055 "util/configparser.y" /* yacc.c:1646 */ + case 263: +#line 1126 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3176,11 +3340,11 @@ else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3180 "util/configparser.c" /* yacc.c:1646 */ +#line 3344 "util/configparser.c" /* yacc.c:1646 */ break; - case 238: -#line 1064 "util/configparser.y" /* yacc.c:1646 */ + case 264: +#line 1135 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3188,11 +3352,11 @@ else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3192 "util/configparser.c" /* yacc.c:1646 */ +#line 3356 "util/configparser.c" /* yacc.c:1646 */ break; - case 239: -#line 1073 "util/configparser.y" /* yacc.c:1646 */ + case 265: +#line 1144 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3200,11 +3364,11 @@ else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3204 "util/configparser.c" /* yacc.c:1646 */ +#line 3368 "util/configparser.c" /* yacc.c:1646 */ break; - case 240: -#line 1082 "util/configparser.y" /* yacc.c:1646 */ + case 266: +#line 1153 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3212,11 +3376,11 @@ else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3216 "util/configparser.c" /* yacc.c:1646 */ +#line 3380 "util/configparser.c" /* yacc.c:1646 */ break; - case 241: -#line 1091 "util/configparser.y" /* yacc.c:1646 */ + case 267: +#line 1162 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3225,11 +3389,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3229 "util/configparser.c" /* yacc.c:1646 */ +#line 3393 "util/configparser.c" /* yacc.c:1646 */ break; - case 242: -#line 1101 "util/configparser.y" /* yacc.c:1646 */ + case 268: +#line 1172 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3238,11 +3402,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3242 "util/configparser.c" /* yacc.c:1646 */ +#line 3406 "util/configparser.c" /* yacc.c:1646 */ break; - case 243: -#line 1111 "util/configparser.y" /* yacc.c:1646 */ + case 269: +#line 1182 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3250,11 +3414,37 @@ else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3254 "util/configparser.c" /* yacc.c:1646 */ +#line 3418 "util/configparser.c" /* yacc.c:1646 */ break; - case 244: -#line 1120 "util/configparser.y" /* yacc.c:1646 */ + case 270: +#line 1191 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3430 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 271: +#line 1200 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else fake_dsa = (strcmp((yyvsp[0].str), "yes")==0); + if(fake_dsa) + log_warn("test option fake_dsa is enabled"); + free((yyvsp[0].str)); + } +#line 3444 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 272: +#line 1211 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3262,21 +3452,21 @@ else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3266 "util/configparser.c" /* yacc.c:1646 */ +#line 3456 "util/configparser.c" /* yacc.c:1646 */ break; - case 245: -#line 1129 "util/configparser.y" /* yacc.c:1646 */ + case 273: +#line 1220 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 3276 "util/configparser.c" /* yacc.c:1646 */ +#line 3466 "util/configparser.c" /* yacc.c:1646 */ break; - case 246: -#line 1136 "util/configparser.y" /* yacc.c:1646 */ + case 274: +#line 1227 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3284,11 +3474,11 @@ else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3288 "util/configparser.c" /* yacc.c:1646 */ +#line 3478 "util/configparser.c" /* yacc.c:1646 */ break; - case 247: -#line 1145 "util/configparser.y" /* yacc.c:1646 */ + case 275: +#line 1236 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3296,11 +3486,11 @@ else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3300 "util/configparser.c" /* yacc.c:1646 */ +#line 3490 "util/configparser.c" /* yacc.c:1646 */ break; - case 248: -#line 1154 "util/configparser.y" /* yacc.c:1646 */ + case 276: +#line 1245 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3308,11 +3498,11 @@ else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3312 "util/configparser.c" /* yacc.c:1646 */ +#line 3502 "util/configparser.c" /* yacc.c:1646 */ break; - case 249: -#line 1163 "util/configparser.y" /* yacc.c:1646 */ + case 277: +#line 1254 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3321,22 +3511,22 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3325 "util/configparser.c" /* yacc.c:1646 */ +#line 3515 "util/configparser.c" /* yacc.c:1646 */ break; - case 250: -#line 1172 "util/configparser.y" /* yacc.c:1646 */ + case 278: +#line 1263 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3336 "util/configparser.c" /* yacc.c:1646 */ +#line 3526 "util/configparser.c" /* yacc.c:1646 */ break; - case 251: -#line 1180 "util/configparser.y" /* yacc.c:1646 */ + case 279: +#line 1271 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3348,33 +3538,37 @@ } free((yyvsp[0].str)); } -#line 3352 "util/configparser.c" /* yacc.c:1646 */ +#line 3542 "util/configparser.c" /* yacc.c:1646 */ break; - case 252: -#line 1193 "util/configparser.y" /* yacc.c:1646 */ + case 280: +#line 1284 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3363 "util/configparser.c" /* yacc.c:1646 */ +#line 3553 "util/configparser.c" /* yacc.c:1646 */ break; - case 253: -#line 1201 "util/configparser.y" /* yacc.c:1646 */ + case 281: +#line 1292 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 - && strcmp((yyvsp[0].str), "typetransparent")!=0 && - strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) + && strcmp((yyvsp[0].str), "typetransparent")!=0 + && strcmp((yyvsp[0].str), "always_transparent")!=0 + && strcmp((yyvsp[0].str), "always_refuse")!=0 + && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny " - "or nodefault"); + "typetransparent, inform, inform_deny, " + "always_transparent, always_refuse, " + "always_nxdomain or nodefault"); else if(strcmp((yyvsp[0].str), "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, (yyvsp[-1].str))) @@ -3386,21 +3580,21 @@ fatal_exit("out of memory adding local-zone"); } } -#line 3390 "util/configparser.c" /* yacc.c:1646 */ +#line 3584 "util/configparser.c" /* yacc.c:1646 */ break; - case 254: -#line 1225 "util/configparser.y" /* yacc.c:1646 */ + case 282: +#line 1320 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 3400 "util/configparser.c" /* yacc.c:1646 */ +#line 3594 "util/configparser.c" /* yacc.c:1646 */ break; - case 255: -#line 1232 "util/configparser.y" /* yacc.c:1646 */ + case 283: +#line 1327 "util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -3414,11 +3608,11 @@ yyerror("local-data-ptr could not be reversed"); } } -#line 3418 "util/configparser.c" /* yacc.c:1646 */ +#line 3612 "util/configparser.c" /* yacc.c:1646 */ break; - case 256: -#line 1247 "util/configparser.y" /* yacc.c:1646 */ + case 284: +#line 1342 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3427,11 +3621,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3431 "util/configparser.c" /* yacc.c:1646 */ +#line 3625 "util/configparser.c" /* yacc.c:1646 */ break; - case 257: -#line 1257 "util/configparser.y" /* yacc.c:1646 */ + case 285: +#line 1352 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3440,31 +3634,31 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3444 "util/configparser.c" /* yacc.c:1646 */ +#line 3638 "util/configparser.c" /* yacc.c:1646 */ break; - case 258: -#line 1267 "util/configparser.y" /* yacc.c:1646 */ + case 286: +#line 1362 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3454 "util/configparser.c" /* yacc.c:1646 */ +#line 3648 "util/configparser.c" /* yacc.c:1646 */ break; - case 259: -#line 1274 "util/configparser.y" /* yacc.c:1646 */ + case 287: +#line 1369 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 3464 "util/configparser.c" /* yacc.c:1646 */ +#line 3658 "util/configparser.c" /* yacc.c:1646 */ break; - case 260: -#line 1281 "util/configparser.y" /* yacc.c:1646 */ + case 288: +#line 1376 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3472,11 +3666,131 @@ else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3476 "util/configparser.c" /* yacc.c:1646 */ +#line 3670 "util/configparser.c" /* yacc.c:1646 */ break; - case 261: -#line 1290 "util/configparser.y" /* yacc.c:1646 */ + case 289: +#line 1385 "util/configparser.y" /* yacc.c:1646 */ + { + char* p, *s = (yyvsp[0].str); + OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); + while((p=strsep(&s, " \t\n")) != NULL) { + if(*p) { + if(!config_add_tag(cfg_parser->cfg, p)) + yyerror("could not define-tag, " + "out of memory"); + } + } + free((yyvsp[0].str)); + } +#line 3687 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 290: +#line 1399 "util/configparser.y" /* yacc.c:1646 */ + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), + &len); + free((yyvsp[0].str)); + OUTYY(("P(server_local_zone_tag:%s)\n", (yyvsp[-1].str))); + if(!bitlist) + yyerror("could not parse tags, (define-tag them first)"); + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->local_zone_tags, + (yyvsp[-1].str), bitlist, len)) { + yyerror("out of memory"); + free((yyvsp[-1].str)); + } + } + } +#line 3709 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 291: +#line 1418 "util/configparser.y" /* yacc.c:1646 */ + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), + &len); + free((yyvsp[0].str)); + OUTYY(("P(server_access_control_tag:%s)\n", (yyvsp[-1].str))); + if(!bitlist) + yyerror("could not parse tags, (define-tag them first)"); + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->acl_tags, + (yyvsp[-1].str), bitlist, len)) { + yyerror("out of memory"); + free((yyvsp[-1].str)); + } + } + } +#line 3731 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 292: +#line 1437 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, + (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + free((yyvsp[-2].str)); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } + } +#line 3746 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 293: +#line 1449 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, + (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + free((yyvsp[-2].str)); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } + } +#line 3761 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 294: +#line 1461 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, + (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + free((yyvsp[-2].str)); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } + } +#line 3776 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 295: +#line 1473 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, + (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } + } +#line 3790 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 296: +#line 1484 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3484,22 +3798,22 @@ else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3488 "util/configparser.c" /* yacc.c:1646 */ +#line 3802 "util/configparser.c" /* yacc.c:1646 */ break; - case 262: -#line 1299 "util/configparser.y" /* yacc.c:1646 */ + case 297: +#line 1493 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3499 "util/configparser.c" /* yacc.c:1646 */ +#line 3813 "util/configparser.c" /* yacc.c:1646 */ break; - case 263: -#line 1307 "util/configparser.y" /* yacc.c:1646 */ + case 298: +#line 1501 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3511,11 +3825,11 @@ } free((yyvsp[0].str)); } -#line 3515 "util/configparser.c" /* yacc.c:1646 */ +#line 3829 "util/configparser.c" /* yacc.c:1646 */ break; - case 264: -#line 1320 "util/configparser.y" /* yacc.c:1646 */ + case 299: +#line 1514 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -3527,11 +3841,11 @@ "ratelimit-for-domain"); } } -#line 3531 "util/configparser.c" /* yacc.c:1646 */ +#line 3845 "util/configparser.c" /* yacc.c:1646 */ break; - case 265: -#line 1333 "util/configparser.y" /* yacc.c:1646 */ + case 300: +#line 1527 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -3543,11 +3857,11 @@ "ratelimit-below-domain"); } } -#line 3547 "util/configparser.c" /* yacc.c:1646 */ +#line 3861 "util/configparser.c" /* yacc.c:1646 */ break; - case 266: -#line 1346 "util/configparser.y" /* yacc.c:1646 */ + case 301: +#line 1540 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3555,11 +3869,11 @@ else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3559 "util/configparser.c" /* yacc.c:1646 */ +#line 3873 "util/configparser.c" /* yacc.c:1646 */ break; - case 267: -#line 1355 "util/configparser.y" /* yacc.c:1646 */ + case 302: +#line 1549 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3568,11 +3882,24 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3572 "util/configparser.c" /* yacc.c:1646 */ +#line 3886 "util/configparser.c" /* yacc.c:1646 */ break; - case 268: -#line 1365 "util/configparser.y" /* yacc.c:1646 */ + case 303: +#line 1559 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->qname_minimisation_strict = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3899 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 304: +#line 1569 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -3581,31 +3908,31 @@ free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 3585 "util/configparser.c" /* yacc.c:1646 */ +#line 3912 "util/configparser.c" /* yacc.c:1646 */ break; - case 269: -#line 1375 "util/configparser.y" /* yacc.c:1646 */ + case 305: +#line 1579 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3595 "util/configparser.c" /* yacc.c:1646 */ +#line 3922 "util/configparser.c" /* yacc.c:1646 */ break; - case 270: -#line 1382 "util/configparser.y" /* yacc.c:1646 */ + case 306: +#line 1586 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3605 "util/configparser.c" /* yacc.c:1646 */ +#line 3932 "util/configparser.c" /* yacc.c:1646 */ break; - case 271: -#line 1389 "util/configparser.y" /* yacc.c:1646 */ + case 307: +#line 1593 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3613,11 +3940,24 @@ else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3617 "util/configparser.c" /* yacc.c:1646 */ +#line 3944 "util/configparser.c" /* yacc.c:1646 */ break; - case 272: -#line 1398 "util/configparser.y" /* yacc.c:1646 */ + case 308: +#line 1602 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stubs->ssl_upstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3957 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 309: +#line 1612 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3626,11 +3966,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3630 "util/configparser.c" /* yacc.c:1646 */ +#line 3970 "util/configparser.c" /* yacc.c:1646 */ break; - case 273: -#line 1408 "util/configparser.y" /* yacc.c:1646 */ + case 310: +#line 1622 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -3639,31 +3979,31 @@ free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 3643 "util/configparser.c" /* yacc.c:1646 */ +#line 3983 "util/configparser.c" /* yacc.c:1646 */ break; - case 274: -#line 1418 "util/configparser.y" /* yacc.c:1646 */ + case 311: +#line 1632 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3653 "util/configparser.c" /* yacc.c:1646 */ +#line 3993 "util/configparser.c" /* yacc.c:1646 */ break; - case 275: -#line 1425 "util/configparser.y" /* yacc.c:1646 */ + case 312: +#line 1639 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3663 "util/configparser.c" /* yacc.c:1646 */ +#line 4003 "util/configparser.c" /* yacc.c:1646 */ break; - case 276: -#line 1432 "util/configparser.y" /* yacc.c:1646 */ + case 313: +#line 1646 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3671,19 +4011,101 @@ else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3675 "util/configparser.c" /* yacc.c:1646 */ +#line 4015 "util/configparser.c" /* yacc.c:1646 */ break; - case 277: -#line 1441 "util/configparser.y" /* yacc.c:1646 */ + case 314: +#line 1655 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->forwards->ssl_upstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4028 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 315: +#line 1665 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(name:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->views->name) + yyerror("view name override, there must be one " + "name for one view"); + free(cfg_parser->cfg->views->name); + cfg_parser->cfg->views->name = (yyvsp[0].str); + } +#line 4041 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 316: +#line 1675 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && + strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && + strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 + && strcmp((yyvsp[0].str), "typetransparent")!=0 + && strcmp((yyvsp[0].str), "always_transparent")!=0 + && strcmp((yyvsp[0].str), "always_refuse")!=0 + && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) + yyerror("local-zone type: expected static, deny, " + "refuse, redirect, transparent, " + "typetransparent, inform, inform_deny, " + "always_transparent, always_refuse, " + "always_nxdomain or nodefault"); + else if(strcmp((yyvsp[0].str), "nodefault")==0) { + if(!cfg_strlist_insert(&cfg_parser->cfg->views-> + local_zones_nodefault, (yyvsp[-1].str))) + fatal_exit("out of memory adding local-zone"); + free((yyvsp[0].str)); + } else { + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->local_zones, + (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding local-zone"); + } + } +#line 4073 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 317: +#line 1704 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { + fatal_exit("out of memory adding local-data"); + free((yyvsp[0].str)); + } + } +#line 4085 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 318: +#line 1713 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4097 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 319: +#line 1722 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(remote-control:)\n")); } -#line 3683 "util/configparser.c" /* yacc.c:1646 */ +#line 4105 "util/configparser.c" /* yacc.c:1646 */ break; - case 288: -#line 1452 "util/configparser.y" /* yacc.c:1646 */ + case 330: +#line 1733 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3692,11 +4114,11 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3696 "util/configparser.c" /* yacc.c:1646 */ +#line 4118 "util/configparser.c" /* yacc.c:1646 */ break; - case 289: -#line 1462 "util/configparser.y" /* yacc.c:1646 */ + case 331: +#line 1743 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3704,21 +4126,21 @@ else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3708 "util/configparser.c" /* yacc.c:1646 */ +#line 4130 "util/configparser.c" /* yacc.c:1646 */ break; - case 290: -#line 1471 "util/configparser.y" /* yacc.c:1646 */ + case 332: +#line 1752 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3718 "util/configparser.c" /* yacc.c:1646 */ +#line 4140 "util/configparser.c" /* yacc.c:1646 */ break; - case 291: -#line 1478 "util/configparser.y" /* yacc.c:1646 */ + case 333: +#line 1759 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3727,122 +4149,122 @@ (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3731 "util/configparser.c" /* yacc.c:1646 */ +#line 4153 "util/configparser.c" /* yacc.c:1646 */ break; - case 292: -#line 1488 "util/configparser.y" /* yacc.c:1646 */ + case 334: +#line 1769 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 3741 "util/configparser.c" /* yacc.c:1646 */ +#line 4163 "util/configparser.c" /* yacc.c:1646 */ break; - case 293: -#line 1495 "util/configparser.y" /* yacc.c:1646 */ + case 335: +#line 1776 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 3751 "util/configparser.c" /* yacc.c:1646 */ +#line 4173 "util/configparser.c" /* yacc.c:1646 */ break; - case 294: -#line 1502 "util/configparser.y" /* yacc.c:1646 */ + case 336: +#line 1783 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 3761 "util/configparser.c" /* yacc.c:1646 */ +#line 4183 "util/configparser.c" /* yacc.c:1646 */ break; - case 295: -#line 1509 "util/configparser.y" /* yacc.c:1646 */ + case 337: +#line 1790 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 3771 "util/configparser.c" /* yacc.c:1646 */ +#line 4193 "util/configparser.c" /* yacc.c:1646 */ break; - case 296: -#line 1516 "util/configparser.y" /* yacc.c:1646 */ + case 338: +#line 1797 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnstap:)\n")); } -#line 3779 "util/configparser.c" /* yacc.c:1646 */ +#line 4201 "util/configparser.c" /* yacc.c:1646 */ break; - case 311: -#line 1533 "util/configparser.y" /* yacc.c:1646 */ + case 353: +#line 1814 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3790 "util/configparser.c" /* yacc.c:1646 */ +#line 4212 "util/configparser.c" /* yacc.c:1646 */ break; - case 312: -#line 1541 "util/configparser.y" /* yacc.c:1646 */ + case 354: +#line 1822 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 3800 "util/configparser.c" /* yacc.c:1646 */ +#line 4222 "util/configparser.c" /* yacc.c:1646 */ break; - case 313: -#line 1548 "util/configparser.y" /* yacc.c:1646 */ + case 355: +#line 1829 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3811 "util/configparser.c" /* yacc.c:1646 */ +#line 4233 "util/configparser.c" /* yacc.c:1646 */ break; - case 314: -#line 1556 "util/configparser.y" /* yacc.c:1646 */ + case 356: +#line 1837 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3822 "util/configparser.c" /* yacc.c:1646 */ +#line 4244 "util/configparser.c" /* yacc.c:1646 */ break; - case 315: -#line 1564 "util/configparser.y" /* yacc.c:1646 */ + case 357: +#line 1845 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 3832 "util/configparser.c" /* yacc.c:1646 */ +#line 4254 "util/configparser.c" /* yacc.c:1646 */ break; - case 316: -#line 1571 "util/configparser.y" /* yacc.c:1646 */ + case 358: +#line 1852 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 3842 "util/configparser.c" /* yacc.c:1646 */ +#line 4264 "util/configparser.c" /* yacc.c:1646 */ break; - case 317: -#line 1578 "util/configparser.y" /* yacc.c:1646 */ + case 359: +#line 1859 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3850,11 +4272,11 @@ else cfg_parser->cfg->dnstap_log_resolver_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3854 "util/configparser.c" /* yacc.c:1646 */ +#line 4276 "util/configparser.c" /* yacc.c:1646 */ break; - case 318: -#line 1587 "util/configparser.y" /* yacc.c:1646 */ + case 360: +#line 1868 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3862,11 +4284,11 @@ else cfg_parser->cfg->dnstap_log_resolver_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3866 "util/configparser.c" /* yacc.c:1646 */ +#line 4288 "util/configparser.c" /* yacc.c:1646 */ break; - case 319: -#line 1596 "util/configparser.y" /* yacc.c:1646 */ + case 361: +#line 1877 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3874,11 +4296,11 @@ else cfg_parser->cfg->dnstap_log_client_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3878 "util/configparser.c" /* yacc.c:1646 */ +#line 4300 "util/configparser.c" /* yacc.c:1646 */ break; - case 320: -#line 1605 "util/configparser.y" /* yacc.c:1646 */ + case 362: +#line 1886 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3886,11 +4308,11 @@ else cfg_parser->cfg->dnstap_log_client_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3890 "util/configparser.c" /* yacc.c:1646 */ +#line 4312 "util/configparser.c" /* yacc.c:1646 */ break; - case 321: -#line 1614 "util/configparser.y" /* yacc.c:1646 */ + case 363: +#line 1895 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3898,11 +4320,11 @@ else cfg_parser->cfg->dnstap_log_forwarder_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3902 "util/configparser.c" /* yacc.c:1646 */ +#line 4324 "util/configparser.c" /* yacc.c:1646 */ break; - case 322: -#line 1623 "util/configparser.y" /* yacc.c:1646 */ + case 364: +#line 1904 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3910,29 +4332,52 @@ else cfg_parser->cfg->dnstap_log_forwarder_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 3914 "util/configparser.c" /* yacc.c:1646 */ +#line 4336 "util/configparser.c" /* yacc.c:1646 */ break; - case 323: -#line 1632 "util/configparser.y" /* yacc.c:1646 */ + case 365: +#line 1913 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(python:)\n")); } -#line 3922 "util/configparser.c" /* yacc.c:1646 */ +#line 4344 "util/configparser.c" /* yacc.c:1646 */ break; - case 327: -#line 1641 "util/configparser.y" /* yacc.c:1646 */ + case 369: +#line 1922 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->python_script); cfg_parser->cfg->python_script = (yyvsp[0].str); } -#line 3932 "util/configparser.c" /* yacc.c:1646 */ +#line 4354 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 370: +#line 1928 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); + if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->disable_dnssec_lame_check = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4367 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 371: +#line 1938 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->log_identity); + cfg_parser->cfg->log_identity = (yyvsp[0].str); + } +#line 4377 "util/configparser.c" /* yacc.c:1646 */ break; -#line 3936 "util/configparser.c" /* yacc.c:1646 */ +#line 4381 "util/configparser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -4160,7 +4605,7 @@ #endif return yyresult; } -#line 1646 "util/configparser.y" /* yacc.c:1906 */ +#line 1944 "util/configparser.y" /* yacc.c:1906 */ /* parse helper routines could be here */ diff -Nru unbound-1.5.8/util/configparser.h unbound-1.6.0/util/configparser.h --- unbound-1.5.8/util/configparser.h 2016-03-02 07:52:38.000000000 +0000 +++ unbound-1.6.0/util/configparser.h 2016-12-15 08:20:10.000000000 +0000 @@ -61,153 +61,171 @@ VAR_INTERFACE = 271, VAR_DO_IP4 = 272, VAR_DO_IP6 = 273, - VAR_DO_UDP = 274, - VAR_DO_TCP = 275, - VAR_TCP_MSS = 276, - VAR_OUTGOING_TCP_MSS = 277, - VAR_CHROOT = 278, - VAR_USERNAME = 279, - VAR_DIRECTORY = 280, - VAR_LOGFILE = 281, - VAR_PIDFILE = 282, - VAR_MSG_CACHE_SIZE = 283, - VAR_MSG_CACHE_SLABS = 284, - VAR_NUM_QUERIES_PER_THREAD = 285, - VAR_RRSET_CACHE_SIZE = 286, - VAR_RRSET_CACHE_SLABS = 287, - VAR_OUTGOING_NUM_TCP = 288, - VAR_INFRA_HOST_TTL = 289, - VAR_INFRA_LAME_TTL = 290, - VAR_INFRA_CACHE_SLABS = 291, - VAR_INFRA_CACHE_NUMHOSTS = 292, - VAR_INFRA_CACHE_LAME_SIZE = 293, - VAR_NAME = 294, - VAR_STUB_ZONE = 295, - VAR_STUB_HOST = 296, - VAR_STUB_ADDR = 297, - VAR_TARGET_FETCH_POLICY = 298, - VAR_HARDEN_SHORT_BUFSIZE = 299, - VAR_HARDEN_LARGE_QUERIES = 300, - VAR_FORWARD_ZONE = 301, - VAR_FORWARD_HOST = 302, - VAR_FORWARD_ADDR = 303, - VAR_DO_NOT_QUERY_ADDRESS = 304, - VAR_HIDE_IDENTITY = 305, - VAR_HIDE_VERSION = 306, - VAR_IDENTITY = 307, - VAR_VERSION = 308, - VAR_HARDEN_GLUE = 309, - VAR_MODULE_CONF = 310, - VAR_TRUST_ANCHOR_FILE = 311, - VAR_TRUST_ANCHOR = 312, - VAR_VAL_OVERRIDE_DATE = 313, - VAR_BOGUS_TTL = 314, - VAR_VAL_CLEAN_ADDITIONAL = 315, - VAR_VAL_PERMISSIVE_MODE = 316, - VAR_INCOMING_NUM_TCP = 317, - VAR_MSG_BUFFER_SIZE = 318, - VAR_KEY_CACHE_SIZE = 319, - VAR_KEY_CACHE_SLABS = 320, - VAR_TRUSTED_KEYS_FILE = 321, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 322, - VAR_USE_SYSLOG = 323, - VAR_OUTGOING_INTERFACE = 324, - VAR_ROOT_HINTS = 325, - VAR_DO_NOT_QUERY_LOCALHOST = 326, - VAR_CACHE_MAX_TTL = 327, - VAR_HARDEN_DNSSEC_STRIPPED = 328, - VAR_ACCESS_CONTROL = 329, - VAR_LOCAL_ZONE = 330, - VAR_LOCAL_DATA = 331, - VAR_INTERFACE_AUTOMATIC = 332, - VAR_STATISTICS_INTERVAL = 333, - VAR_DO_DAEMONIZE = 334, - VAR_USE_CAPS_FOR_ID = 335, - VAR_STATISTICS_CUMULATIVE = 336, - VAR_OUTGOING_PORT_PERMIT = 337, - VAR_OUTGOING_PORT_AVOID = 338, - VAR_DLV_ANCHOR_FILE = 339, - VAR_DLV_ANCHOR = 340, - VAR_NEG_CACHE_SIZE = 341, - VAR_HARDEN_REFERRAL_PATH = 342, - VAR_PRIVATE_ADDRESS = 343, - VAR_PRIVATE_DOMAIN = 344, - VAR_REMOTE_CONTROL = 345, - VAR_CONTROL_ENABLE = 346, - VAR_CONTROL_INTERFACE = 347, - VAR_CONTROL_PORT = 348, - VAR_SERVER_KEY_FILE = 349, - VAR_SERVER_CERT_FILE = 350, - VAR_CONTROL_KEY_FILE = 351, - VAR_CONTROL_CERT_FILE = 352, - VAR_CONTROL_USE_CERT = 353, - VAR_EXTENDED_STATISTICS = 354, - VAR_LOCAL_DATA_PTR = 355, - VAR_JOSTLE_TIMEOUT = 356, - VAR_STUB_PRIME = 357, - VAR_UNWANTED_REPLY_THRESHOLD = 358, - VAR_LOG_TIME_ASCII = 359, - VAR_DOMAIN_INSECURE = 360, - VAR_PYTHON = 361, - VAR_PYTHON_SCRIPT = 362, - VAR_VAL_SIG_SKEW_MIN = 363, - VAR_VAL_SIG_SKEW_MAX = 364, - VAR_CACHE_MIN_TTL = 365, - VAR_VAL_LOG_LEVEL = 366, - VAR_AUTO_TRUST_ANCHOR_FILE = 367, - VAR_KEEP_MISSING = 368, - VAR_ADD_HOLDDOWN = 369, - VAR_DEL_HOLDDOWN = 370, - VAR_SO_RCVBUF = 371, - VAR_EDNS_BUFFER_SIZE = 372, - VAR_PREFETCH = 373, - VAR_PREFETCH_KEY = 374, - VAR_SO_SNDBUF = 375, - VAR_SO_REUSEPORT = 376, - VAR_HARDEN_BELOW_NXDOMAIN = 377, - VAR_IGNORE_CD_FLAG = 378, - VAR_LOG_QUERIES = 379, - VAR_TCP_UPSTREAM = 380, - VAR_SSL_UPSTREAM = 381, - VAR_SSL_SERVICE_KEY = 382, - VAR_SSL_SERVICE_PEM = 383, - VAR_SSL_PORT = 384, - VAR_FORWARD_FIRST = 385, - VAR_STUB_FIRST = 386, - VAR_MINIMAL_RESPONSES = 387, - VAR_RRSET_ROUNDROBIN = 388, - VAR_MAX_UDP_SIZE = 389, - VAR_DELAY_CLOSE = 390, - VAR_UNBLOCK_LAN_ZONES = 391, - VAR_INSECURE_LAN_ZONES = 392, - VAR_INFRA_CACHE_MIN_RTT = 393, - VAR_DNS64_PREFIX = 394, - VAR_DNS64_SYNTHALL = 395, - VAR_DNSTAP = 396, - VAR_DNSTAP_ENABLE = 397, - VAR_DNSTAP_SOCKET_PATH = 398, - VAR_DNSTAP_SEND_IDENTITY = 399, - VAR_DNSTAP_SEND_VERSION = 400, - VAR_DNSTAP_IDENTITY = 401, - VAR_DNSTAP_VERSION = 402, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 403, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 404, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 405, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 406, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 407, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 408, - VAR_HARDEN_ALGO_DOWNGRADE = 409, - VAR_IP_TRANSPARENT = 410, - VAR_RATELIMIT = 411, - VAR_RATELIMIT_SLABS = 412, - VAR_RATELIMIT_SIZE = 413, - VAR_RATELIMIT_FOR_DOMAIN = 414, - VAR_RATELIMIT_BELOW_DOMAIN = 415, - VAR_RATELIMIT_FACTOR = 416, - VAR_CAPS_WHITELIST = 417, - VAR_CACHE_MAX_NEGATIVE_TTL = 418, - VAR_PERMIT_SMALL_HOLDDOWN = 419, - VAR_QNAME_MINIMISATION = 420 + VAR_PREFER_IP6 = 274, + VAR_DO_UDP = 275, + VAR_DO_TCP = 276, + VAR_TCP_MSS = 277, + VAR_OUTGOING_TCP_MSS = 278, + VAR_CHROOT = 279, + VAR_USERNAME = 280, + VAR_DIRECTORY = 281, + VAR_LOGFILE = 282, + VAR_PIDFILE = 283, + VAR_MSG_CACHE_SIZE = 284, + VAR_MSG_CACHE_SLABS = 285, + VAR_NUM_QUERIES_PER_THREAD = 286, + VAR_RRSET_CACHE_SIZE = 287, + VAR_RRSET_CACHE_SLABS = 288, + VAR_OUTGOING_NUM_TCP = 289, + VAR_INFRA_HOST_TTL = 290, + VAR_INFRA_LAME_TTL = 291, + VAR_INFRA_CACHE_SLABS = 292, + VAR_INFRA_CACHE_NUMHOSTS = 293, + VAR_INFRA_CACHE_LAME_SIZE = 294, + VAR_NAME = 295, + VAR_STUB_ZONE = 296, + VAR_STUB_HOST = 297, + VAR_STUB_ADDR = 298, + VAR_TARGET_FETCH_POLICY = 299, + VAR_HARDEN_SHORT_BUFSIZE = 300, + VAR_HARDEN_LARGE_QUERIES = 301, + VAR_FORWARD_ZONE = 302, + VAR_FORWARD_HOST = 303, + VAR_FORWARD_ADDR = 304, + VAR_DO_NOT_QUERY_ADDRESS = 305, + VAR_HIDE_IDENTITY = 306, + VAR_HIDE_VERSION = 307, + VAR_IDENTITY = 308, + VAR_VERSION = 309, + VAR_HARDEN_GLUE = 310, + VAR_MODULE_CONF = 311, + VAR_TRUST_ANCHOR_FILE = 312, + VAR_TRUST_ANCHOR = 313, + VAR_VAL_OVERRIDE_DATE = 314, + VAR_BOGUS_TTL = 315, + VAR_VAL_CLEAN_ADDITIONAL = 316, + VAR_VAL_PERMISSIVE_MODE = 317, + VAR_INCOMING_NUM_TCP = 318, + VAR_MSG_BUFFER_SIZE = 319, + VAR_KEY_CACHE_SIZE = 320, + VAR_KEY_CACHE_SLABS = 321, + VAR_TRUSTED_KEYS_FILE = 322, + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 323, + VAR_USE_SYSLOG = 324, + VAR_OUTGOING_INTERFACE = 325, + VAR_ROOT_HINTS = 326, + VAR_DO_NOT_QUERY_LOCALHOST = 327, + VAR_CACHE_MAX_TTL = 328, + VAR_HARDEN_DNSSEC_STRIPPED = 329, + VAR_ACCESS_CONTROL = 330, + VAR_LOCAL_ZONE = 331, + VAR_LOCAL_DATA = 332, + VAR_INTERFACE_AUTOMATIC = 333, + VAR_STATISTICS_INTERVAL = 334, + VAR_DO_DAEMONIZE = 335, + VAR_USE_CAPS_FOR_ID = 336, + VAR_STATISTICS_CUMULATIVE = 337, + VAR_OUTGOING_PORT_PERMIT = 338, + VAR_OUTGOING_PORT_AVOID = 339, + VAR_DLV_ANCHOR_FILE = 340, + VAR_DLV_ANCHOR = 341, + VAR_NEG_CACHE_SIZE = 342, + VAR_HARDEN_REFERRAL_PATH = 343, + VAR_PRIVATE_ADDRESS = 344, + VAR_PRIVATE_DOMAIN = 345, + VAR_REMOTE_CONTROL = 346, + VAR_CONTROL_ENABLE = 347, + VAR_CONTROL_INTERFACE = 348, + VAR_CONTROL_PORT = 349, + VAR_SERVER_KEY_FILE = 350, + VAR_SERVER_CERT_FILE = 351, + VAR_CONTROL_KEY_FILE = 352, + VAR_CONTROL_CERT_FILE = 353, + VAR_CONTROL_USE_CERT = 354, + VAR_EXTENDED_STATISTICS = 355, + VAR_LOCAL_DATA_PTR = 356, + VAR_JOSTLE_TIMEOUT = 357, + VAR_STUB_PRIME = 358, + VAR_UNWANTED_REPLY_THRESHOLD = 359, + VAR_LOG_TIME_ASCII = 360, + VAR_DOMAIN_INSECURE = 361, + VAR_PYTHON = 362, + VAR_PYTHON_SCRIPT = 363, + VAR_VAL_SIG_SKEW_MIN = 364, + VAR_VAL_SIG_SKEW_MAX = 365, + VAR_CACHE_MIN_TTL = 366, + VAR_VAL_LOG_LEVEL = 367, + VAR_AUTO_TRUST_ANCHOR_FILE = 368, + VAR_KEEP_MISSING = 369, + VAR_ADD_HOLDDOWN = 370, + VAR_DEL_HOLDDOWN = 371, + VAR_SO_RCVBUF = 372, + VAR_EDNS_BUFFER_SIZE = 373, + VAR_PREFETCH = 374, + VAR_PREFETCH_KEY = 375, + VAR_SO_SNDBUF = 376, + VAR_SO_REUSEPORT = 377, + VAR_HARDEN_BELOW_NXDOMAIN = 378, + VAR_IGNORE_CD_FLAG = 379, + VAR_LOG_QUERIES = 380, + VAR_TCP_UPSTREAM = 381, + VAR_SSL_UPSTREAM = 382, + VAR_SSL_SERVICE_KEY = 383, + VAR_SSL_SERVICE_PEM = 384, + VAR_SSL_PORT = 385, + VAR_FORWARD_FIRST = 386, + VAR_STUB_SSL_UPSTREAM = 387, + VAR_FORWARD_SSL_UPSTREAM = 388, + VAR_STUB_FIRST = 389, + VAR_MINIMAL_RESPONSES = 390, + VAR_RRSET_ROUNDROBIN = 391, + VAR_MAX_UDP_SIZE = 392, + VAR_DELAY_CLOSE = 393, + VAR_UNBLOCK_LAN_ZONES = 394, + VAR_INSECURE_LAN_ZONES = 395, + VAR_INFRA_CACHE_MIN_RTT = 396, + VAR_DNS64_PREFIX = 397, + VAR_DNS64_SYNTHALL = 398, + VAR_DNSTAP = 399, + VAR_DNSTAP_ENABLE = 400, + VAR_DNSTAP_SOCKET_PATH = 401, + VAR_DNSTAP_SEND_IDENTITY = 402, + VAR_DNSTAP_SEND_VERSION = 403, + VAR_DNSTAP_IDENTITY = 404, + VAR_DNSTAP_VERSION = 405, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 406, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 407, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 408, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 409, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 410, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 411, + VAR_HARDEN_ALGO_DOWNGRADE = 412, + VAR_IP_TRANSPARENT = 413, + VAR_DISABLE_DNSSEC_LAME_CHECK = 414, + VAR_RATELIMIT = 415, + VAR_RATELIMIT_SLABS = 416, + VAR_RATELIMIT_SIZE = 417, + VAR_RATELIMIT_FOR_DOMAIN = 418, + VAR_RATELIMIT_BELOW_DOMAIN = 419, + VAR_RATELIMIT_FACTOR = 420, + VAR_CAPS_WHITELIST = 421, + VAR_CACHE_MAX_NEGATIVE_TTL = 422, + VAR_PERMIT_SMALL_HOLDDOWN = 423, + VAR_QNAME_MINIMISATION = 424, + VAR_QNAME_MINIMISATION_STRICT = 425, + VAR_IP_FREEBIND = 426, + VAR_DEFINE_TAG = 427, + VAR_LOCAL_ZONE_TAG = 428, + VAR_ACCESS_CONTROL_TAG = 429, + VAR_LOCAL_ZONE_OVERRIDE = 430, + VAR_ACCESS_CONTROL_TAG_ACTION = 431, + VAR_ACCESS_CONTROL_TAG_DATA = 432, + VAR_VIEW = 433, + VAR_ACCESS_CONTROL_VIEW = 434, + VAR_VIEW_FIRST = 435, + VAR_SERVE_EXPIRED = 436, + VAR_FAKE_DSA = 437, + VAR_LOG_IDENTITY = 438 }; #endif /* Tokens. */ @@ -227,153 +245,171 @@ #define VAR_INTERFACE 271 #define VAR_DO_IP4 272 #define VAR_DO_IP6 273 -#define VAR_DO_UDP 274 -#define VAR_DO_TCP 275 -#define VAR_TCP_MSS 276 -#define VAR_OUTGOING_TCP_MSS 277 -#define VAR_CHROOT 278 -#define VAR_USERNAME 279 -#define VAR_DIRECTORY 280 -#define VAR_LOGFILE 281 -#define VAR_PIDFILE 282 -#define VAR_MSG_CACHE_SIZE 283 -#define VAR_MSG_CACHE_SLABS 284 -#define VAR_NUM_QUERIES_PER_THREAD 285 -#define VAR_RRSET_CACHE_SIZE 286 -#define VAR_RRSET_CACHE_SLABS 287 -#define VAR_OUTGOING_NUM_TCP 288 -#define VAR_INFRA_HOST_TTL 289 -#define VAR_INFRA_LAME_TTL 290 -#define VAR_INFRA_CACHE_SLABS 291 -#define VAR_INFRA_CACHE_NUMHOSTS 292 -#define VAR_INFRA_CACHE_LAME_SIZE 293 -#define VAR_NAME 294 -#define VAR_STUB_ZONE 295 -#define VAR_STUB_HOST 296 -#define VAR_STUB_ADDR 297 -#define VAR_TARGET_FETCH_POLICY 298 -#define VAR_HARDEN_SHORT_BUFSIZE 299 -#define VAR_HARDEN_LARGE_QUERIES 300 -#define VAR_FORWARD_ZONE 301 -#define VAR_FORWARD_HOST 302 -#define VAR_FORWARD_ADDR 303 -#define VAR_DO_NOT_QUERY_ADDRESS 304 -#define VAR_HIDE_IDENTITY 305 -#define VAR_HIDE_VERSION 306 -#define VAR_IDENTITY 307 -#define VAR_VERSION 308 -#define VAR_HARDEN_GLUE 309 -#define VAR_MODULE_CONF 310 -#define VAR_TRUST_ANCHOR_FILE 311 -#define VAR_TRUST_ANCHOR 312 -#define VAR_VAL_OVERRIDE_DATE 313 -#define VAR_BOGUS_TTL 314 -#define VAR_VAL_CLEAN_ADDITIONAL 315 -#define VAR_VAL_PERMISSIVE_MODE 316 -#define VAR_INCOMING_NUM_TCP 317 -#define VAR_MSG_BUFFER_SIZE 318 -#define VAR_KEY_CACHE_SIZE 319 -#define VAR_KEY_CACHE_SLABS 320 -#define VAR_TRUSTED_KEYS_FILE 321 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 322 -#define VAR_USE_SYSLOG 323 -#define VAR_OUTGOING_INTERFACE 324 -#define VAR_ROOT_HINTS 325 -#define VAR_DO_NOT_QUERY_LOCALHOST 326 -#define VAR_CACHE_MAX_TTL 327 -#define VAR_HARDEN_DNSSEC_STRIPPED 328 -#define VAR_ACCESS_CONTROL 329 -#define VAR_LOCAL_ZONE 330 -#define VAR_LOCAL_DATA 331 -#define VAR_INTERFACE_AUTOMATIC 332 -#define VAR_STATISTICS_INTERVAL 333 -#define VAR_DO_DAEMONIZE 334 -#define VAR_USE_CAPS_FOR_ID 335 -#define VAR_STATISTICS_CUMULATIVE 336 -#define VAR_OUTGOING_PORT_PERMIT 337 -#define VAR_OUTGOING_PORT_AVOID 338 -#define VAR_DLV_ANCHOR_FILE 339 -#define VAR_DLV_ANCHOR 340 -#define VAR_NEG_CACHE_SIZE 341 -#define VAR_HARDEN_REFERRAL_PATH 342 -#define VAR_PRIVATE_ADDRESS 343 -#define VAR_PRIVATE_DOMAIN 344 -#define VAR_REMOTE_CONTROL 345 -#define VAR_CONTROL_ENABLE 346 -#define VAR_CONTROL_INTERFACE 347 -#define VAR_CONTROL_PORT 348 -#define VAR_SERVER_KEY_FILE 349 -#define VAR_SERVER_CERT_FILE 350 -#define VAR_CONTROL_KEY_FILE 351 -#define VAR_CONTROL_CERT_FILE 352 -#define VAR_CONTROL_USE_CERT 353 -#define VAR_EXTENDED_STATISTICS 354 -#define VAR_LOCAL_DATA_PTR 355 -#define VAR_JOSTLE_TIMEOUT 356 -#define VAR_STUB_PRIME 357 -#define VAR_UNWANTED_REPLY_THRESHOLD 358 -#define VAR_LOG_TIME_ASCII 359 -#define VAR_DOMAIN_INSECURE 360 -#define VAR_PYTHON 361 -#define VAR_PYTHON_SCRIPT 362 -#define VAR_VAL_SIG_SKEW_MIN 363 -#define VAR_VAL_SIG_SKEW_MAX 364 -#define VAR_CACHE_MIN_TTL 365 -#define VAR_VAL_LOG_LEVEL 366 -#define VAR_AUTO_TRUST_ANCHOR_FILE 367 -#define VAR_KEEP_MISSING 368 -#define VAR_ADD_HOLDDOWN 369 -#define VAR_DEL_HOLDDOWN 370 -#define VAR_SO_RCVBUF 371 -#define VAR_EDNS_BUFFER_SIZE 372 -#define VAR_PREFETCH 373 -#define VAR_PREFETCH_KEY 374 -#define VAR_SO_SNDBUF 375 -#define VAR_SO_REUSEPORT 376 -#define VAR_HARDEN_BELOW_NXDOMAIN 377 -#define VAR_IGNORE_CD_FLAG 378 -#define VAR_LOG_QUERIES 379 -#define VAR_TCP_UPSTREAM 380 -#define VAR_SSL_UPSTREAM 381 -#define VAR_SSL_SERVICE_KEY 382 -#define VAR_SSL_SERVICE_PEM 383 -#define VAR_SSL_PORT 384 -#define VAR_FORWARD_FIRST 385 -#define VAR_STUB_FIRST 386 -#define VAR_MINIMAL_RESPONSES 387 -#define VAR_RRSET_ROUNDROBIN 388 -#define VAR_MAX_UDP_SIZE 389 -#define VAR_DELAY_CLOSE 390 -#define VAR_UNBLOCK_LAN_ZONES 391 -#define VAR_INSECURE_LAN_ZONES 392 -#define VAR_INFRA_CACHE_MIN_RTT 393 -#define VAR_DNS64_PREFIX 394 -#define VAR_DNS64_SYNTHALL 395 -#define VAR_DNSTAP 396 -#define VAR_DNSTAP_ENABLE 397 -#define VAR_DNSTAP_SOCKET_PATH 398 -#define VAR_DNSTAP_SEND_IDENTITY 399 -#define VAR_DNSTAP_SEND_VERSION 400 -#define VAR_DNSTAP_IDENTITY 401 -#define VAR_DNSTAP_VERSION 402 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 403 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 404 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 405 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 406 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 407 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 408 -#define VAR_HARDEN_ALGO_DOWNGRADE 409 -#define VAR_IP_TRANSPARENT 410 -#define VAR_RATELIMIT 411 -#define VAR_RATELIMIT_SLABS 412 -#define VAR_RATELIMIT_SIZE 413 -#define VAR_RATELIMIT_FOR_DOMAIN 414 -#define VAR_RATELIMIT_BELOW_DOMAIN 415 -#define VAR_RATELIMIT_FACTOR 416 -#define VAR_CAPS_WHITELIST 417 -#define VAR_CACHE_MAX_NEGATIVE_TTL 418 -#define VAR_PERMIT_SMALL_HOLDDOWN 419 -#define VAR_QNAME_MINIMISATION 420 +#define VAR_PREFER_IP6 274 +#define VAR_DO_UDP 275 +#define VAR_DO_TCP 276 +#define VAR_TCP_MSS 277 +#define VAR_OUTGOING_TCP_MSS 278 +#define VAR_CHROOT 279 +#define VAR_USERNAME 280 +#define VAR_DIRECTORY 281 +#define VAR_LOGFILE 282 +#define VAR_PIDFILE 283 +#define VAR_MSG_CACHE_SIZE 284 +#define VAR_MSG_CACHE_SLABS 285 +#define VAR_NUM_QUERIES_PER_THREAD 286 +#define VAR_RRSET_CACHE_SIZE 287 +#define VAR_RRSET_CACHE_SLABS 288 +#define VAR_OUTGOING_NUM_TCP 289 +#define VAR_INFRA_HOST_TTL 290 +#define VAR_INFRA_LAME_TTL 291 +#define VAR_INFRA_CACHE_SLABS 292 +#define VAR_INFRA_CACHE_NUMHOSTS 293 +#define VAR_INFRA_CACHE_LAME_SIZE 294 +#define VAR_NAME 295 +#define VAR_STUB_ZONE 296 +#define VAR_STUB_HOST 297 +#define VAR_STUB_ADDR 298 +#define VAR_TARGET_FETCH_POLICY 299 +#define VAR_HARDEN_SHORT_BUFSIZE 300 +#define VAR_HARDEN_LARGE_QUERIES 301 +#define VAR_FORWARD_ZONE 302 +#define VAR_FORWARD_HOST 303 +#define VAR_FORWARD_ADDR 304 +#define VAR_DO_NOT_QUERY_ADDRESS 305 +#define VAR_HIDE_IDENTITY 306 +#define VAR_HIDE_VERSION 307 +#define VAR_IDENTITY 308 +#define VAR_VERSION 309 +#define VAR_HARDEN_GLUE 310 +#define VAR_MODULE_CONF 311 +#define VAR_TRUST_ANCHOR_FILE 312 +#define VAR_TRUST_ANCHOR 313 +#define VAR_VAL_OVERRIDE_DATE 314 +#define VAR_BOGUS_TTL 315 +#define VAR_VAL_CLEAN_ADDITIONAL 316 +#define VAR_VAL_PERMISSIVE_MODE 317 +#define VAR_INCOMING_NUM_TCP 318 +#define VAR_MSG_BUFFER_SIZE 319 +#define VAR_KEY_CACHE_SIZE 320 +#define VAR_KEY_CACHE_SLABS 321 +#define VAR_TRUSTED_KEYS_FILE 322 +#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 323 +#define VAR_USE_SYSLOG 324 +#define VAR_OUTGOING_INTERFACE 325 +#define VAR_ROOT_HINTS 326 +#define VAR_DO_NOT_QUERY_LOCALHOST 327 +#define VAR_CACHE_MAX_TTL 328 +#define VAR_HARDEN_DNSSEC_STRIPPED 329 +#define VAR_ACCESS_CONTROL 330 +#define VAR_LOCAL_ZONE 331 +#define VAR_LOCAL_DATA 332 +#define VAR_INTERFACE_AUTOMATIC 333 +#define VAR_STATISTICS_INTERVAL 334 +#define VAR_DO_DAEMONIZE 335 +#define VAR_USE_CAPS_FOR_ID 336 +#define VAR_STATISTICS_CUMULATIVE 337 +#define VAR_OUTGOING_PORT_PERMIT 338 +#define VAR_OUTGOING_PORT_AVOID 339 +#define VAR_DLV_ANCHOR_FILE 340 +#define VAR_DLV_ANCHOR 341 +#define VAR_NEG_CACHE_SIZE 342 +#define VAR_HARDEN_REFERRAL_PATH 343 +#define VAR_PRIVATE_ADDRESS 344 +#define VAR_PRIVATE_DOMAIN 345 +#define VAR_REMOTE_CONTROL 346 +#define VAR_CONTROL_ENABLE 347 +#define VAR_CONTROL_INTERFACE 348 +#define VAR_CONTROL_PORT 349 +#define VAR_SERVER_KEY_FILE 350 +#define VAR_SERVER_CERT_FILE 351 +#define VAR_CONTROL_KEY_FILE 352 +#define VAR_CONTROL_CERT_FILE 353 +#define VAR_CONTROL_USE_CERT 354 +#define VAR_EXTENDED_STATISTICS 355 +#define VAR_LOCAL_DATA_PTR 356 +#define VAR_JOSTLE_TIMEOUT 357 +#define VAR_STUB_PRIME 358 +#define VAR_UNWANTED_REPLY_THRESHOLD 359 +#define VAR_LOG_TIME_ASCII 360 +#define VAR_DOMAIN_INSECURE 361 +#define VAR_PYTHON 362 +#define VAR_PYTHON_SCRIPT 363 +#define VAR_VAL_SIG_SKEW_MIN 364 +#define VAR_VAL_SIG_SKEW_MAX 365 +#define VAR_CACHE_MIN_TTL 366 +#define VAR_VAL_LOG_LEVEL 367 +#define VAR_AUTO_TRUST_ANCHOR_FILE 368 +#define VAR_KEEP_MISSING 369 +#define VAR_ADD_HOLDDOWN 370 +#define VAR_DEL_HOLDDOWN 371 +#define VAR_SO_RCVBUF 372 +#define VAR_EDNS_BUFFER_SIZE 373 +#define VAR_PREFETCH 374 +#define VAR_PREFETCH_KEY 375 +#define VAR_SO_SNDBUF 376 +#define VAR_SO_REUSEPORT 377 +#define VAR_HARDEN_BELOW_NXDOMAIN 378 +#define VAR_IGNORE_CD_FLAG 379 +#define VAR_LOG_QUERIES 380 +#define VAR_TCP_UPSTREAM 381 +#define VAR_SSL_UPSTREAM 382 +#define VAR_SSL_SERVICE_KEY 383 +#define VAR_SSL_SERVICE_PEM 384 +#define VAR_SSL_PORT 385 +#define VAR_FORWARD_FIRST 386 +#define VAR_STUB_SSL_UPSTREAM 387 +#define VAR_FORWARD_SSL_UPSTREAM 388 +#define VAR_STUB_FIRST 389 +#define VAR_MINIMAL_RESPONSES 390 +#define VAR_RRSET_ROUNDROBIN 391 +#define VAR_MAX_UDP_SIZE 392 +#define VAR_DELAY_CLOSE 393 +#define VAR_UNBLOCK_LAN_ZONES 394 +#define VAR_INSECURE_LAN_ZONES 395 +#define VAR_INFRA_CACHE_MIN_RTT 396 +#define VAR_DNS64_PREFIX 397 +#define VAR_DNS64_SYNTHALL 398 +#define VAR_DNSTAP 399 +#define VAR_DNSTAP_ENABLE 400 +#define VAR_DNSTAP_SOCKET_PATH 401 +#define VAR_DNSTAP_SEND_IDENTITY 402 +#define VAR_DNSTAP_SEND_VERSION 403 +#define VAR_DNSTAP_IDENTITY 404 +#define VAR_DNSTAP_VERSION 405 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 406 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 407 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 408 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 409 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 410 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 411 +#define VAR_HARDEN_ALGO_DOWNGRADE 412 +#define VAR_IP_TRANSPARENT 413 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 414 +#define VAR_RATELIMIT 415 +#define VAR_RATELIMIT_SLABS 416 +#define VAR_RATELIMIT_SIZE 417 +#define VAR_RATELIMIT_FOR_DOMAIN 418 +#define VAR_RATELIMIT_BELOW_DOMAIN 419 +#define VAR_RATELIMIT_FACTOR 420 +#define VAR_CAPS_WHITELIST 421 +#define VAR_CACHE_MAX_NEGATIVE_TTL 422 +#define VAR_PERMIT_SMALL_HOLDDOWN 423 +#define VAR_QNAME_MINIMISATION 424 +#define VAR_QNAME_MINIMISATION_STRICT 425 +#define VAR_IP_FREEBIND 426 +#define VAR_DEFINE_TAG 427 +#define VAR_LOCAL_ZONE_TAG 428 +#define VAR_ACCESS_CONTROL_TAG 429 +#define VAR_LOCAL_ZONE_OVERRIDE 430 +#define VAR_ACCESS_CONTROL_TAG_ACTION 431 +#define VAR_ACCESS_CONTROL_TAG_DATA 432 +#define VAR_VIEW 433 +#define VAR_ACCESS_CONTROL_VIEW 434 +#define VAR_VIEW_FIRST 435 +#define VAR_SERVE_EXPIRED 436 +#define VAR_FAKE_DSA 437 +#define VAR_LOG_IDENTITY 438 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -384,7 +420,7 @@ char* str; -#line 388 "util/configparser.h" /* yacc.c:1909 */ +#line 424 "util/configparser.h" /* yacc.c:1909 */ }; typedef union YYSTYPE YYSTYPE; diff -Nru unbound-1.5.8/util/configparser.y unbound-1.6.0/util/configparser.y --- unbound-1.5.8/util/configparser.y 2016-02-09 13:25:59.000000000 +0000 +++ unbound-1.6.0/util/configparser.y 2016-11-04 12:07:52.000000000 +0000 @@ -69,7 +69,7 @@ %token STRING_ARG %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT %token VAR_OUTGOING_RANGE VAR_INTERFACE -%token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_UDP VAR_DO_TCP +%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS %token VAR_CHROOT VAR_USERNAME VAR_DIRECTORY VAR_LOGFILE VAR_PIDFILE %token VAR_MSG_CACHE_SIZE VAR_MSG_CACHE_SLABS VAR_NUM_QUERIES_PER_THREAD @@ -106,6 +106,7 @@ %token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST +%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES @@ -121,16 +122,23 @@ %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT +%token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN -%token VAR_QNAME_MINIMISATION +%token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND +%token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG +%token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION +%token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW +%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA +%token VAR_LOG_IDENTITY %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; toplevelvar: serverstart contents_server | stubstart contents_stub | forwardstart contents_forward | pythonstart contents_py | - rcstart contents_rc | dtstart contents_dt + rcstart contents_rc | dtstart contents_dt | viewstart + contents_view ; /* server: declaration */ @@ -143,7 +151,8 @@ | ; content_server: server_num_threads | server_verbosity | server_port | server_outgoing_range | server_do_ip4 | - server_do_ip6 | server_do_udp | server_do_tcp | + server_do_ip6 | server_prefer_ip6 | + server_do_udp | server_do_tcp | server_tcp_mss | server_outgoing_tcp_mss | server_interface | server_chroot | server_username | server_directory | server_logfile | server_pidfile | @@ -191,7 +200,13 @@ server_ratelimit_size | server_ratelimit_for_domain | server_ratelimit_below_domain | server_ratelimit_factor | server_caps_whitelist | server_cache_max_negative_ttl | - server_permit_small_holddown | server_qname_minimisation + server_permit_small_holddown | server_qname_minimisation | + server_ip_freebind | server_define_tag | server_local_zone_tag | + server_disable_dnssec_lame_check | server_access_control_tag | + server_local_zone_override | server_access_control_tag_action | + server_access_control_tag_data | server_access_control_view | + server_qname_minimisation_strict | server_serve_expired | + server_fake_dsa | server_log_identity ; stubstart: VAR_STUB_ZONE { @@ -207,7 +222,8 @@ ; contents_stub: contents_stub content_stub | ; -content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first +content_stub: stub_name | stub_host | stub_addr | stub_prime | stub_first | + stub_ssl_upstream ; forwardstart: VAR_FORWARD_ZONE { @@ -223,7 +239,26 @@ ; contents_forward: contents_forward content_forward | ; -content_forward: forward_name | forward_host | forward_addr | forward_first +content_forward: forward_name | forward_host | forward_addr | forward_first | + forward_ssl_upstream + ; +viewstart: VAR_VIEW + { + struct config_view* s; + OUTYY(("\nP(view:)\n")); + s = (struct config_view*)calloc(1, sizeof(struct config_view)); + if(s) { + s->next = cfg_parser->cfg->views; + if(s->next && !s->next->name) + yyerror("view without name"); + cfg_parser->cfg->views = s; + } else + yyerror("out of memory"); + } + ; +contents_view: contents_view content_view + | ; +content_view: view_name | view_local_zone | view_local_data | view_first ; server_num_threads: VAR_NUM_THREADS STRING_ARG { @@ -399,6 +434,15 @@ free($2); } ; +server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG + { + OUTYY(("P(server_prefer_ip6:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefer_ip6 = (strcmp($2, "yes")==0); + free($2); + } + ; server_tcp_mss: VAR_TCP_MSS STRING_ARG { OUTYY(("P(server_tcp_mss:%s)\n", $2)); @@ -518,6 +562,23 @@ OUTYY(("P(server_directory:%s)\n", $2)); free(cfg_parser->cfg->directory); cfg_parser->cfg->directory = $2; + /* change there right away for includes relative to this */ + if($2[0]) { + char* d; +#ifdef UB_ON_WINDOWS + w_config_adjust_directory(cfg_parser->cfg); +#endif + d = cfg_parser->cfg->directory; + /* adjust directory if we have already chroot, + * like, we reread after sighup */ + if(cfg_parser->chroot && cfg_parser->chroot[0] && + strncmp(d, cfg_parser->chroot, strlen( + cfg_parser->chroot)) == 0) + d += strlen(cfg_parser->chroot); + if(chdir(d)) + log_err("cannot chdir to directory: %s (%s)", + d, strerror(errno)); + } } ; server_logfile: VAR_LOGFILE STRING_ARG @@ -662,6 +723,16 @@ free($2); } ; +server_ip_freebind: VAR_IP_FREEBIND STRING_ARG + { + OUTYY(("P(server_ip_freebind:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ip_freebind = + (strcmp($2, "yes")==0); + free($2); + } + ; server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG { OUTYY(("P(server_edns_buffer_size:%s)\n", $2)); @@ -1116,6 +1187,26 @@ free($2); } ; +server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG + { + OUTYY(("P(server_serve_expired:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->serve_expired = (strcmp($2, "yes")==0); + free($2); + } + ; +server_fake_dsa: VAR_FAKE_DSA STRING_ARG + { + OUTYY(("P(server_fake_dsa:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else fake_dsa = (strcmp($2, "yes")==0); + if(fake_dsa) + log_warn("test option fake_dsa is enabled"); + free($2); + } + ; server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG { OUTYY(("P(server_val_log_level:%s)\n", $2)); @@ -1203,12 +1294,16 @@ if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 - && strcmp($3, "typetransparent")!=0 && - strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) + && strcmp($3, "typetransparent")!=0 + && strcmp($3, "always_transparent")!=0 + && strcmp($3, "always_refuse")!=0 + && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny " - "or nodefault"); + "typetransparent, inform, inform_deny, " + "always_transparent, always_refuse, " + "always_nxdomain or nodefault"); else if(strcmp($3, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, $2)) @@ -1286,6 +1381,105 @@ free($2); } ; +server_define_tag: VAR_DEFINE_TAG STRING_ARG + { + char* p, *s = $2; + OUTYY(("P(server_define_tag:%s)\n", $2)); + while((p=strsep(&s, " \t\n")) != NULL) { + if(*p) { + if(!config_add_tag(cfg_parser->cfg, p)) + yyerror("could not define-tag, " + "out of memory"); + } + } + free($2); + } + ; +server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, + &len); + free($3); + OUTYY(("P(server_local_zone_tag:%s)\n", $2)); + if(!bitlist) + yyerror("could not parse tags, (define-tag them first)"); + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->local_zone_tags, + $2, bitlist, len)) { + yyerror("out of memory"); + free($2); + } + } + } + ; +server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, + &len); + free($3); + OUTYY(("P(server_access_control_tag:%s)\n", $2)); + if(!bitlist) + yyerror("could not parse tags, (define-tag them first)"); + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->acl_tags, + $2, bitlist, len)) { + yyerror("out of memory"); + free($2); + } + } + } + ; +server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG + { + OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", $2, $3, $4)); + if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, + $2, $3, $4)) { + yyerror("out of memory"); + free($2); + free($3); + free($4); + } + } + ; +server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG + { + OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", $2, $3, $4)); + if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, + $2, $3, $4)) { + yyerror("out of memory"); + free($2); + free($3); + free($4); + } + } + ; +server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG + { + OUTYY(("P(server_local_zone_override:%s %s %s)\n", $2, $3, $4)); + if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, + $2, $3, $4)) { + yyerror("out of memory"); + free($2); + free($3); + free($4); + } + } + ; +server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG + { + OUTYY(("P(server_access_control_view:%s %s)\n", $2, $3)); + if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, + $2, $3)) { + yyerror("out of memory"); + free($2); + free($3); + } + } + ; server_ratelimit: VAR_RATELIMIT STRING_ARG { OUTYY(("P(server_ratelimit:%s)\n", $2)); @@ -1361,6 +1555,16 @@ free($2); } ; +server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG + { + OUTYY(("P(server_qname_minimisation_strict:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->qname_minimisation_strict = + (strcmp($2, "yes")==0); + free($2); + } + ; stub_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); @@ -1394,6 +1598,16 @@ free($2); } ; +stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG + { + OUTYY(("P(stub-ssl-upstream:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stubs->ssl_upstream = + (strcmp($2, "yes")==0); + free($2); + } + ; stub_prime: VAR_STUB_PRIME STRING_ARG { OUTYY(("P(stub-prime:%s)\n", $2)); @@ -1437,6 +1651,73 @@ free($2); } ; +forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG + { + OUTYY(("P(forward-ssl-upstream:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->forwards->ssl_upstream = + (strcmp($2, "yes")==0); + free($2); + } + ; +view_name: VAR_NAME STRING_ARG + { + OUTYY(("P(name:%s)\n", $2)); + if(cfg_parser->cfg->views->name) + yyerror("view name override, there must be one " + "name for one view"); + free(cfg_parser->cfg->views->name); + cfg_parser->cfg->views->name = $2; + } + ; +view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG + { + OUTYY(("P(view_local_zone:%s %s)\n", $2, $3)); + if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 && + strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && + strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 + && strcmp($3, "typetransparent")!=0 + && strcmp($3, "always_transparent")!=0 + && strcmp($3, "always_refuse")!=0 + && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) + yyerror("local-zone type: expected static, deny, " + "refuse, redirect, transparent, " + "typetransparent, inform, inform_deny, " + "always_transparent, always_refuse, " + "always_nxdomain or nodefault"); + else if(strcmp($3, "nodefault")==0) { + if(!cfg_strlist_insert(&cfg_parser->cfg->views-> + local_zones_nodefault, $2)) + fatal_exit("out of memory adding local-zone"); + free($3); + } else { + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->local_zones, + $2, $3)) + fatal_exit("out of memory adding local-zone"); + } + } + ; +view_local_data: VAR_LOCAL_DATA STRING_ARG + { + OUTYY(("P(view_local_data:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, $2)) { + fatal_exit("out of memory adding local-data"); + free($2); + } + } + ; +view_first: VAR_VIEW_FIRST STRING_ARG + { + OUTYY(("P(view-first:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->views->isfirst=(strcmp($2, "yes")==0); + free($2); + } + ; rcstart: VAR_REMOTE_CONTROL { OUTYY(("\nP(remote-control:)\n")); @@ -1643,6 +1924,23 @@ free(cfg_parser->cfg->python_script); cfg_parser->cfg->python_script = $2; } +server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG + { + OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2)); + if (strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->disable_dnssec_lame_check = + (strcmp($2, "yes")==0); + free($2); + } + ; +server_log_identity: VAR_LOG_IDENTITY STRING_ARG + { + OUTYY(("P(server_log_identity:%s)\n", $2)); + free(cfg_parser->cfg->log_identity); + cfg_parser->cfg->log_identity = $2; + } + ; %% /* parse helper routines could be here */ diff -Nru unbound-1.5.8/util/data/dname.c unbound-1.6.0/util/data/dname.c --- unbound-1.5.8/util/data/dname.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/util/data/dname.c 2016-03-11 13:46:46.000000000 +0000 @@ -256,11 +256,13 @@ log_assert(len1 == len2 && len1 != 0); /* compare labels */ while(len1--) { - if(tolower((unsigned char)*d1++) != tolower((unsigned char)*d2++)) { - if(tolower((unsigned char)d1[-1]) < tolower((unsigned char)d2[-1])) + if(tolower((unsigned char)*d1) != tolower((unsigned char)*d2)) { + if(tolower((unsigned char)*d1) < tolower((unsigned char)*d2)) return -1; return 1; } + d1++; + d2++; } len1 = *d1++; len2 = *d2++; @@ -281,8 +283,10 @@ log_assert(lablen <= LDNS_MAX_LABELLEN); labuf[0] = lablen; i=0; - while(lablen--) - labuf[++i] = (uint8_t)tolower((unsigned char)*dname++); + while(lablen--) { + labuf[++i] = (uint8_t)tolower((unsigned char)*dname); + dname++; + } h = hashlittle(labuf, labuf[0] + 1, h); lablen = *dname++; } @@ -309,8 +313,10 @@ log_assert(lablen <= LDNS_MAX_LABELLEN); labuf[0] = lablen; i=0; - while(lablen--) - labuf[++i] = (uint8_t)tolower((unsigned char)*dname++); + while(lablen--) { + labuf[++i] = (uint8_t)tolower((unsigned char)*dname); + dname++; + } h = hashlittle(labuf, labuf[0] + 1, h); lablen = *dname++; } diff -Nru unbound-1.5.8/util/data/msgencode.c unbound-1.6.0/util/data/msgencode.c --- unbound-1.5.8/util/data/msgencode.c 2015-07-30 08:51:51.000000000 +0000 +++ unbound-1.6.0/util/data/msgencode.c 2016-10-18 13:20:42.000000000 +0000 @@ -48,6 +48,7 @@ #include "util/regional.h" #include "util/net_help.h" #include "sldns/sbuffer.h" +#include "services/localzone.h" /** return code that means the function ran out of memory. negative so it does * not conflict with DNS rcodes. */ @@ -534,7 +535,11 @@ { int r; size_t i, setstart; - *num_rrs = 0; + /* we now allow this function to be called multiple times for the + * same section, incrementally updating num_rrs. The caller is + * responsible for initializing it (which is the case in the current + * implementation). */ + if(s != LDNS_SECTION_ADDITIONAL) { if(s == LDNS_SECTION_ANSWER && qtype == LDNS_RR_TYPE_ANY) dnssec = 1; /* include all types in ANY answer */ @@ -581,17 +586,20 @@ insert_query(struct query_info* qinfo, struct compress_tree_node** tree, sldns_buffer* buffer, struct regional* region) { + uint8_t* qname = qinfo->local_alias ? + qinfo->local_alias->rrset->rk.dname : qinfo->qname; + size_t qname_len = qinfo->local_alias ? + qinfo->local_alias->rrset->rk.dname_len : qinfo->qname_len; if(sldns_buffer_remaining(buffer) < qinfo->qname_len+sizeof(uint16_t)*2) return RETVAL_TRUNC; /* buffer too small */ /* the query is the first name inserted into the tree */ - if(!compress_tree_store(qinfo->qname, - dname_count_labels(qinfo->qname), + if(!compress_tree_store(qname, dname_count_labels(qname), sldns_buffer_position(buffer), region, NULL, tree)) return RETVAL_OUTMEM; - if(sldns_buffer_current(buffer) == qinfo->qname) - sldns_buffer_skip(buffer, (ssize_t)qinfo->qname_len); - else sldns_buffer_write(buffer, qinfo->qname, qinfo->qname_len); + if(sldns_buffer_current(buffer) == qname) + sldns_buffer_skip(buffer, (ssize_t)qname_len); + else sldns_buffer_write(buffer, qname, qname_len); sldns_buffer_write_u16(buffer, qinfo->qtype); sldns_buffer_write_u16(buffer, qinfo->qclass); return RETVAL_OK; @@ -662,6 +670,33 @@ * for different roundrobins for sequential id client senders. */ rr_offset = RRSET_ROUNDROBIN?ntohs(id):0; + /* "prepend" any local alias records in the answer section if this + * response is supposed to be authoritative. Currently it should + * be a single CNAME record (sanity-checked in worker_handle_request()) + * but it can be extended if and when we support more variations of + * aliases. */ + if(qinfo->local_alias && (flags & BIT_AA)) { + struct reply_info arep; + time_t timezero = 0; /* to use the 'authoritative' TTL */ + memset(&arep, 0, sizeof(arep)); + arep.flags = rep->flags; + arep.an_numrrsets = 1; + arep.rrset_count = 1; + arep.rrsets = &qinfo->local_alias->rrset; + if((r=insert_section(&arep, 1, &ancount, buffer, 0, + timezero, region, &tree, LDNS_SECTION_ANSWER, + qinfo->qtype, dnssec, rr_offset)) != RETVAL_OK) { + if(r == RETVAL_TRUNC) { + /* create truncated message */ + sldns_buffer_write_u16_at(buffer, 6, ancount); + LDNS_TC_SET(sldns_buffer_begin(buffer)); + sldns_buffer_flip(buffer); + return 1; + } + return 0; + } + } + /* insert answer section */ if((r=insert_section(rep, rep->an_numrrsets, &ancount, buffer, 0, timenow, region, &tree, LDNS_SECTION_ANSWER, qinfo->qtype, @@ -717,16 +752,23 @@ uint16_t calc_edns_field_size(struct edns_data* edns) { + size_t rdatalen = 0; + struct edns_option* opt; if(!edns || !edns->edns_present) return 0; - /* domain root '.' + type + class + ttl + rdatalen(=0) */ - return 1 + 2 + 2 + 4 + 2; + for(opt = edns->opt_list; opt; opt = opt->next) { + rdatalen += 4 + opt->opt_len; + } + /* domain root '.' + type + class + ttl + rdatalen */ + return 1 + 2 + 2 + 4 + 2 + rdatalen; } void attach_edns_record(sldns_buffer* pkt, struct edns_data* edns) { size_t len; + size_t rdatapos; + struct edns_option* opt; if(!edns || !edns->edns_present) return; /* inc additional count */ @@ -742,7 +784,18 @@ sldns_buffer_write_u8(pkt, edns->ext_rcode); /* ttl */ sldns_buffer_write_u8(pkt, edns->edns_version); sldns_buffer_write_u16(pkt, edns->bits); + rdatapos = sldns_buffer_position(pkt); sldns_buffer_write_u16(pkt, 0); /* rdatalen */ + /* write rdata */ + for(opt=edns->opt_list; opt; opt=opt->next) { + sldns_buffer_write_u16(pkt, opt->opt_code); + sldns_buffer_write_u16(pkt, opt->opt_len); + if(opt->opt_len != 0) + sldns_buffer_write(pkt, opt->opt_data, opt->opt_len); + } + if(edns->opt_list) + sldns_buffer_write_u16_at(pkt, rdatapos, + sldns_buffer_position(pkt)-rdatapos-2); sldns_buffer_flip(pkt); } @@ -764,6 +817,15 @@ } if(secure && (dnssec || (qflags&BIT_AD))) flags |= BIT_AD; + /* restore AA bit if we have a local alias and the response can be + * authoritative. Also clear AD bit if set as the local data is the + * primary answer. */ + if(qinf->local_alias && + (FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR || + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN)) { + flags |= BIT_AA; + flags &= ~BIT_AD; + } log_assert(flags & BIT_QR); /* QR bit must be on in our replies */ if(udpsize < LDNS_HEADER_SIZE) return 0; @@ -789,13 +851,17 @@ qinfo_query_encode(sldns_buffer* pkt, struct query_info* qinfo) { uint16_t flags = 0; /* QUERY, NOERROR */ + const uint8_t* qname = qinfo->local_alias ? + qinfo->local_alias->rrset->rk.dname : qinfo->qname; + size_t qname_len = qinfo->local_alias ? + qinfo->local_alias->rrset->rk.dname_len : qinfo->qname_len; sldns_buffer_clear(pkt); log_assert(sldns_buffer_remaining(pkt) >= 12+255+4/*max query*/); sldns_buffer_skip(pkt, 2); /* id done later */ sldns_buffer_write_u16(pkt, flags); sldns_buffer_write_u16(pkt, 1); /* query count */ sldns_buffer_write(pkt, "\000\000\000\000\000\000", 6); /* counts */ - sldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len); + sldns_buffer_write(pkt, qname, qname_len); sldns_buffer_write_u16(pkt, qinfo->qtype); sldns_buffer_write_u16(pkt, qinfo->qclass); sldns_buffer_flip(pkt); @@ -820,9 +886,14 @@ sldns_buffer_write(buf, &flags, sizeof(uint16_t)); sldns_buffer_write(buf, &flags, sizeof(uint16_t)); if(qinfo) { - if(sldns_buffer_current(buf) == qinfo->qname) - sldns_buffer_skip(buf, (ssize_t)qinfo->qname_len); - else sldns_buffer_write(buf, qinfo->qname, qinfo->qname_len); + const uint8_t* qname = qinfo->local_alias ? + qinfo->local_alias->rrset->rk.dname : qinfo->qname; + size_t qname_len = qinfo->local_alias ? + qinfo->local_alias->rrset->rk.dname_len : + qinfo->qname_len; + if(sldns_buffer_current(buf) == qname) + sldns_buffer_skip(buf, (ssize_t)qname_len); + else sldns_buffer_write(buf, qname, qname_len); sldns_buffer_write_u16(buf, qinfo->qtype); sldns_buffer_write_u16(buf, qinfo->qclass); } diff -Nru unbound-1.5.8/util/data/msgparse.c unbound-1.6.0/util/data/msgparse.c --- unbound-1.5.8/util/data/msgparse.c 2015-03-26 10:21:38.000000000 +0000 +++ unbound-1.6.0/util/data/msgparse.c 2016-12-06 13:42:51.000000000 +0000 @@ -38,6 +38,7 @@ */ #include "config.h" #include "util/data/msgparse.h" +#include "util/data/msgreply.h" #include "util/data/dname.h" #include "util/data/packed_rrset.h" #include "util/storage/lookup3.h" @@ -933,13 +934,41 @@ return 0; } +/** parse EDNS options from EDNS wireformat rdata */ +static int +parse_edns_options(uint8_t* rdata_ptr, size_t rdata_len, + struct edns_data* edns, struct regional* region) +{ + /* while still more options, and have code+len to read */ + /* ignores partial content (i.e. rdata len 3) */ + while(rdata_len >= 4) { + uint16_t opt_code = sldns_read_uint16(rdata_ptr); + uint16_t opt_len = sldns_read_uint16(rdata_ptr+2); + rdata_ptr += 4; + rdata_len -= 4; + if(opt_len > rdata_len) + break; /* option code partial */ + if(!edns_opt_append(edns, region, opt_code, opt_len, + rdata_ptr)) { + log_err("out of memory"); + return 0; + } + rdata_ptr += opt_len; + rdata_len -= opt_len; + } + return 1; +} + int -parse_extract_edns(struct msg_parse* msg, struct edns_data* edns) +parse_extract_edns(struct msg_parse* msg, struct edns_data* edns, + struct regional* region) { struct rrset_parse* rrset = msg->rrset_first; struct rrset_parse* prev = 0; struct rrset_parse* found = 0; struct rrset_parse* found_prev = 0; + size_t rdata_len; + uint8_t* rdata_ptr; /* since the class encodes the UDP size, we cannot use hash table to * find the EDNS OPT record. Scan the packet. */ while(rrset) { @@ -986,13 +1015,25 @@ edns->edns_version = found->rr_last->ttl_data[1]; edns->bits = sldns_read_uint16(&found->rr_last->ttl_data[2]); edns->udp_size = ntohs(found->rrset_class); - /* ignore rdata and rrsigs */ + edns->opt_list = NULL; + + /* take the options */ + rdata_len = found->rr_first->size; + rdata_ptr = found->rr_first->ttl_data+6; + if(!parse_edns_options(rdata_ptr, rdata_len, edns, region)) + return 0; + + /* ignore rrsigs */ + return 0; } int -parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns) +parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns, + struct regional* region) { + size_t rdata_len; + uint8_t* rdata_ptr; log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1); log_assert(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0); log_assert(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) == 0); @@ -1017,6 +1058,36 @@ edns->ext_rcode = sldns_buffer_read_u8(pkt); /* ttl used for bits */ edns->edns_version = sldns_buffer_read_u8(pkt); edns->bits = sldns_buffer_read_u16(pkt); - /* ignore rdata and rrsigs */ + edns->opt_list = NULL; + + /* take the options */ + rdata_len = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rdata_len) + return LDNS_RCODE_FORMERR; + rdata_ptr = sldns_buffer_current(pkt); + if(!parse_edns_options(rdata_ptr, rdata_len, edns, region)) + return LDNS_RCODE_SERVFAIL; + + /* ignore rrsigs */ + return 0; } + +void +log_edns_opt_list(enum verbosity_value level, const char* info_str, + struct edns_option* list) +{ + if(verbosity >= level && list) { + char str[128], *s; + size_t slen; + verbose(level, "%s", info_str); + while(list) { + s = str; + slen = sizeof(str); + (void)sldns_wire2str_edns_option_print(&s, &slen, list->opt_code, + list->opt_data, list->opt_len); + verbose(level, " %s", str); + list = list->next; + } + } +} diff -Nru unbound-1.5.8/util/data/msgparse.h unbound-1.6.0/util/data/msgparse.h --- unbound-1.5.8/util/data/msgparse.h 2015-05-29 14:51:36.000000000 +0000 +++ unbound-1.6.0/util/data/msgparse.h 2016-12-06 13:42:51.000000000 +0000 @@ -69,6 +69,7 @@ struct rrset_parse; struct rr_parse; struct regional; +struct edns_option; /** number of buckets in parse rrset hash table. Must be power of 2. */ #define PARSE_TABLE_SIZE 32 @@ -202,7 +203,8 @@ /** * EDNS data storage - * EDNS rdata is ignored. + * rdata is parsed in a list (has accessor functions). allocated in a + * region. */ struct edns_data { /** if EDNS OPT record was present */ @@ -215,6 +217,22 @@ uint16_t bits; /** UDP reassembly size. */ uint16_t udp_size; + /** rdata element list, or NULL if none */ + struct edns_option* opt_list; +}; + +/** + * EDNS option + */ +struct edns_option { + /** next item in list */ + struct edns_option* next; + /** type of this edns option */ + uint16_t opt_code; + /** length of this edns option (cannot exceed uint16 in encoding) */ + size_t opt_len; + /** data of this edns option; allocated in region, or NULL if len=0 */ + uint8_t* opt_data; }; /** @@ -249,10 +267,12 @@ * @param msg: parsed message structure. Modified on exit, if EDNS was present * it is removed from the additional section. * @param edns: the edns data is stored here. Does not have to be initialised. + * @param region: region to alloc results in (edns option contents) * @return: 0 on success. or an RCODE on an error. * RCODE formerr if OPT in wrong section, and so on. */ -int parse_extract_edns(struct msg_parse* msg, struct edns_data* edns); +int parse_extract_edns(struct msg_parse* msg, struct edns_data* edns, + struct regional* region); /** * If EDNS data follows a query section, extract it and initialize edns struct. @@ -260,10 +280,12 @@ * section. At end, right after EDNS data or no movement if failed. * @param edns: the edns data allocated by the caller. Does not have to be * initialised. + * @param region: region to alloc results in (edns option contents) * @return: 0 on success, or an RCODE on error. * RCODE formerr if OPT is badly formatted and so on. */ -int parse_edns_from_pkt(struct sldns_buffer* pkt, struct edns_data* edns); +int parse_edns_from_pkt(struct sldns_buffer* pkt, struct edns_data* edns, + struct regional* region); /** * Calculate hash value for rrset in packet. @@ -300,4 +322,13 @@ */ void msgparse_bucket_remove(struct msg_parse* msg, struct rrset_parse* rrset); +/** + * Log the edns options in the edns option list. + * @param level: the verbosity level. + * @param info_str: the informational string to be printed before the options. + * @param list: the edns option list. + */ +void log_edns_opt_list(enum verbosity_value level, const char* info_str, + struct edns_option* list); + #endif /* UTIL_DATA_MSGPARSE_H */ diff -Nru unbound-1.5.8/util/data/msgreply.c unbound-1.6.0/util/data/msgreply.c --- unbound-1.5.8/util/data/msgreply.c 2015-06-26 07:27:32.000000000 +0000 +++ unbound-1.6.0/util/data/msgreply.c 2016-12-06 13:42:51.000000000 +0000 @@ -52,6 +52,8 @@ #include "util/data/msgencode.h" #include "sldns/sbuffer.h" #include "sldns/wire2str.h" +#include "util/module.h" +#include "util/fptr_wlist.h" /** MAX TTL default for messages and rrsets */ time_t MAX_TTL = 3600 * 24 * 10; /* ten days */ @@ -76,6 +78,7 @@ qinf->qname_len = msg->qname_len; qinf->qtype = msg->qtype; qinf->qclass = msg->qclass; + qinf->local_alias = NULL; return 1; } @@ -451,6 +454,7 @@ int ret; qinf->qname = NULL; + qinf->local_alias = NULL; *rep = NULL; if(!(msg = regional_alloc(region, sizeof(*msg)))) { return LDNS_RCODE_SERVFAIL; @@ -461,7 +465,7 @@ if((ret = parse_packet(pkt, msg, region)) != 0) { return ret; } - if((ret = parse_extract_edns(msg, edns)) != 0) + if((ret = parse_extract_edns(msg, edns, region)) != 0) return ret; /* parse OK, allocate return structures */ @@ -542,6 +546,7 @@ return 0; /* need qtype, qclass */ m->qtype = sldns_buffer_read_u16(query); m->qclass = sldns_buffer_read_u16(query); + m->local_alias = NULL; return 1; } @@ -857,3 +862,283 @@ } return 1; } + +int edns_opt_append(struct edns_data* edns, struct regional* region, + uint16_t code, size_t len, uint8_t* data) +{ + struct edns_option** prevp; + struct edns_option* opt; + + /* allocate new element */ + opt = (struct edns_option*)regional_alloc(region, sizeof(*opt)); + if(!opt) + return 0; + opt->next = NULL; + opt->opt_code = code; + opt->opt_len = len; + opt->opt_data = NULL; + if(len > 0) { + opt->opt_data = regional_alloc_init(region, data, len); + if(!opt->opt_data) + return 0; + } + + /* append at end of list */ + prevp = &edns->opt_list; + while(*prevp != NULL) + prevp = &((*prevp)->next); + *prevp = opt; + return 1; +} + +int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, + uint8_t* data, struct regional* region) +{ + struct edns_option** prevp; + struct edns_option* opt; + + /* allocate new element */ + opt = (struct edns_option*)regional_alloc(region, sizeof(*opt)); + if(!opt) + return 0; + opt->next = NULL; + opt->opt_code = code; + opt->opt_len = len; + opt->opt_data = NULL; + if(len > 0) { + opt->opt_data = regional_alloc_init(region, data, len); + if(!opt->opt_data) + return 0; + } + + /* append at end of list */ + prevp = list; + while(*prevp != NULL) { + prevp = &((*prevp)->next); + } + *prevp = opt; + return 1; +} + +int edns_opt_list_remove(struct edns_option** list, uint16_t code) +{ + /* The list should already be allocated in a region. Freeing the + * allocated space in a region is not possible. We just unlink the + * required elements and they will be freed together with the region. */ + + struct edns_option* prev; + struct edns_option* curr; + if(!list || !(*list)) return 0; + + /* Unlink and repoint if the element(s) are first in list */ + while(list && *list && (*list)->opt_code == code) { + *list = (*list)->next; + } + + if(!list || !(*list)) return 1; + /* Unlink elements and reattach the list */ + prev = *list; + curr = (*list)->next; + while(curr != NULL) { + if(curr->opt_code == code) { + prev->next = curr->next; + curr = curr->next; + } else { + prev = curr; + curr = curr->next; + } + } + return 1; +} + +static int inplace_cb_reply_call_generic( + struct inplace_cb_reply* callback_list, enum inplace_cb_list_type type, + struct query_info* qinfo, struct module_qstate* qstate, + struct reply_info* rep, int rcode, struct edns_data* edns, + struct regional* region) +{ + struct inplace_cb_reply* cb; + struct edns_option* opt_list_out = NULL; + if(qstate) + opt_list_out = qstate->edns_opts_front_out; + for(cb=callback_list; cb; cb=cb->next) { + fptr_ok(fptr_whitelist_inplace_cb_reply_generic(cb->cb, type)); + (void)(*cb->cb)(qinfo, qstate, rep, rcode, edns, &opt_list_out, region, + cb->cb_arg); + } + edns->opt_list = opt_list_out; + return 1; +} + +int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct regional* region) +{ + return inplace_cb_reply_call_generic( + env->inplace_cb_lists[inplace_cb_reply], inplace_cb_reply, qinfo, + qstate, rep, rcode, edns, region); +} + +int inplace_cb_reply_cache_call(struct module_env* env, + struct query_info* qinfo, struct module_qstate* qstate, + struct reply_info* rep, int rcode, struct edns_data* edns, + struct regional* region) +{ + return inplace_cb_reply_call_generic( + env->inplace_cb_lists[inplace_cb_reply_cache], inplace_cb_reply_cache, + qinfo, qstate, rep, rcode, edns, region); +} + +int inplace_cb_reply_local_call(struct module_env* env, + struct query_info* qinfo, struct module_qstate* qstate, + struct reply_info* rep, int rcode, struct edns_data* edns, + struct regional* region) +{ + return inplace_cb_reply_call_generic( + env->inplace_cb_lists[inplace_cb_reply_local], inplace_cb_reply_local, + qinfo, qstate, rep, rcode, edns, region); +} + +int inplace_cb_reply_servfail_call(struct module_env* env, + struct query_info* qinfo, struct module_qstate* qstate, + struct reply_info* rep, int rcode, struct edns_data* edns, + struct regional* region) +{ + /* We are going to servfail. Remove any potential edns options. */ + if(qstate) + qstate->edns_opts_front_out = NULL; + return inplace_cb_reply_call_generic( + env->inplace_cb_lists[inplace_cb_reply_servfail], + inplace_cb_reply_servfail, qinfo, qstate, rep, rcode, edns, region); +} + +int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, + uint16_t flags, struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* zone, size_t zonelen, struct module_qstate* qstate, + struct regional* region) +{ + struct inplace_cb_query* cb = env->inplace_cb_lists[inplace_cb_query]; + for(; cb; cb=cb->next) { + fptr_ok(fptr_whitelist_inplace_cb_query(cb->cb)); + (void)(*cb->cb)(qinfo, flags, qstate, addr, addrlen, zone, zonelen, + region, cb->cb_arg); + } + return 1; +} + +struct edns_option* edns_opt_copy_region(struct edns_option* list, + struct regional* region) +{ + struct edns_option* result = NULL, *cur = NULL, *s; + while(list) { + /* copy edns option structure */ + s = regional_alloc_init(region, list, sizeof(*list)); + if(!s) return NULL; + s->next = NULL; + + /* copy option data */ + if(s->opt_data) { + s->opt_data = regional_alloc_init(region, s->opt_data, + s->opt_len); + if(!s->opt_data) + return NULL; + } + + /* link into list */ + if(cur) + cur->next = s; + else result = s; + cur = s; + + /* examine next element */ + list = list->next; + } + return result; +} + +int edns_opt_compare(struct edns_option* p, struct edns_option* q) +{ + if(!p && !q) return 0; + if(!p) return -1; + if(!q) return 1; + log_assert(p && q); + if(p->opt_code != q->opt_code) + return (int)q->opt_code - (int)p->opt_code; + if(p->opt_len != q->opt_len) + return (int)q->opt_len - (int)p->opt_len; + if(p->opt_len != 0) + return memcmp(p->opt_data, q->opt_data, p->opt_len); + return 0; +} + +int edns_opt_list_compare(struct edns_option* p, struct edns_option* q) +{ + int r; + while(p && q) { + r = edns_opt_compare(p, q); + if(r != 0) + return r; + p = p->next; + q = q->next; + } + if(p || q) { + /* uneven length lists */ + if(p) return 1; + if(q) return -1; + } + return 0; +} + +void edns_opt_list_free(struct edns_option* list) +{ + struct edns_option* n; + while(list) { + free(list->opt_data); + n = list->next; + free(list); + list = n; + } +} + +struct edns_option* edns_opt_copy_alloc(struct edns_option* list) +{ + struct edns_option* result = NULL, *cur = NULL, *s; + while(list) { + /* copy edns option structure */ + s = memdup(list, sizeof(*list)); + if(!s) { + edns_opt_list_free(result); + return NULL; + } + s->next = NULL; + + /* copy option data */ + if(s->opt_data) { + s->opt_data = memdup(s->opt_data, s->opt_len); + if(!s->opt_data) { + edns_opt_list_free(result); + return NULL; + } + } + + /* link into list */ + if(cur) + cur->next = s; + else result = s; + cur = s; + + /* examine next element */ + list = list->next; + } + return result; +} + +struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code) +{ + struct edns_option* p; + for(p=list; p; p=p->next) { + if(p->opt_code == code) + return p; + } + return NULL; +} diff -Nru unbound-1.5.8/util/data/msgreply.h unbound-1.6.0/util/data/msgreply.h --- unbound-1.5.8/util/data/msgreply.h 2015-06-26 07:27:32.000000000 +0000 +++ unbound-1.6.0/util/data/msgreply.h 2016-12-06 13:42:51.000000000 +0000 @@ -49,8 +49,14 @@ struct iovec; struct regional; struct edns_data; +struct edns_option; +struct inplace_cb_reply; +struct inplace_cb_query; +struct module_qstate; +struct module_env; struct msg_parse; struct rrset_parse; +struct local_rrset; /** calculate the prefetch TTL as 90% of original. Calculation * without numerical overflow (uin32_t) */ @@ -73,6 +79,23 @@ uint16_t qtype; /** qclass, host byte order */ uint16_t qclass; + /** + * Alias local answer(s) for the qname. If 'qname' is an alias defined + * in a local zone, this field will be set to the corresponding local + * RRset when the alias is determined. + * In the initial implementation this can only be a single CNAME RR + * (or NULL), but it could possibly be extended to be a DNAME or a + * chain of aliases. + * Users of this structure are responsible to initialize this field + * to be NULL; otherwise other part of query handling code may be + * confused. + * Users also have to be careful about the lifetime of data. On return + * from local zone lookup, it may point to data derived from + * configuration that may be dynamically invalidated or data allocated + * in an ephemeral regional allocator. A deep copy of the data may + * have to be generated if it has to be kept during iterative + * resolution. */ + struct local_rrset* local_alias; }; /** @@ -437,4 +460,160 @@ void log_query_info(enum verbosity_value v, const char* str, struct query_info* qinf); +/** + * Append edns option to edns data structure + * @param edns: the edns data structure to append the edns option to. + * @param region: region to allocate the new edns option. + * @param code: the edns option's code. + * @param len: the edns option's length. + * @param data: the edns option's data. + * @return false on failure. + */ +int edns_opt_append(struct edns_data* edns, struct regional* region, + uint16_t code, size_t len, uint8_t* data); + +/** + * Append edns option to edns option list + * @param list: the edns option list to append the edns option to. + * @param code: the edns option's code. + * @param len: the edns option's length. + * @param data: the edns option's data. + * @param region: region to allocate the new edns option. + * @return false on failure. + */ +int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, + uint8_t* data, struct regional* region); + +/** + * Remove any option found on the edns option list that matches the code. + * @param list: the list of edns options. + * @param code: the opt code to remove. + * @return true when at least one edns option was removed, false otherwise. + */ +int edns_opt_list_remove(struct edns_option** list, uint16_t code); + +/** + * Find edns option in edns list + * @param list: list of edns options (eg. edns.opt_list) + * @param code: opt code to find. + * @return NULL or the edns_option element. + */ +struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code); + +/** + * Call the registered functions in the inplace_cb_reply linked list. + * This function is going to get called while answering with a resolved query. + * @param env: module environment. + * @param qinfo: query info. + * @param qstate: module qstate. + * @param rep: Reply info. Could be NULL. + * @param rcode: return code. + * @param edns: edns data of the reply. + * @param region: region to store data. + * @return false on failure (a callback function returned an error). + */ +int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct regional* region); + +/** + * Call the registered functions in the inplace_cb_reply_cache linked list. + * This function is going to get called while answering from cache. + * @param env: module environment. + * @param qinfo: query info. + * @param qstate: module qstate. NULL when replying from cache. + * @param rep: Reply info. + * @param rcode: return code. + * @param edns: edns data of the reply. Edns input can be found here. + * @param region: region to store data. + * @return false on failure (a callback function returned an error). + */ +int inplace_cb_reply_cache_call(struct module_env* env, + struct query_info* qinfo, struct module_qstate* qstate, + struct reply_info* rep, int rcode, struct edns_data* edns, + struct regional* region); + +/** + * Call the registered functions in the inplace_cb_reply_local linked list. + * This function is going to get called while answering with local data. + * @param env: module environment. + * @param qinfo: query info. + * @param qstate: module qstate. NULL when replying from cache. + * @param rep: Reply info. + * @param rcode: return code. + * @param edns: edns data of the reply. Edns input can be found here. + * @param region: region to store data. + * @return false on failure (a callback function returned an error). + */ +int inplace_cb_reply_local_call(struct module_env* env, + struct query_info* qinfo, struct module_qstate* qstate, + struct reply_info* rep, int rcode, struct edns_data* edns, + struct regional* region); + +/** + * Call the registered functions in the inplace_cb_reply linked list. + * This function is going to get called while answering with a servfail. + * @param env: module environment. + * @param qinfo: query info. + * @param qstate: module qstate. Contains the edns option lists. Could be NULL. + * @param rep: Reply info. NULL when servfail. + * @param rcode: return code. LDNS_RCODE_SERVFAIL. + * @param edns: edns data of the reply. Edns input can be found here if qstate + * is NULL. + * @param region: region to store data. + * @return false on failure (a callback function returned an error). + */ +int inplace_cb_reply_servfail_call(struct module_env* env, + struct query_info* qinfo, struct module_qstate* qstate, + struct reply_info* rep, int rcode, struct edns_data* edns, + struct regional* region); + +/** + * Call the registered functions in the inplace_cb_query linked list. + * This function is going to get called just before sending a query to a + * nameserver. + * @param env: module environment. + * @param qinfo: query info. + * @param flags: flags of the query. + * @param addr: to which server to send the query. + * @param addrlen: length of addr. + * @param zone: name of the zone of the delegation point. wireformat dname. + * This is the delegation point name for which the server is deemed + * authoritative. + * @param zonelen: length of zone. + * @param qstate: module qstate. + * @param region: region to store data. + * @return false on failure (a callback function returned an error). + */ +int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, + uint16_t flags, struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* zone, size_t zonelen, struct module_qstate* qstate, + struct regional* region); + +/** + * Copy edns option list allocated to the new region + */ +struct edns_option* edns_opt_copy_region(struct edns_option* list, + struct regional* region); + +/** + * Copy edns option list allocated with malloc + */ +struct edns_option* edns_opt_copy_alloc(struct edns_option* list); + +/** + * Free edns option list allocated with malloc + */ +void edns_opt_list_free(struct edns_option* list); + +/** + * Compare an edns option. (not entire list). Also compares contents. + */ +int edns_opt_compare(struct edns_option* p, struct edns_option* q); + +/** + * Compare edns option lists, also the order and contents of edns-options. + */ +int edns_opt_list_compare(struct edns_option* p, struct edns_option* q); + #endif /* UTIL_DATA_MSGREPLY_H */ diff -Nru unbound-1.5.8/util/fptr_wlist.c unbound-1.6.0/util/fptr_wlist.c --- unbound-1.5.8/util/fptr_wlist.c 2015-04-10 09:59:57.000000000 +0000 +++ unbound-1.6.0/util/fptr_wlist.c 2016-12-06 14:42:20.000000000 +0000 @@ -51,6 +51,7 @@ #include "services/localzone.h" #include "services/cache/infra.h" #include "services/cache/rrset.h" +#include "services/view.h" #include "dns64/dns64.h" #include "iterator/iterator.h" #include "iterator/iter_fwd.h" @@ -78,6 +79,9 @@ #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" #endif +#ifdef USE_CACHEDB +#include "cachedb/cachedb.h" +#endif int fptr_whitelist_comm_point(comm_point_callback_t *fptr) @@ -200,6 +204,7 @@ else if(fptr == &val_neg_zone_compare) return 1; else if(fptr == &probetree_cmp) return 1; else if(fptr == &replay_var_compare) return 1; + else if(fptr == &view_cmp) return 1; return 0; } @@ -262,11 +267,9 @@ /** whitelist env->send_query callbacks */ int fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)( - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, - struct module_qstate* q)) + struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, + int nocaps, struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* zone, size_t zonelen, int ssl_upstream, struct module_qstate* q)) { if(fptr == &worker_send_query) return 1; else if(fptr == &libworker_send_query) return 1; @@ -315,6 +318,9 @@ #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_init) return 1; #endif +#ifdef USE_CACHEDB + else if(fptr == &cachedb_init) return 1; +#endif return 0; } @@ -327,6 +333,9 @@ #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_deinit) return 1; #endif +#ifdef USE_CACHEDB + else if(fptr == &cachedb_deinit) return 1; +#endif return 0; } @@ -340,6 +349,9 @@ #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_operate) return 1; #endif +#ifdef USE_CACHEDB + else if(fptr == &cachedb_operate) return 1; +#endif return 0; } @@ -353,6 +365,9 @@ #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_inform_super) return 1; #endif +#ifdef USE_CACHEDB + else if(fptr == &cachedb_inform_super) return 1; +#endif return 0; } @@ -366,6 +381,9 @@ #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_clear) return 1; #endif +#ifdef USE_CACHEDB + else if(fptr == &cachedb_clear) return 1; +#endif return 0; } @@ -378,6 +396,9 @@ #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_get_mem) return 1; #endif +#ifdef USE_CACHEDB + else if(fptr == &cachedb_get_mem) return 1; +#endif return 0; } @@ -411,3 +432,34 @@ else if(fptr == &remote_get_opt_ssl) return 1; return 0; } + +int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr, + enum inplace_cb_list_type type) +{ +#ifndef WITH_PYTHONMODULE + (void)fptr; +#endif + if(type == inplace_cb_reply) { +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif + } else if(type == inplace_cb_reply_cache) { +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif + } else if(type == inplace_cb_reply_local) { +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif + } else if(type == inplace_cb_reply_servfail) { +#ifdef WITH_PYTHONMODULE + if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif + } + return 0; +} + +int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_t* ATTR_UNUSED(fptr)) +{ + return 0; +} diff -Nru unbound-1.5.8/util/fptr_wlist.h unbound-1.6.0/util/fptr_wlist.h --- unbound-1.5.8/util/fptr_wlist.h 2014-11-18 15:15:57.000000000 +0000 +++ unbound-1.6.0/util/fptr_wlist.h 2016-12-06 13:42:51.000000000 +0000 @@ -210,11 +210,9 @@ * @return false if not in whitelist. */ int fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)( - uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, - struct module_qstate* q)); + struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, + int nocaps, struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* zone, size_t zonelen, int ssl_upstream, struct module_qstate* q)); /** * Check function pointer whitelist for module_env detach_subs callback values. @@ -335,6 +333,24 @@ */ int fptr_whitelist_print_func(void (*fptr)(char*,void*)); +/** + * Check function pointer whitelist for inplace_cb_reply, + * inplace_cb_reply_cache, inplace_cb_reply_local and inplace_cb_reply_servfail + * func values. + * @param fptr: function pointer to check. + * @param type: the type of the callback function. + * @return false if not in whitelist. + */ +int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr, + enum inplace_cb_list_type type); + +/** + * Check function pointer whitelist for inplace_cb_query func values. + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_t* fptr); + /** Due to module breakage by fptr wlist, these test app declarations * are presented here */ /** diff -Nru unbound-1.5.8/util/iana_ports.inc unbound-1.6.0/util/iana_ports.inc --- unbound-1.5.8/util/iana_ports.inc 2016-02-19 14:38:48.000000000 +0000 +++ unbound-1.6.0/util/iana_ports.inc 2016-11-30 11:22:29.000000000 +0000 @@ -1186,6 +1186,7 @@ 1525, 1526, 1527, +1528, 1529, 1530, 1531, @@ -3844,6 +3845,8 @@ 4412, 4413, 4416, +4418, +4420, 4425, 4426, 4430, @@ -3904,6 +3907,7 @@ 4599, 4600, 4601, +4621, 4658, 4659, 4660, @@ -3958,12 +3962,15 @@ 4743, 4744, 4745, +4746, 4747, 4749, 4750, 4751, 4752, 4753, +4754, +4755, 4784, 4785, 4789, @@ -4222,6 +4229,7 @@ 5436, 5437, 5443, +5450, 5453, 5454, 5455, @@ -4493,6 +4501,7 @@ 6626, 6627, 6628, +6629, 6633, 6634, 6635, @@ -4522,7 +4531,6 @@ 6786, 6787, 6788, -6789, 6790, 6791, 6801, @@ -4598,6 +4606,7 @@ 7201, 7227, 7235, +7244, 7262, 7272, 7273, @@ -4651,6 +4660,7 @@ 7570, 7574, 7588, +7606, 7624, 7627, 7628, @@ -4876,6 +4886,7 @@ 9024, 9025, 9026, +9060, 9080, 9084, 9085, @@ -5202,6 +5213,7 @@ 18463, 18634, 18635, +18668, 18769, 18881, 18888, @@ -5209,6 +5221,7 @@ 19007, 19191, 19194, +19220, 19283, 19315, 19398, @@ -5269,6 +5282,7 @@ 23004, 23005, 23272, +23294, 23333, 23400, 23401, @@ -5371,6 +5385,7 @@ 34249, 34378, 34379, +34567, 34962, 34963, 34964, @@ -5418,6 +5433,7 @@ 44900, 45000, 45054, +45514, 45678, 45825, 45966, diff -Nru unbound-1.5.8/util/module.c unbound-1.6.0/util/module.c --- unbound-1.5.8/util/module.c 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/util/module.c 2016-12-06 14:15:49.000000000 +0000 @@ -39,6 +39,7 @@ #include "config.h" #include "util/module.h" +#include "sldns/wire2str.h" const char* strextstate(enum module_ext_state s) @@ -69,3 +70,256 @@ } return "bad_event_value"; } + +int +edns_known_options_init(struct module_env* env) +{ + env->edns_known_options_num = 0; + env->edns_known_options = (struct edns_known_option*)calloc( + MAX_KNOWN_EDNS_OPTS, sizeof(struct edns_known_option)); + if(!env->edns_known_options) return 0; + return 1; +} + +void +edns_known_options_delete(struct module_env* env) +{ + free(env->edns_known_options); + env->edns_known_options = NULL; + env->edns_known_options_num = 0; +} + +int +edns_register_option(uint16_t opt_code, int bypass_cache_stage, + int no_aggregation, struct module_env* env) +{ + size_t i; + if(env->worker) { + log_err("invalid edns registration: " + "trying to register option after module init phase"); + return 0; + } + + /** + * Checking if we are full first is faster but it does not provide + * the option to change the flags when the array is full. + * It only impacts unbound initialization, leave it for now. + */ + /* Check if the option is already registered. */ + for(i=0; iedns_known_options_num; i++) + if(env->edns_known_options[i].opt_code == opt_code) + break; + /* If it is not yet registered check if we have space to add a new one. */ + if(i == env->edns_known_options_num) { + if(env->edns_known_options_num >= MAX_KNOWN_EDNS_OPTS) { + log_err("invalid edns registration: maximum options reached"); + return 0; + } + env->edns_known_options_num++; + } + env->edns_known_options[i].opt_code = opt_code; + env->edns_known_options[i].bypass_cache_stage = bypass_cache_stage; + env->edns_known_options[i].no_aggregation = no_aggregation; + return 1; +} + +static int +inplace_cb_reply_register_generic(inplace_cb_reply_func_t* cb, + enum inplace_cb_list_type type, void* cb_arg, struct module_env* env) +{ + struct inplace_cb_reply* callback; + struct inplace_cb_reply** prevp; + if(env->worker) { + log_err("invalid edns callback registration: " + "trying to register callback after module init phase"); + return 0; + } + + callback = (struct inplace_cb_reply*)calloc(1, sizeof(*callback)); + if(callback == NULL) { + log_err("out of memory during edns callback registration."); + return 0; + } + callback->next = NULL; + callback->cb = cb; + callback->cb_arg = cb_arg; + + prevp = (struct inplace_cb_reply**) &env->inplace_cb_lists[type]; + /* append at end of list */ + while(*prevp != NULL) + prevp = &((*prevp)->next); + *prevp = callback; + return 1; +} + +int +inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg, + struct module_env* env) +{ + return inplace_cb_reply_register_generic(cb, inplace_cb_reply, cb_arg, + env); +} + +int +inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg, + struct module_env* env) +{ + return inplace_cb_reply_register_generic(cb, inplace_cb_reply_cache, + cb_arg, env); +} + +int +inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg, + struct module_env* env) +{ + return inplace_cb_reply_register_generic(cb, inplace_cb_reply_local, + cb_arg, env); +} + +int +inplace_cb_reply_servfail_register(inplace_cb_reply_func_t* cb, void* cb_arg, + struct module_env* env) +{ + return inplace_cb_reply_register_generic(cb, inplace_cb_reply_servfail, + cb_arg, env); +} + +static void +inplace_cb_reply_delete_generic(struct module_env* env, + enum inplace_cb_list_type type) +{ + struct inplace_cb_reply* curr = env->inplace_cb_lists[type]; + struct inplace_cb_reply* tmp; + /* delete list */ + while(curr) { + tmp = curr->next; + free(curr); + curr = tmp; + } + /* update head pointer */ + env->inplace_cb_lists[type] = NULL; +} + +void inplace_cb_reply_delete(struct module_env* env) +{ + inplace_cb_reply_delete_generic(env, inplace_cb_reply); +} + +void inplace_cb_reply_cache_delete(struct module_env* env) +{ + inplace_cb_reply_delete_generic(env, inplace_cb_reply_cache); +} + +void inplace_cb_reply_servfail_delete(struct module_env* env) +{ + inplace_cb_reply_delete_generic(env, inplace_cb_reply_servfail); +} + +int +inplace_cb_query_register(inplace_cb_query_func_t* cb, void* cb_arg, + struct module_env* env) +{ + struct inplace_cb_query* callback; + struct inplace_cb_query** prevp; + if(env->worker) { + log_err("invalid edns callback registration: " + "trying to register callback after module init phase"); + return 0; + } + + callback = (struct inplace_cb_query*)calloc(1, sizeof(*callback)); + if(callback == NULL) { + log_err("out of memory during edns callback registration."); + return 0; + } + callback->next = NULL; + callback->cb = cb; + callback->cb_arg = cb_arg; + + prevp = (struct inplace_cb_query**) + &env->inplace_cb_lists[inplace_cb_query]; + /* append at end of list */ + while(*prevp != NULL) + prevp = &((*prevp)->next); + *prevp = callback; + return 1; +} + +void +inplace_cb_query_delete(struct module_env* env) +{ + struct inplace_cb_query* curr = env->inplace_cb_lists[inplace_cb_query]; + struct inplace_cb_query* tmp; + /* delete list */ + while(curr) { + tmp = curr->next; + free(curr); + curr = tmp; + } + /* update head pointer */ + env->inplace_cb_lists[inplace_cb_query] = NULL; +} + +void +inplace_cb_lists_delete(struct module_env* env) +{ + inplace_cb_reply_delete(env); + inplace_cb_reply_cache_delete(env); + inplace_cb_reply_servfail_delete(env); + inplace_cb_query_delete(env); +} + +struct edns_known_option* +edns_option_is_known(uint16_t opt_code, struct module_env* env) +{ + size_t i; + for(i=0; iedns_known_options_num; i++) + if(env->edns_known_options[i].opt_code == opt_code) + return env->edns_known_options + i; + return NULL; +} + +int +edns_bypass_cache_stage(struct edns_option* list, struct module_env* env) +{ + size_t i; + for(; list; list=list->next) + for(i=0; iedns_known_options_num; i++) + if(env->edns_known_options[i].opt_code == list->opt_code && + env->edns_known_options[i].bypass_cache_stage == 1) + return 1; + return 0; +} + +int +edns_unique_mesh_state(struct edns_option* list, struct module_env* env) +{ + size_t i; + for(; list; list=list->next) + for(i=0; iedns_known_options_num; i++) + if(env->edns_known_options[i].opt_code == list->opt_code && + env->edns_known_options[i].no_aggregation == 1) + return 1; + return 0; +} + +void +log_edns_known_options(enum verbosity_value level, struct module_env* env) +{ + size_t i; + char str[32], *s; + size_t slen; + if(env->edns_known_options_num > 0 && verbosity >= level) { + verbose(level, "EDNS known options:"); + verbose(level, " Code: Bypass_cache_stage: Aggregate_mesh:"); + for(i=0; iedns_known_options_num; i++) { + s = str; + slen = sizeof(str); + (void)sldns_wire2str_edns_option_code_print(&s, &slen, + env->edns_known_options[i].opt_code); + verbose(level, " %-8.8s %-19s %-15s", str, + env->edns_known_options[i].bypass_cache_stage?"YES":"NO", + env->edns_known_options[i].no_aggregation?"NO":"YES"); + } + } +} diff -Nru unbound-1.5.8/util/module.h unbound-1.6.0/util/module.h --- unbound-1.5.8/util/module.h 2014-11-18 15:15:57.000000000 +0000 +++ unbound-1.6.0/util/module.h 2016-12-06 13:42:51.000000000 +0000 @@ -178,6 +178,115 @@ /** Maximum number of modules in operation */ #define MAX_MODULE 5 +/** Maximum number of known edns options */ +#define MAX_KNOWN_EDNS_OPTS 256 + +enum inplace_cb_list_type { + /* Inplace callbacks for when a resolved reply is ready to be sent to the + * front.*/ + inplace_cb_reply = 0, + /* Inplace callbacks for when a reply is given from the cache. */ + inplace_cb_reply_cache, + /* Inplace callbacks for when a reply is given with local data + * (or Chaos reply). */ + inplace_cb_reply_local, + /* Inplace callbacks for when the reply is servfail. */ + inplace_cb_reply_servfail, + /* Inplace callbacks for when a query is ready to be sent to the back.*/ + inplace_cb_query, + /* Total number of types. Used for array initialization. + * Should always be last. */ + inplace_cb_types_total +}; + + +/** Known edns option. Can be populated during modules' init. */ +struct edns_known_option { + /** type of this edns option */ + uint16_t opt_code; + /** whether the option needs to bypass the cache stage */ + int bypass_cache_stage; + /** whether the option needs mesh aggregation */ + int no_aggregation; +}; + +/** + * Inplace callback function called before replying. + * Called as func(edns, qstate, opt_list_out, qinfo, reply_info, rcode, + * region, python_callback) + * Where: + * qinfo: the query info. + * qstate: the module state. NULL when calling before the query reaches the + * mesh states. + * rep: reply_info. Could be NULL. + * rcode: the return code. + * edns: the edns_data of the reply. When qstate is NULL, it is also used as + * the edns input. + * opt_list_out: the edns options list for the reply. + * region: region to store data. + * python_callback: only used for registering a python callback function. + */ +typedef int inplace_cb_reply_func_t(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct regional* region, void* python_callback); + +/** + * Inplace callback list of registered routines to be called before replying + * with a resolved query. + */ +struct inplace_cb_reply { + /** next in list */ + struct inplace_cb_reply* next; + /** + * Inplace callback routine for cache stage response. + * called as cb(qinfo, qstate, qinfo, reply_info, rcode, edns, + * opt_list_out, region, python_callback); + * python_callback is only used for registering a python callback function. + */ + inplace_cb_reply_func_t* cb; + void* cb_arg; +}; + +/** + * Inplace callback function called before sending the query to a nameserver. + * Called as func(qinfo, flags, qstate, addr, addrlen, zone, zonelen, region, + * python_callback) + * Where: + * qinfo: query info. + * flags: flags of the query. + * qstate: query state. + * addr: to which server to send the query. + * addrlen: length of addr. + * zone: name of the zone of the delegation point. wireformat dname. + * This is the delegation point name for which the server is deemed + * authoritative. + * zonelen: length of zone. + * region: region to store data. + * python_callback: only used for registering a python callback function. + */ +typedef int inplace_cb_query_func_t(struct query_info* qinfo, uint16_t flags, + struct module_qstate* qstate, struct sockaddr_storage* addr, + socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, + void* python_callback); + +/** + * Inplace callback list of registered routines to be called before quering a + * nameserver. + */ +struct inplace_cb_query { + /** next in list */ + struct inplace_cb_query* next; + /** + * Inplace callback routine for cache stage response. + * called as cb(qinfo, flags, qstate, addr, addrlen, zone, zonelen, + * region, python_callback); + * python_callback is only used for registering a python callback function. + */ + inplace_cb_query_func_t* cb; + void* cb_arg; +}; + /** * Module environment. * Services and data provided to the module. @@ -202,10 +311,7 @@ * will cause operate() to be called with event timeout or reply. * The time until a timeout is calculated from roundtrip timing, * several UDP retries are attempted. - * @param qname: query name. (host order) - * @param qnamelen: length in bytes of qname, including trailing 0. - * @param qtype: query type. (host order) - * @param qclass: query class. (host order) + * @param qinfo: query info. * @param flags: host order flags word, with opcode and CD bit. * @param dnssec: if set, EDNS record will have bits set. * If EDNS_DO bit is set, DO bit is set in EDNS records. @@ -218,16 +324,17 @@ * @param addrlen: length of addr. * @param zone: delegation point name. * @param zonelen: length of zone name. + * @param ssl_upstream: use SSL for upstream queries. * @param q: wich query state to reactivate upon return. * @return: false on failure (memory or socket related). no query was * sent. Or returns an outbound entry with qsent and qstate set. * This outbound_entry will be used on later module invocations * that involve this query (timeout, error or reply). */ - struct outbound_entry* (*send_query)(uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec, - int want_dnssec, int nocaps, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* zone, size_t zonelen, + struct outbound_entry* (*send_query)(struct query_info* qinfo, + uint16_t flags, int dnssec, int want_dnssec, int nocaps, + struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* zone, size_t zonelen, int ssl_upstream, struct module_qstate* q); /** @@ -333,6 +440,17 @@ struct iter_hints* hints; /** module specific data. indexed by module id. */ void* modinfo[MAX_MODULE]; + + /* Shared linked list of inplace callback functions */ + void* inplace_cb_lists[inplace_cb_types_total]; + + /** + * Shared array of known edns options (size MAX_KNOWN_EDNS_OPTS). + * Filled by edns literate modules during init. + */ + struct edns_known_option* edns_known_options; + /* Number of known edns options */ + size_t edns_known_options_num; }; /** @@ -431,6 +549,19 @@ struct mesh_state* mesh_info; /** how many seconds before expiry is this prefetched (0 if not) */ time_t prefetch_leeway; + + /** incoming edns options from the front end */ + struct edns_option* edns_opts_front_in; + /** outgoing edns options to the back end */ + struct edns_option* edns_opts_back_out; + /** incoming edns options from the back end */ + struct edns_option* edns_opts_back_in; + /** outgoing edns options to the front end */ + struct edns_option* edns_opts_front_out; + /** whether modules should answer from the cache */ + int no_cache_lookup; + /** whether modules should store answer in the cache */ + int no_cache_store; }; /** @@ -520,4 +651,156 @@ */ const char* strmodulevent(enum module_ev e); +/** + * Initialize the edns known options by allocating the required space. + * @param env: the module environment. + * @return false on failure (no memory). + */ +int edns_known_options_init(struct module_env* env); + +/** + * Free the allocated space for the known edns options. + * @param env: the module environment. + */ +void edns_known_options_delete(struct module_env* env); + +/** + * Register a known edns option. Overwrite the flags if it is already + * registered. Used before creating workers to register known edns options. + * @param opt_code: the edns option code. + * @param bypass_cache_stage: whether the option interacts with the cache. + * @param no_aggregation: whether the option implies more specific + * aggregation. + * @param env: the module environment. + * @return true on success, false on failure (registering more options than + * allowed or trying to register after the environment is copied to the + * threads.) + */ +int edns_register_option(uint16_t opt_code, int bypass_cache_stage, + int no_aggregation, struct module_env* env); + +/** + * Register an inplace callback function called before replying with a resolved + * query. + * @param cb: pointer to the callback function. + * @param cb_arg: optional argument for the callback function. + * @param env: the module environment. + * @return true on success, false on failure (out of memory or trying to + * register after the environment is copied to the threads.) + */ +int inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg, + struct module_env* env); + +/** + * Register an inplace callback function called before replying from the cache. + * @param cb: pointer to the callback function. + * @param cb_arg: optional argument for the callback function. + * @param env: the module environment. + * @return true on success, false on failure (out of memory or trying to + * register after the environment is copied to the threads.) + */ +int inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg, + struct module_env* env); + +/** + * Register an inplace callback function called before replying with local + * data or Chaos reply. + * @param cb: pointer to the callback function. + * @param cb_arg: optional argument for the callback function. + * @param env: the module environment. + * @return true on success, false on failure (out of memory or trying to + * register after the environment is copied to the threads.) + */ +int inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg, + struct module_env* env); + +/** + * Register an inplace callback function called before replying with servfail. + * @param cb: pointer to the callback function. + * @param cb_arg: optional argument for the callback function. + * @param env: the module environment. + * @return true on success, false on failure (out of memory or trying to + * register after the environment is copied to the threads.) + */ +int inplace_cb_reply_servfail_register(inplace_cb_reply_func_t* cb, + void* cb_arg, struct module_env* env); + +/** + * Delete the inplace_cb_reply callback linked list. + * @param env: the module environment. + */ +void inplace_cb_reply_delete(struct module_env* env); + +/** + * Delete the inplace_cb_reply_cache callback linked list. + * @param env: the module environment. + */ +void inplace_cb_reply_cache_delete(struct module_env* env); + +/** + * Delete the inplace_cb_reply_servfail callback linked list. + * @param env: the module environment. + */ +void inplace_cb_reply_servfail_delete(struct module_env* env); + +/** + * Register an inplace callback function called before quering a nameserver. + * @param cb: pointer to the callback function. + * @param cb_arg: optional argument for the callback function. + * @param env: the module environment. + * @return true on success, false on failure (out of memory or trying to + * register after the environment is copied to the threads.) + */ +int inplace_cb_query_register(inplace_cb_query_func_t* cb, void* cb_arg, + struct module_env* env); + +/** + * Delete the inplace_cb_query callback linked list. + * @param env: the module environment. + */ +void inplace_cb_query_delete(struct module_env* env); + +/** + * Delete all the inplace callback linked lists. + * @param env: the module environment. + */ +void inplace_cb_lists_delete(struct module_env* env); + +/** + * Check if an edns option is known. + * @param opt_code: the edns option code. + * @param env: the module environment. + * @return pointer to registered option if the edns option is known, + * NULL otherwise. + */ +struct edns_known_option* edns_option_is_known(uint16_t opt_code, + struct module_env* env); + +/** + * Check if an edns option needs to bypass the reply from cache stage. + * @param list: the edns options. + * @param env: the module environment. + * @return true if an edns option needs to bypass the cache stage, + * false otherwise. + */ +int edns_bypass_cache_stage(struct edns_option* list, + struct module_env* env); + +/** + * Check if an edns option needs a unique mesh state. + * @param list: the edns options. + * @param env: the module environment. + * @return true if an edns option needs a unique mesh state, + * false otherwise. + */ +int edns_unique_mesh_state(struct edns_option* list, struct module_env* env); + +/** + * Log the known edns options. + * @param level: the desired verbosity level. + * @param env: the module environment. + */ +void log_edns_known_options(enum verbosity_value level, + struct module_env* env); + #endif /* UTIL_MODULE_H */ diff -Nru unbound-1.5.8/util/netevent.c unbound-1.6.0/util/netevent.c --- unbound-1.5.8/util/netevent.c 2016-02-15 09:54:52.000000000 +0000 +++ unbound-1.6.0/util/netevent.c 2016-08-03 06:20:26.000000000 +0000 @@ -40,6 +40,7 @@ */ #include "config.h" #include "util/netevent.h" +#include "util/ub_event.h" #include "util/log.h" #include "util/net_help.h" #include "util/fptr_wlist.h" @@ -79,8 +80,10 @@ # endif #endif -/** The TCP reading or writing query timeout in seconds */ -#define TCP_QUERY_TIMEOUT 120 +/** The TCP reading or writing query timeout in milliseconds */ +#define TCP_QUERY_TIMEOUT 120000 +/** The TCP timeout in msec for fast queries, above half are used */ +#define TCP_QUERY_TIMEOUT_FAST 200 #ifndef NONBLOCKING_IS_BROKEN /** number of UDP reads to perform per read indication from select */ @@ -89,48 +92,29 @@ #define NUM_UDP_PER_SELECT 1 #endif -/* We define libevent structures here to hide the libevent stuff. */ - -#ifdef USE_MINI_EVENT -# ifdef USE_WINSOCK -# include "util/winsock_event.h" -# else -# include "util/mini_event.h" -# endif /* USE_WINSOCK */ -#else /* USE_MINI_EVENT */ - /* we use libevent */ -# ifdef HAVE_EVENT_H -# include -# else -# include "event2/event.h" -# include "event2/event_struct.h" -# include "event2/event_compat.h" -# endif -#endif /* USE_MINI_EVENT */ - /** - * The internal event structure for keeping libevent info for the event. + * The internal event structure for keeping ub_event info for the event. * Possibly other structures (list, tree) this is part of. */ struct internal_event { /** the comm base */ struct comm_base* base; - /** libevent event type, alloced here */ - struct event ev; + /** ub_event event type */ + struct ub_event* ev; }; /** * Internal base structure, so that every thread has its own events. */ struct internal_base { - /** libevent event_base type. */ - struct event_base* base; + /** ub_event event_base type. */ + struct ub_event_base* base; /** seconds time pointer points here */ time_t secs; /** timeval with current time */ struct timeval now; /** the event used for slow_accept timeouts */ - struct event slow_accept; + struct ub_event* slow_accept; /** true if slow_accept is enabled */ int slow_accept_enabled; }; @@ -139,10 +123,12 @@ * Internal timer structure, to store timer event in. */ struct internal_timer { + /** the super struct from which derived */ + struct comm_timer super; /** the comm base */ struct comm_base* base; - /** libevent event type, alloced here */ - struct event ev; + /** ub_event event type */ + struct ub_event* ev; /** is timer enabled */ uint8_t enabled; }; @@ -151,8 +137,8 @@ * Internal signal structure, to store signal event in. */ struct internal_signal { - /** libevent event type, alloced here */ - struct event ev; + /** ub_event event type */ + struct ub_event* ev; /** next in signal list */ struct internal_signal* next; }; @@ -164,26 +150,13 @@ /* -------- End of local definitions -------- */ -#ifdef USE_MINI_EVENT -/** minievent updates the time when it blocks. */ -#define comm_base_now(x) /* nothing to do */ -#else /* !USE_MINI_EVENT */ -/** fillup the time values in the event base */ -static void -comm_base_now(struct comm_base* b) -{ - if(gettimeofday(&b->eb->now, NULL) < 0) { - log_err("gettimeofday: %s", strerror(errno)); - } - b->eb->secs = (time_t)b->eb->now.tv_sec; -} -#endif /* USE_MINI_EVENT */ - struct comm_base* comm_base_create(int sigs) { struct comm_base* b = (struct comm_base*)calloc(1, sizeof(struct comm_base)); + const char *evnm="event", *evsys="", *evmethod=""; + if(!b) return NULL; b->eb = (struct internal_base*)calloc(1, sizeof(struct internal_base)); @@ -191,55 +164,20 @@ free(b); return NULL; } -#ifdef USE_MINI_EVENT - (void)sigs; - /* use mini event time-sharing feature */ - b->eb->base = event_init(&b->eb->secs, &b->eb->now); -#else -# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - /* libev */ - if(sigs) - b->eb->base=(struct event_base *)ev_default_loop(EVFLAG_AUTO); - else - b->eb->base=(struct event_base *)ev_loop_new(EVFLAG_AUTO); -# else - (void)sigs; -# ifdef HAVE_EVENT_BASE_NEW - b->eb->base = event_base_new(); -# else - b->eb->base = event_init(); -# endif -# endif -#endif + b->eb->base = ub_default_event_base(sigs, &b->eb->secs, &b->eb->now); if(!b->eb->base) { free(b->eb); free(b); return NULL; } - comm_base_now(b); - /* avoid event_get_method call which causes crashes even when - * not printing, because its result is passed */ - verbose(VERB_ALGO, -#if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) - "libev" -#elif defined(USE_MINI_EVENT) - "event " -#else - "libevent " -#endif - "%s uses %s method.", - event_get_version(), -#ifdef HAVE_EVENT_BASE_GET_METHOD - event_base_get_method(b->eb->base) -#else - "not_obtainable" -#endif - ); + ub_comm_base_now(b); + ub_get_event_sys(b->eb->base, &evnm, &evsys, &evmethod); + verbose(VERB_ALGO, "%s %s user %s method.", evnm, evsys, evmethod); return b; } struct comm_base* -comm_base_create_event(struct event_base* base) +comm_base_create_event(struct ub_event_base* base) { struct comm_base* b = (struct comm_base*)calloc(1, sizeof(struct comm_base)); @@ -251,7 +189,7 @@ return NULL; } b->eb->base = base; - comm_base_now(b); + ub_comm_base_now(b); return b; } @@ -261,18 +199,12 @@ if(!b) return; if(b->eb->slow_accept_enabled) { - if(event_del(&b->eb->slow_accept) != 0) { + if(ub_event_del(b->eb->slow_accept) != 0) { log_err("could not event_del slow_accept"); } + ub_event_free(b->eb->slow_accept); } -#ifdef USE_MINI_EVENT - event_base_free(b->eb->base); -#elif defined(HAVE_EVENT_BASE_FREE) && defined(HAVE_EVENT_BASE_ONCE) - /* only libevent 1.2+ has it, but in 1.2 it is broken - - assertion fails on signal handling ev that is not deleted - in libevent 1.3c (event_base_once appears) this is fixed. */ - event_base_free(b->eb->base); -#endif /* HAVE_EVENT_BASE_FREE and HAVE_EVENT_BASE_ONCE */ + ub_event_base_free(b->eb->base); b->eb->base = NULL; free(b->eb); free(b); @@ -284,9 +216,10 @@ if(!b) return; if(b->eb->slow_accept_enabled) { - if(event_del(&b->eb->slow_accept) != 0) { + if(ub_event_del(b->eb->slow_accept) != 0) { log_err("could not event_del slow_accept"); } + ub_event_free(b->eb->slow_accept); } b->eb->base = NULL; free(b->eb); @@ -304,8 +237,8 @@ comm_base_dispatch(struct comm_base* b) { int retval; - retval = event_base_dispatch(b->eb->base); - if(retval != 0) { + retval = ub_event_base_dispatch(b->eb->base); + if(retval < 0) { fatal_exit("event_dispatch returned error %d, " "errno is %s", retval, strerror(errno)); } @@ -313,7 +246,7 @@ void comm_base_exit(struct comm_base* b) { - if(event_base_loopexit(b->eb->base, NULL) != 0) { + if(ub_event_base_loopexit(b->eb->base) != 0) { log_err("Could not loopexit"); } } @@ -326,7 +259,7 @@ b->cb_arg = arg; } -struct event_base* comm_base_internal(struct comm_base* b) +struct ub_event_base* comm_base_internal(struct comm_base* b) { return b->eb->base; } @@ -648,10 +581,10 @@ rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); - if(!(event&EV_READ)) + if(!(event&UB_EV_READ)) return; log_assert(rep.c && rep.c->buffer && rep.c->fd == fd); - comm_base_now(rep.c->ev->base); + ub_comm_base_now(rep.c->ev->base); for(i=0; ibuffer); rep.addrlen = (socklen_t)sizeof(rep.addr); @@ -736,10 +669,10 @@ rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); - if(!(event&EV_READ)) + if(!(event&UB_EV_READ)) return; log_assert(rep.c && rep.c->buffer && rep.c->fd == fd); - comm_base_now(rep.c->ev->base); + ub_comm_base_now(rep.c->ev->base); for(i=0; ibuffer); rep.addrlen = (socklen_t)sizeof(rep.addr); @@ -779,14 +712,20 @@ /** Use a new tcp handler for new query fd, set to read query */ static void -setup_tcp_handler(struct comm_point* c, int fd) +setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) { log_assert(c->type == comm_tcp); log_assert(c->fd == -1); sldns_buffer_clear(c->buffer); c->tcp_is_reading = 1; c->tcp_byte_count = 0; - comm_point_start_listening(c, fd, TCP_QUERY_TIMEOUT); + c->tcp_timeout_msec = TCP_QUERY_TIMEOUT; + /* if more than half the tcp handlers are in use, use a shorter + * timeout for this TCP connection, we need to make space for + * other connections to be able to get attention */ + if(cur > max/2) + c->tcp_timeout_msec = TCP_QUERY_TIMEOUT_FAST; + comm_point_start_listening(c, fd, c->tcp_timeout_msec); } void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), @@ -838,16 +777,17 @@ (*b->stop_accept)(b->cb_arg); /* set timeout, no mallocs */ tv.tv_sec = NETEVENT_SLOW_ACCEPT_TIME/1000; - tv.tv_usec = NETEVENT_SLOW_ACCEPT_TIME%1000; - event_set(&b->eb->slow_accept, -1, EV_TIMEOUT, + tv.tv_usec = (NETEVENT_SLOW_ACCEPT_TIME%1000)*1000; + b->eb->slow_accept = ub_event_new(b->eb->base, + -1, UB_EV_TIMEOUT, comm_base_handle_slow_accept, b); - if(event_base_set(b->eb->base, - &b->eb->slow_accept) != 0) { + if(b->eb->slow_accept == NULL) { /* we do not want to log here, because * that would spam the logfiles. * error: "event_base_set failed." */ } - if(event_add(&b->eb->slow_accept, &tv) != 0) { + else if(ub_event_add(b->eb->slow_accept, &tv) + != 0) { /* we do not want to log here, * error: "event_add failed." */ } @@ -861,7 +801,7 @@ WSAGetLastError() == WSAECONNRESET) return -1; if(WSAGetLastError() == WSAEWOULDBLOCK) { - winsock_tcp_wouldblock(&c->ev->ev, EV_READ); + ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return -1; } log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), @@ -885,14 +825,14 @@ if( (oper == (BIO_CB_READ|BIO_CB_RETURN) && argl == 0) || (oper == (BIO_CB_GETS|BIO_CB_RETURN) && argl == 0)) { if(WSAGetLastError() == WSAEWOULDBLOCK) - winsock_tcp_wouldblock((struct event*) - BIO_get_callback_arg(b), EV_READ); + ub_winsock_tcp_wouldblock((struct ub_event*) + BIO_get_callback_arg(b), UB_EV_READ); } if( (oper == (BIO_CB_WRITE|BIO_CB_RETURN) && argl == 0) || (oper == (BIO_CB_PUTS|BIO_CB_RETURN) && argl == 0)) { if(WSAGetLastError() == WSAEWOULDBLOCK) - winsock_tcp_wouldblock((struct event*) - BIO_get_callback_arg(b), EV_WRITE); + ub_winsock_tcp_wouldblock((struct ub_event*) + BIO_get_callback_arg(b), UB_EV_WRITE); } /* return original return value */ return retvalue; @@ -905,9 +845,9 @@ SSL* ssl = (SSL*)thessl; /* set them both just in case, but usually they are the same BIO */ BIO_set_callback(SSL_get_rbio(ssl), &win_bio_cb); - BIO_set_callback_arg(SSL_get_rbio(ssl), (char*)&c->ev->ev); + BIO_set_callback_arg(SSL_get_rbio(ssl), (char*)c->ev->ev); BIO_set_callback(SSL_get_wbio(ssl), &win_bio_cb); - BIO_set_callback_arg(SSL_get_wbio(ssl), (char*)&c->ev->ev); + BIO_set_callback_arg(SSL_get_wbio(ssl), (char*)c->ev->ev); } #endif @@ -917,11 +857,11 @@ struct comm_point* c = (struct comm_point*)arg, *c_hdl; int new_fd; log_assert(c->type == comm_tcp_accept); - if(!(event & EV_READ)) { + if(!(event & UB_EV_READ)) { log_info("ignoring tcp accept event %d", (int)event); return; } - comm_base_now(c->ev->base); + ub_comm_base_now(c->ev->base); /* find free tcp handler. */ if(!c->tcp_free) { log_warn("accepted too many tcp, connections full"); @@ -930,6 +870,7 @@ /* accept incoming connection. */ c_hdl = c->tcp_free; log_assert(fd != -1); + (void)fd; new_fd = comm_point_perform_accept(c, &c_hdl->repinfo.addr, &c_hdl->repinfo.addrlen); if(new_fd == -1) @@ -954,7 +895,7 @@ /* stop accepting incoming queries for now. */ comm_point_stop_listening(c); } - setup_tcp_handler(c_hdl, new_fd); + setup_tcp_handler(c_hdl, new_fd, c->cur_tcp_count, c->max_tcp_count); } /** Make tcp handler free for next assignment */ @@ -1008,7 +949,7 @@ comm_point_stop_listening(c); fptr_ok(fptr_whitelist_comm_point(c->callback)); if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) { - comm_point_start_listening(c, -1, TCP_QUERY_TIMEOUT); + comm_point_start_listening(c, -1, c->tcp_timeout_msec); } } @@ -1297,7 +1238,8 @@ if(WSAGetLastError() == WSAEINPROGRESS) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { - winsock_tcp_wouldblock(&c->ev->ev, EV_READ); + ub_winsock_tcp_wouldblock(c->ev->ev, + UB_EV_READ); return 1; } log_err_addr("read (in tcp s)", @@ -1342,7 +1284,7 @@ if(WSAGetLastError() == WSAEINPROGRESS) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { - winsock_tcp_wouldblock(&c->ev->ev, EV_READ); + ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return 1; } log_err_addr("read (in tcp r)", @@ -1401,7 +1343,7 @@ if(error == WSAEINPROGRESS) return 1; else if(error == WSAEWOULDBLOCK) { - winsock_tcp_wouldblock(&c->ev->ev, EV_WRITE); + ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); return 1; } else if(error != 0 && verbosity < 2) return 0; @@ -1415,6 +1357,59 @@ if(c->ssl) return ssl_handle_it(c); +#ifdef USE_MSG_FASTOPEN + /* Only try this on first use of a connection that uses tfo, + otherwise fall through to normal write */ + /* Also, TFO support on WINDOWS not implemented at the moment */ + if(c->tcp_do_fastopen == 1) { + /* this form of sendmsg() does both a connect() and send() so need to + look for various flavours of error*/ + uint16_t len = htons(sldns_buffer_limit(c->buffer)); + struct msghdr msg; + struct iovec iov[2]; + c->tcp_do_fastopen = 0; + memset(&msg, 0, sizeof(msg)); + iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; + iov[1].iov_base = sldns_buffer_begin(c->buffer); + iov[1].iov_len = sldns_buffer_limit(c->buffer); + log_assert(iov[0].iov_len > 0); + log_assert(iov[1].iov_len > 0); + msg.msg_name = &c->repinfo.addr; + msg.msg_namelen = c->repinfo.addrlen; + msg.msg_iov = iov; + msg.msg_iovlen = 2; + r = sendmsg(fd, &msg, MSG_FASTOPEN); + if (r == -1) { +#if defined(EINPROGRESS) && defined(EWOULDBLOCK) + /* Handshake is underway, maybe because no TFO cookie available. + Come back to write the messsage*/ + if(errno == EINPROGRESS || errno == EWOULDBLOCK) + return 1; +#endif + if(errno == EINTR || errno == EAGAIN) + return 1; + /* Not handling EISCONN here as shouldn't ever hit that case.*/ + if(errno != 0 && verbosity < 2) + return 0; /* silence lots of chatter in the logs */ + else if(errno != 0) + log_err_addr("tcp sendmsg", strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); + return 0; + } else { + c->tcp_byte_count += r; + if(c->tcp_byte_count < sizeof(uint16_t)) + return 1; + sldns_buffer_set_position(c->buffer, c->tcp_byte_count - + sizeof(uint16_t)); + if(sldns_buffer_remaining(c->buffer) == 0) { + tcp_callback_writer(c); + return 1; + } + } + } +#endif /* USE_MSG_FASTOPEN */ + if(c->tcp_byte_count < sizeof(uint16_t)) { uint16_t len = htons(sldns_buffer_limit(c->buffer)); #ifdef HAVE_WRITEV @@ -1451,7 +1446,8 @@ if(WSAGetLastError() == WSAEINPROGRESS) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { - winsock_tcp_wouldblock(&c->ev->ev, EV_WRITE); + ub_winsock_tcp_wouldblock(c->ev->ev, + UB_EV_WRITE); return 1; } log_err_addr("tcp send s", @@ -1483,7 +1479,7 @@ if(WSAGetLastError() == WSAEINPROGRESS) return 1; if(WSAGetLastError() == WSAEWOULDBLOCK) { - winsock_tcp_wouldblock(&c->ev->ev, EV_WRITE); + ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); return 1; } log_err_addr("tcp send r", wsa_strerror(WSAGetLastError()), @@ -1505,9 +1501,9 @@ { struct comm_point* c = (struct comm_point*)arg; log_assert(c->type == comm_tcp); - comm_base_now(c->ev->base); + ub_comm_base_now(c->ev->base); - if(event&EV_READ) { + if(event&UB_EV_READ) { if(!comm_point_tcp_handle_read(fd, c, 0)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { @@ -1519,7 +1515,7 @@ } return; } - if(event&EV_WRITE) { + if(event&UB_EV_WRITE) { if(!comm_point_tcp_handle_write(fd, c)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { @@ -1531,7 +1527,7 @@ } return; } - if(event&EV_TIMEOUT) { + if(event&UB_EV_TIMEOUT) { verbose(VERB_QUERY, "tcp took too long, dropped"); reclaim_tcp_handler(c); if(!c->tcp_do_close) { @@ -1548,9 +1544,9 @@ { struct comm_point* c = (struct comm_point*)arg; log_assert(c->type == comm_local); - comm_base_now(c->ev->base); + ub_comm_base_now(c->ev->base); - if(event&EV_READ) { + if(event&UB_EV_READ) { if(!comm_point_tcp_handle_read(fd, c, 1)) { fptr_ok(fptr_whitelist_comm_point(c->callback)); (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, @@ -1567,9 +1563,9 @@ struct comm_point* c = (struct comm_point*)arg; int err = NETEVENT_NOERROR; log_assert(c->type == comm_raw); - comm_base_now(c->ev->base); + ub_comm_base_now(c->ev->base); - if(event&EV_TIMEOUT) + if(event&UB_EV_TIMEOUT) err = NETEVENT_TIMEOUT; fptr_ok(fptr_whitelist_comm_point_raw(c->callback)); (void)(*c->callback)(c, c->cb_arg, err, NULL); @@ -1606,18 +1602,22 @@ c->do_not_close = 0; c->tcp_do_toggle_rw = 0; c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif c->inuse = 0; c->callback = callback; c->cb_arg = callback_arg; - evbits = EV_READ | EV_PERSIST; - /* libevent stuff */ - event_set(&c->ev->ev, c->fd, evbits, comm_point_udp_callback, c); - if(event_base_set(base->eb->base, &c->ev->ev) != 0) { + evbits = UB_EV_READ | UB_EV_PERSIST; + /* ub_event stuff */ + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_udp_callback, c); + if(c->ev->ev == NULL) { log_err("could not baseset udp event"); comm_point_delete(c); return NULL; } - if(fd!=-1 && event_add(&c->ev->ev, c->timeout) != 0 ) { + if(fd!=-1 && ub_event_add(c->ev->ev, c->timeout) != 0 ) { log_err("could not add udp event"); comm_point_delete(c); return NULL; @@ -1658,17 +1658,21 @@ c->inuse = 0; c->tcp_do_toggle_rw = 0; c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif c->callback = callback; c->cb_arg = callback_arg; - evbits = EV_READ | EV_PERSIST; - /* libevent stuff */ - event_set(&c->ev->ev, c->fd, evbits, comm_point_udp_ancil_callback, c); - if(event_base_set(base->eb->base, &c->ev->ev) != 0) { + evbits = UB_EV_READ | UB_EV_PERSIST; + /* ub_event stuff */ + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_udp_ancil_callback, c); + if(c->ev->ev == NULL) { log_err("could not baseset udp event"); comm_point_delete(c); return NULL; } - if(fd!=-1 && event_add(&c->ev->ev, c->timeout) != 0 ) { + if(fd!=-1 && ub_event_add(c->ev->ev, c->timeout) != 0 ) { log_err("could not add udp event"); comm_point_delete(c); return NULL; @@ -1719,16 +1723,20 @@ c->do_not_close = 0; c->tcp_do_toggle_rw = 1; c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; /* add to parent free list */ c->tcp_free = parent->tcp_free; parent->tcp_free = c; - /* libevent stuff */ - evbits = EV_PERSIST | EV_READ | EV_TIMEOUT; - event_set(&c->ev->ev, c->fd, evbits, comm_point_tcp_handle_callback, c); - if(event_base_set(base->eb->base, &c->ev->ev) != 0) + /* ub_event stuff */ + evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT; + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_tcp_handle_callback, c); + if(c->ev->ev == NULL) { log_err("could not basetset tcphdl event"); parent->tcp_free = c->tcp_free; @@ -1778,19 +1786,25 @@ c->do_not_close = 0; c->tcp_do_toggle_rw = 0; c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif c->callback = NULL; c->cb_arg = NULL; - evbits = EV_READ | EV_PERSIST; - /* libevent stuff */ - event_set(&c->ev->ev, c->fd, evbits, comm_point_tcp_accept_callback, c); - if(event_base_set(base->eb->base, &c->ev->ev) != 0 || - event_add(&c->ev->ev, c->timeout) != 0 ) - { + evbits = UB_EV_READ | UB_EV_PERSIST; + /* ub_event stuff */ + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_tcp_accept_callback, c); + if(c->ev->ev == NULL) { + log_err("could not baseset tcpacc event"); + comm_point_delete(c); + return NULL; + } + if (ub_event_add(c->ev->ev, c->timeout) != 0) { log_err("could not add tcpacc event"); comm_point_delete(c); return NULL; } - /* now prealloc the tcp handlers */ for(i=0; itcp_handlers[i] = comm_point_create_tcp_handler(base, @@ -1840,14 +1854,18 @@ c->do_not_close = 0; c->tcp_do_toggle_rw = 1; c->tcp_check_nb_connect = 1; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 1; +#endif c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; - evbits = EV_PERSIST | EV_WRITE; - event_set(&c->ev->ev, c->fd, evbits, comm_point_tcp_handle_callback, c); - if(event_base_set(base->eb->base, &c->ev->ev) != 0) + evbits = UB_EV_PERSIST | UB_EV_WRITE; + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_tcp_handle_callback, c); + if(c->ev->ev == NULL) { - log_err("could not basetset tcpout event"); + log_err("could not baseset tcpout event"); sldns_buffer_free(c->buffer); free(c->ev); free(c); @@ -1893,16 +1911,24 @@ c->do_not_close = 1; c->tcp_do_toggle_rw = 0; c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif c->callback = callback; c->cb_arg = callback_arg; - /* libevent stuff */ - evbits = EV_PERSIST | EV_READ; - event_set(&c->ev->ev, c->fd, evbits, comm_point_local_handle_callback, - c); - if(event_base_set(base->eb->base, &c->ev->ev) != 0 || - event_add(&c->ev->ev, c->timeout) != 0 ) - { + /* ub_event stuff */ + evbits = UB_EV_PERSIST | UB_EV_READ; + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_local_handle_callback, c); + if(c->ev->ev == NULL) { + log_err("could not baseset localhdl event"); + free(c->ev); + free(c); + return NULL; + } + if (ub_event_add(c->ev->ev, c->timeout) != 0) { log_err("could not add localhdl event"); + ub_event_free(c->ev->ev); free(c->ev); free(c); return NULL; @@ -1941,18 +1967,26 @@ c->do_not_close = 1; c->tcp_do_toggle_rw = 0; c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif c->callback = callback; c->cb_arg = callback_arg; - /* libevent stuff */ + /* ub_event stuff */ if(writing) - evbits = EV_PERSIST | EV_WRITE; - else evbits = EV_PERSIST | EV_READ; - event_set(&c->ev->ev, c->fd, evbits, comm_point_raw_handle_callback, - c); - if(event_base_set(base->eb->base, &c->ev->ev) != 0 || - event_add(&c->ev->ev, c->timeout) != 0 ) - { + evbits = UB_EV_PERSIST | UB_EV_WRITE; + else evbits = UB_EV_PERSIST | UB_EV_READ; + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_raw_handle_callback, c); + if(c->ev->ev == NULL) { + log_err("could not baseset rawhdl event"); + free(c->ev); + free(c); + return NULL; + } + if (ub_event_add(c->ev->ev, c->timeout) != 0) { log_err("could not add rawhdl event"); + ub_event_free(c->ev->ev); free(c->ev); free(c); return NULL; @@ -1966,7 +2000,7 @@ if(!c) return; if(c->fd != -1) - if(event_del(&c->ev->ev) != 0) { + if(ub_event_del(c->ev->ev) != 0) { log_err("could not event_del on close"); } /* close fd after removing from event lists, or epoll.. is messed up */ @@ -2002,6 +2036,7 @@ free(c->timeout); if(c->type == comm_tcp || c->type == comm_local) sldns_buffer_free(c->buffer); + ub_event_free(c->ev->ev); free(c->ev); free(c); } @@ -2031,7 +2066,8 @@ dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, &repinfo->addr, repinfo->c->type, repinfo->c->buffer); #endif - comm_point_start_listening(repinfo->c, -1, TCP_QUERY_TIMEOUT); + comm_point_start_listening(repinfo->c, -1, + repinfo->c->tcp_timeout_msec); } } @@ -2051,13 +2087,13 @@ comm_point_stop_listening(struct comm_point* c) { verbose(VERB_ALGO, "comm point stop listening %d", c->fd); - if(event_del(&c->ev->ev) != 0) { + if(ub_event_del(c->ev->ev) != 0) { log_err("event_del error to stoplisten"); } } void -comm_point_start_listening(struct comm_point* c, int newfd, int sec) +comm_point_start_listening(struct comm_point* c, int newfd, int msec) { verbose(VERB_ALGO, "comm point start listening %d", c->fd==-1?newfd:c->fd); @@ -2065,7 +2101,7 @@ /* no use to start listening no free slots. */ return; } - if(sec != -1 && sec != 0) { + if(msec != -1 && msec != 0) { if(!c->timeout) { c->timeout = (struct timeval*)malloc(sizeof( struct timeval)); @@ -2074,17 +2110,17 @@ return; } } - c->ev->ev.ev_events |= EV_TIMEOUT; + ub_event_add_bits(c->ev->ev, UB_EV_TIMEOUT); #ifndef S_SPLINT_S /* splint fails on struct timeval. */ - c->timeout->tv_sec = sec; - c->timeout->tv_usec = 0; + c->timeout->tv_sec = msec/1000; + c->timeout->tv_usec = (msec%1000)*1000; #endif /* S_SPLINT_S */ } if(c->type == comm_tcp) { - c->ev->ev.ev_events &= ~(EV_READ|EV_WRITE); + ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); if(c->tcp_is_reading) - c->ev->ev.ev_events |= EV_READ; - else c->ev->ev.ev_events |= EV_WRITE; + ub_event_add_bits(c->ev->ev, UB_EV_READ); + else ub_event_add_bits(c->ev->ev, UB_EV_WRITE); } if(newfd != -1) { if(c->fd != -1) { @@ -2095,9 +2131,9 @@ #endif } c->fd = newfd; - c->ev->ev.ev_fd = c->fd; + ub_event_set_fd(c->ev->ev, c->fd); } - if(event_add(&c->ev->ev, sec==0?NULL:c->timeout) != 0) { + if(ub_event_add(c->ev->ev, msec==0?NULL:c->timeout) != 0) { log_err("event_add failed. in cpsl."); } } @@ -2105,13 +2141,13 @@ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) { verbose(VERB_ALGO, "comm point listen_for_rw %d %d", c->fd, wr); - if(event_del(&c->ev->ev) != 0) { + if(ub_event_del(c->ev->ev) != 0) { log_err("event_del error to cplf"); } - c->ev->ev.ev_events &= ~(EV_READ|EV_WRITE); - if(rd) c->ev->ev.ev_events |= EV_READ; - if(wr) c->ev->ev.ev_events |= EV_WRITE; - if(event_add(&c->ev->ev, c->timeout) != 0) { + ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); + if(rd) ub_event_add_bits(c->ev->ev, UB_EV_READ); + if(wr) ub_event_add_bits(c->ev->ev, UB_EV_WRITE); + if(ub_event_add(c->ev->ev, c->timeout) != 0) { log_err("event_add failed. in cplf."); } } @@ -2137,29 +2173,24 @@ struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) { - struct comm_timer *tm = (struct comm_timer*)calloc(1, - sizeof(struct comm_timer)); - if(!tm) - return NULL; - tm->ev_timer = (struct internal_timer*)calloc(1, + struct internal_timer *tm = (struct internal_timer*)calloc(1, sizeof(struct internal_timer)); - if(!tm->ev_timer) { + if(!tm) { log_err("malloc failed"); - free(tm); return NULL; } - tm->ev_timer->base = base; - tm->callback = cb; - tm->cb_arg = cb_arg; - event_set(&tm->ev_timer->ev, -1, EV_TIMEOUT, - comm_timer_callback, tm); - if(event_base_set(base->eb->base, &tm->ev_timer->ev) != 0) { + tm->super.ev_timer = tm; + tm->base = base; + tm->super.callback = cb; + tm->super.cb_arg = cb_arg; + tm->ev = ub_event_new(base->eb->base, -1, UB_EV_TIMEOUT, + comm_timer_callback, &tm->super); + if(tm->ev == NULL) { log_err("timer_create: event_base_set failed."); - free(tm->ev_timer); free(tm); return NULL; } - return tm; + return &tm->super; } void @@ -2167,7 +2198,7 @@ { if(!timer) return; - evtimer_del(&timer->ev_timer->ev); + ub_timer_del(timer->ev_timer->ev); timer->ev_timer->enabled = 0; } @@ -2177,12 +2208,8 @@ log_assert(tv); if(timer->ev_timer->enabled) comm_timer_disable(timer); - event_set(&timer->ev_timer->ev, -1, EV_TIMEOUT, - comm_timer_callback, timer); - if(event_base_set(timer->ev_timer->base->eb->base, - &timer->ev_timer->ev) != 0) - log_err("comm_timer_set: set_base failed."); - if(evtimer_add(&timer->ev_timer->ev, tv) != 0) + if(ub_timer_add(timer->ev_timer->ev, timer->ev_timer->base->eb->base, + comm_timer_callback, timer, tv) != 0) log_err("comm_timer_set: evtimer_add failed."); timer->ev_timer->enabled = 1; } @@ -2193,17 +2220,20 @@ if(!timer) return; comm_timer_disable(timer); + /* Free the sub struct timer->ev_timer derived from the super struct timer. + * i.e. assert(timer == timer->ev_timer) + */ + ub_event_free(timer->ev_timer->ev); free(timer->ev_timer); - free(timer); } void comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) { struct comm_timer* tm = (struct comm_timer*)arg; - if(!(event&EV_TIMEOUT)) + if(!(event&UB_EV_TIMEOUT)) return; - comm_base_now(tm->ev_timer->base); + ub_comm_base_now(tm->ev_timer->base); tm->ev_timer->enabled = 0; fptr_ok(fptr_whitelist_comm_timer(tm->callback)); (*tm->callback)(tm->cb_arg); @@ -2216,9 +2246,9 @@ } size_t -comm_timer_get_mem(struct comm_timer* timer) +comm_timer_get_mem(struct comm_timer* ATTR_UNUSED(timer)) { - return sizeof(*timer) + sizeof(struct internal_timer); + return sizeof(struct internal_timer); } struct comm_signal* @@ -2242,9 +2272,9 @@ comm_signal_callback(int sig, short event, void* arg) { struct comm_signal* comsig = (struct comm_signal*)arg; - if(!(event & EV_SIGNAL)) + if(!(event & UB_EV_SIGNAL)) return; - comm_base_now(comsig->base); + ub_comm_base_now(comsig->base); fptr_ok(fptr_whitelist_comm_signal(comsig->callback)); (*comsig->callback)(sig, comsig->cb_arg); } @@ -2260,14 +2290,16 @@ } log_assert(comsig); /* add signal event */ - signal_set(&entry->ev, sig, comm_signal_callback, comsig); - if(event_base_set(comsig->base->eb->base, &entry->ev) != 0) { - log_err("Could not set signal base"); + entry->ev = ub_signal_new(comsig->base->eb->base, sig, + comm_signal_callback, comsig); + if(entry->ev == NULL) { + log_err("Could not create signal event"); free(entry); return 0; } - if(signal_add(&entry->ev, NULL) != 0) { + if(ub_signal_add(entry->ev, NULL) != 0) { log_err("Could not add signal handler"); + ub_event_free(entry->ev); free(entry); return 0; } @@ -2286,7 +2318,8 @@ p=comsig->ev_signal; while(p) { np = p->next; - signal_del(&p->ev); + ub_signal_del(p->ev); + ub_event_free(p->ev); free(p); p = np; } diff -Nru unbound-1.5.8/util/netevent.h unbound-1.6.0/util/netevent.h --- unbound-1.5.8/util/netevent.h 2015-03-05 15:23:14.000000000 +0000 +++ unbound-1.6.0/util/netevent.h 2016-07-14 07:06:34.000000000 +0000 @@ -63,12 +63,12 @@ struct sldns_buffer; struct comm_point; struct comm_reply; -struct event_base; +struct ub_event_base; /* internal event notification data storage structure. */ struct internal_event; struct internal_base; -struct internal_timer; +struct internal_timer; /* A sub struct of the comm_timer super struct */ /** callback from communication point function type */ typedef int comm_point_callback_t(struct comm_point*, void*, int, @@ -225,9 +225,17 @@ So that when that is done the callback is called. */ int tcp_do_toggle_rw; + /** timeout in msec for TCP wait times for this connection */ + int tcp_timeout_msec; + /** if set, checks for pending error from nonblocking connect() call.*/ int tcp_check_nb_connect; +#ifdef USE_MSG_FASTOPEN + /** used to track if the sendto() call should be done when using TFO. */ + int tcp_do_fastopen; +#endif + /** number of queries outstanding on this socket, used by * outside network for udp ports */ int inuse; @@ -265,7 +273,7 @@ * Structure only for making timeout events. */ struct comm_timer { - /** the internal event stuff */ + /** the internal event stuff (derived) */ struct internal_timer* ev_timer; /** callback function, takes user arg only */ @@ -301,12 +309,12 @@ struct comm_base* comm_base_create(int sigs); /** - * Create comm base that uses the given event_base (underlying event - * mechanism pointer). - * @param base: underlying lib event base. + * Create comm base that uses the given ub_event_base (underlying pluggable + * event mechanism pointer). + * @param base: underlying pluggable event base. * @return: the new comm base. NULL on error. */ -struct comm_base* comm_base_create_event(struct event_base* base); +struct comm_base* comm_base_create_event(struct ub_event_base* base); /** * Delete comm base structure but not the underlying lib event base. @@ -357,9 +365,9 @@ /** * Access internal data structure (for util/tube.c on windows) * @param b: comm base - * @return event_base. Could be libevent, or internal event handler. + * @return ub_event_base. */ -struct event_base* comm_base_internal(struct comm_base* b); +struct ub_event_base* comm_base_internal(struct comm_base* b); /** * Create an UDP comm point. Calls malloc. @@ -496,9 +504,10 @@ * Start listening again for input on the comm point. * @param c: commpoint to enable again. * @param newfd: new fd, or -1 to leave fd be. - * @param sec: timeout in seconds, or -1 for no (change to the) timeout. + * @param msec: timeout in milliseconds, or -1 for no (change to the) timeout. + * So seconds*1000. */ -void comm_point_start_listening(struct comm_point* c, int newfd, int sec); +void comm_point_start_listening(struct comm_point* c, int newfd, int msec); /** * Stop listening and start listening again for reading or writing. diff -Nru unbound-1.5.8/util/net_help.c unbound-1.6.0/util/net_help.c --- unbound-1.5.8/util/net_help.c 2015-10-29 08:32:58.000000000 +0000 +++ unbound-1.6.0/util/net_help.c 2016-09-01 12:23:59.000000000 +0000 @@ -783,7 +783,7 @@ #endif } -#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L /** global lock list for openssl locks */ static lock_basic_t *ub_openssl_locks = NULL; @@ -808,7 +808,7 @@ int ub_openssl_lock_init(void) { -#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L int i; ub_openssl_locks = (lock_basic_t*)reallocarray( NULL, (size_t)CRYPTO_num_locks(), sizeof(lock_basic_t)); @@ -825,7 +825,7 @@ void ub_openssl_lock_delete(void) { -#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L int i; if(!ub_openssl_locks) return; diff -Nru unbound-1.5.8/util/storage/dnstree.c unbound-1.6.0/util/storage/dnstree.c --- unbound-1.5.8/util/storage/dnstree.c 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/util/storage/dnstree.c 2016-06-06 08:33:59.000000000 +0000 @@ -231,6 +231,19 @@ return result; } +struct addr_tree_node* addr_tree_find(rbtree_t* tree, + struct sockaddr_storage* addr, socklen_t addrlen, int net) +{ + rbnode_t* res = NULL; + struct addr_tree_node key; + key.node.key = &key; + memcpy(&key.addr, addr, addrlen); + key.addrlen = addrlen; + key.net = net; + res = rbtree_search(tree, &key); + return (struct addr_tree_node*)res; +} + int name_tree_next_root(rbtree_t* tree, uint16_t* dclass) { diff -Nru unbound-1.5.8/util/storage/dnstree.h unbound-1.6.0/util/storage/dnstree.h --- unbound-1.5.8/util/storage/dnstree.h 2014-02-07 13:28:39.000000000 +0000 +++ unbound-1.6.0/util/storage/dnstree.h 2016-06-06 08:44:10.000000000 +0000 @@ -183,6 +183,17 @@ struct addr_tree_node* addr_tree_lookup(rbtree_t* tree, struct sockaddr_storage* addr, socklen_t addrlen); +/** + * Find element in addr tree. (search a netblock, not a match for an address) + * @param tree: addr tree + * @param addr: netblock to lookup. + * @param addrlen: length of addr + * @param net: size of subnet + * @return addr tree element, or NULL if not found. + */ +struct addr_tree_node* addr_tree_find(rbtree_t* tree, + struct sockaddr_storage* addr, socklen_t addrlen, int net); + /** compare name tree nodes */ int name_tree_compare(const void* k1, const void* k2); diff -Nru unbound-1.5.8/util/storage/lookup3.c unbound-1.6.0/util/storage/lookup3.c --- unbound-1.5.8/util/storage/lookup3.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/util/storage/lookup3.c 2016-09-05 07:23:23.000000000 +0000 @@ -820,7 +820,7 @@ #ifdef SELF_TEST /* used for timings */ -void driver1() +void driver1(void) { uint8_t buf[256]; uint32_t i; @@ -842,7 +842,7 @@ #define HASHLEN 1 #define MAXPAIR 60 #define MAXLEN 70 -void driver2() +void driver2(void) { uint8_t qa[MAXLEN+1], qb[MAXLEN+2], *a = &qa[0], *b = &qb[1]; uint32_t c[HASHSTATE], d[HASHSTATE], i=0, j=0, k, l, m=0, z; @@ -912,7 +912,7 @@ } /* Check for reading beyond the end of the buffer and alignment problems */ -void driver3() +void driver3(void) { uint8_t buf[MAXLEN+20], *b; uint32_t len; @@ -1003,7 +1003,7 @@ } /* check for problems with nulls */ - void driver4() + void driver4(void) { uint8_t buf[1]; uint32_t h,i,state[HASHSTATE]; @@ -1020,7 +1020,7 @@ } -int main() +int main(void) { driver1(); /* test that the key is hashed: used for timings */ driver2(); /* test that whole key is hashed thoroughly */ diff -Nru unbound-1.5.8/util/tube.c unbound-1.6.0/util/tube.c --- unbound-1.5.8/util/tube.c 2015-12-11 10:26:15.000000000 +0000 +++ unbound-1.6.0/util/tube.c 2016-06-02 09:34:43.000000000 +0000 @@ -44,6 +44,7 @@ #include "util/net_help.h" #include "util/netevent.h" #include "util/fptr_wlist.h" +#include "util/ub_event.h" #ifndef USE_WINSOCK /* on unix */ @@ -303,6 +304,8 @@ d = r; while(d != (ssize_t)sizeof(len)) { if((r=write(fd, ((char*)&len)+d, sizeof(len)-d)) == -1) { + if(errno == EAGAIN) + continue; /* temporarily unavail: try again*/ log_err("tube msg write failed: %s", strerror(errno)); (void)fd_set_nonblock(fd); return 0; @@ -312,6 +315,8 @@ d = 0; while(d != (ssize_t)len) { if((r=write(fd, buf+d, len-d)) == -1) { + if(errno == EAGAIN) + continue; /* temporarily unavail: try again*/ log_err("tube msg write failed: %s", strerror(errno)); (void)fd_set_nonblock(fd); return 0; @@ -537,7 +542,7 @@ void tube_remove_bg_listen(struct tube* tube) { verbose(VERB_ALGO, "tube remove_bg_listen"); - winsock_unregister_wsaevent(&tube->ev_listen); + ub_winsock_unregister_wsaevent(tube->ev_listen); } void tube_remove_bg_write(struct tube* tube) @@ -668,8 +673,9 @@ tube->listen_arg = arg; if(!comm_base_internal(base)) return 1; /* ignore when no comm base - testing */ - return winsock_register_wsaevent(comm_base_internal(base), - &tube->ev_listen, tube->event, &tube_handle_signal, tube); + tube->ev_listen = ub_winsock_register_wsaevent( + comm_base_internal(base), tube->event, &tube_handle_signal, tube); + return tube->ev_listen ? 1 : 0; } int tube_setup_bg_write(struct tube* ATTR_UNUSED(tube), diff -Nru unbound-1.5.8/util/tube.h unbound-1.6.0/util/tube.h --- unbound-1.5.8/util/tube.h 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/util/tube.h 2016-03-09 15:34:21.000000000 +0000 @@ -48,7 +48,6 @@ struct tube_res_list; #ifdef USE_WINSOCK #include "util/locks.h" -#include "util/winsock_event.h" #endif /** @@ -99,7 +98,7 @@ /** the windows sockets event (signaled if items in pipe) */ WSAEVENT event; /** winsock event storage when registered with event base */ - struct event ev_listen; + struct ub_event* ev_listen; /** lock on the list of outstanding items */ lock_basic_t res_lock; diff -Nru unbound-1.5.8/util/ub_event.c unbound-1.6.0/util/ub_event.c --- unbound-1.5.8/util/ub_event.c 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/util/ub_event.c 2016-09-05 07:23:23.000000000 +0000 @@ -0,0 +1,444 @@ +/* + * util/ub_event.c - directly call libevent (compatability) functions + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains and implementation for the indirection layer for pluggable + * events that transparently passes it either directly to libevent, or calls + * the libevent compatibility layer functions. + */ +#include "config.h" +#include +#include "util/ub_event.h" +#include "util/log.h" +#include "util/netevent.h" +#include "util/tube.h" + +/* We define libevent structures here to hide the libevent stuff. */ + +#ifdef USE_MINI_EVENT +# ifdef USE_WINSOCK +# include "util/winsock_event.h" +# else +# include "util/mini_event.h" +# endif /* USE_WINSOCK */ +#else /* USE_MINI_EVENT */ + /* we use libevent */ +# ifdef HAVE_EVENT_H +# include +# else +# include "event2/event.h" +# include "event2/event_struct.h" +# include "event2/event_compat.h" +# endif +#endif /* USE_MINI_EVENT */ + +#if UB_EV_TIMEOUT != EV_TIMEOUT || UB_EV_READ != EV_READ || \ + UB_EV_WRITE != EV_WRITE || UB_EV_SIGNAL != EV_SIGNAL || \ + UB_EV_PERSIST != EV_PERSIST +/* Only necessary for libev */ +# define NATIVE_BITS(b) ( \ + (((b) & UB_EV_TIMEOUT) ? EV_TIMEOUT : 0) \ + | (((b) & UB_EV_READ ) ? EV_READ : 0) \ + | (((b) & UB_EV_WRITE ) ? EV_WRITE : 0) \ + | (((b) & UB_EV_SIGNAL ) ? EV_SIGNAL : 0) \ + | (((b) & UB_EV_PERSIST) ? EV_PERSIST : 0)) + +# define UB_EV_BITS(b) ( \ + (((b) & EV_TIMEOUT) ? UB_EV_TIMEOUT : 0) \ + | (((b) & EV_READ ) ? UB_EV_READ : 0) \ + | (((b) & EV_WRITE ) ? UB_EV_WRITE : 0) \ + | (((b) & EV_SIGNAL ) ? UB_EV_SIGNAL : 0) \ + | (((b) & EV_PERSIST) ? UB_EV_PERSIST : 0)) + +# define UB_EV_BITS_CB(C) void my_ ## C (int fd, short bits, void *arg) \ + { (C)(fd, UB_EV_BITS(bits), arg); } + +UB_EV_BITS_CB(comm_point_udp_callback); +UB_EV_BITS_CB(comm_point_udp_ancil_callback) +UB_EV_BITS_CB(comm_point_tcp_accept_callback) +UB_EV_BITS_CB(comm_point_tcp_handle_callback) +UB_EV_BITS_CB(comm_timer_callback) +UB_EV_BITS_CB(comm_signal_callback) +UB_EV_BITS_CB(comm_point_local_handle_callback) +UB_EV_BITS_CB(comm_point_raw_handle_callback) +UB_EV_BITS_CB(tube_handle_signal) +UB_EV_BITS_CB(comm_base_handle_slow_accept) + +static void (*NATIVE_BITS_CB(void (*cb)(int, short, void*)))(int, short, void*) +{ + if(cb == comm_point_udp_callback) + return my_comm_point_udp_callback; + else if(cb == comm_point_udp_ancil_callback) + return my_comm_point_udp_ancil_callback; + else if(cb == comm_point_tcp_accept_callback) + return my_comm_point_tcp_accept_callback; + else if(cb == comm_point_tcp_handle_callback) + return my_comm_point_tcp_handle_callback; + else if(cb == comm_timer_callback) + return my_comm_timer_callback; + else if(cb == comm_signal_callback) + return my_comm_signal_callback; + else if(cb == comm_point_local_handle_callback) + return my_comm_point_local_handle_callback; + else if(cb == comm_point_raw_handle_callback) + return my_comm_point_raw_handle_callback; + else if(cb == tube_handle_signal) + return my_tube_handle_signal; + else if(cb == comm_base_handle_slow_accept) + return my_comm_base_handle_slow_accept; + else + return NULL; +} +#else +# define NATIVE_BITS(b) (b) +# define NATIVE_BITS_CB(c) (c) +#endif + +#ifndef EVFLAG_AUTO +#define EVFLAG_AUTO 0 +#endif + +#define AS_EVENT_BASE(x) ((struct event_base*)x) +#define AS_UB_EVENT_BASE(x) ((struct ub_event_base*)x) +#define AS_EVENT(x) ((struct event*)x) +#define AS_UB_EVENT(x) ((struct ub_event*)x) + +const char* ub_event_get_version(void) +{ + return event_get_version(); +} + +#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EVBACKEND_SELECT) +static const char* ub_ev_backend2str(int b) +{ + switch(b) { + case EVBACKEND_SELECT: return "select"; + case EVBACKEND_POLL: return "poll"; + case EVBACKEND_EPOLL: return "epoll"; + case EVBACKEND_KQUEUE: return "kqueue"; + case EVBACKEND_DEVPOLL: return "devpoll"; + case EVBACKEND_PORT: return "evport"; + } + return "unknown"; +} +#endif + +void +ub_get_event_sys(struct ub_event_base* base, const char** n, const char** s, + const char** m) +{ +#ifdef USE_WINSOCK + (void)base; + *n = "event"; + *s = "winsock"; + *m = "WSAWaitForMultipleEvents"; +#elif defined(USE_MINI_EVENT) + (void)base; + *n = "mini-event"; + *s = "internal"; + *m = "select"; +#else + struct event_base* b = AS_EVENT_BASE(base); + *s = event_get_version(); +# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) + *n = "libev"; + if (!b) + b = (struct event_base*)ev_default_loop(EVFLAG_AUTO); +# ifdef EVBACKEND_SELECT + *m = ub_ev_backend2str(ev_backend((struct ev_loop*)b)); +# else + *m = "not obtainable"; +# endif +# elif defined(HAVE_EVENT_BASE_GET_METHOD) + *n = "libevent"; + if (!b) + b = event_base_new(); + *m = event_base_get_method(b); +# else + *n = "unknown"; + *m = "not obtainable"; + (void)b; +# endif +# ifdef HAVE_EVENT_BASE_FREE + if (b && b != AS_EVENT_BASE(base)) + event_base_free(b); +# endif +#endif +} + +struct ub_event_base* +ub_default_event_base(int sigs, time_t* time_secs, struct timeval* time_tv) +{ + void* base; + + (void)base; +#ifdef USE_MINI_EVENT + (void)sigs; + /* use mini event time-sharing feature */ + base = event_init(time_secs, time_tv); +#else + (void)time_secs; + (void)time_tv; +# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) + /* libev */ + if(sigs) + base = ev_default_loop(EVFLAG_AUTO); + else + base = ev_loop_new(EVFLAG_AUTO); +# else + (void)sigs; +# ifdef HAVE_EVENT_BASE_NEW + base = event_base_new(); +# else + base = event_init(); +# endif +# endif +#endif + return (struct ub_event_base*)base; +} + +struct ub_event_base * +ub_libevent_event_base(struct event_base* libevent_base) +{ +#ifdef USE_MINI_EVENT + (void)libevent_base; + return NULL; +#else + return AS_UB_EVENT_BASE(libevent_base); +#endif +} + +struct event_base * +ub_libevent_get_event_base(struct ub_event_base* base) +{ +#ifdef USE_MINI_EVENT + (void)base; + return NULL; +#else + return AS_EVENT_BASE(base); +#endif +} + +void +ub_event_base_free(struct ub_event_base* base) +{ +#ifdef USE_MINI_EVENT + event_base_free(AS_EVENT_BASE(base)); +#elif defined(HAVE_EVENT_BASE_FREE) && defined(HAVE_EVENT_BASE_ONCE) + /* only libevent 1.2+ has it, but in 1.2 it is broken - + assertion fails on signal handling ev that is not deleted + in libevent 1.3c (event_base_once appears) this is fixed. */ + event_base_free(AS_EVENT_BASE(base)); +#else + (void)base; +#endif /* HAVE_EVENT_BASE_FREE and HAVE_EVENT_BASE_ONCE */ +} + +int +ub_event_base_dispatch(struct ub_event_base* base) +{ + return event_base_dispatch(AS_EVENT_BASE(base)); +} + +int +ub_event_base_loopexit(struct ub_event_base* base) +{ + return event_base_loopexit(AS_EVENT_BASE(base), NULL); +} + +struct ub_event* +ub_event_new(struct ub_event_base* base, int fd, short bits, + void (*cb)(int, short, void*), void* arg) +{ + struct event *ev = (struct event*)calloc(1, sizeof(struct event)); + + if (!ev) + return NULL; + + event_set(ev, fd, NATIVE_BITS(bits), NATIVE_BITS_CB(cb), arg); + if (event_base_set(AS_EVENT_BASE(base), ev) != 0) { + free(ev); + return NULL; + } + return AS_UB_EVENT(ev); +} + +struct ub_event* +ub_signal_new(struct ub_event_base* base, int fd, + void (*cb)(int, short, void*), void* arg) +{ + struct event *ev = (struct event*)calloc(1, sizeof(struct event)); + + if (!ev) + return NULL; + + signal_set(ev, fd, NATIVE_BITS_CB(cb), arg); + if (event_base_set(AS_EVENT_BASE(base), ev) != 0) { + free(ev); + return NULL; + } + return AS_UB_EVENT(ev); +} + +struct ub_event* +ub_winsock_register_wsaevent(struct ub_event_base* base, void* wsaevent, + void (*cb)(int, short, void*), void* arg) +{ +#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) + struct event *ev = (struct event*)calloc(1, sizeof(struct event)); + + if (!ev) + return NULL; + + if (winsock_register_wsaevent(AS_EVENT_BASE(base), ev, wsaevent, cb, + arg)) + return AS_UB_EVENT(ev); + free(ev); + return NULL; +#else + (void)base; + (void)wsaevent; + (void)cb; + (void)arg; + return NULL; +#endif +} + +void +ub_event_add_bits(struct ub_event* ev, short bits) +{ + AS_EVENT(ev)->ev_events |= NATIVE_BITS(bits); +} + +void +ub_event_del_bits(struct ub_event* ev, short bits) +{ + AS_EVENT(ev)->ev_events &= ~NATIVE_BITS(bits); +} + +void +ub_event_set_fd(struct ub_event* ev, int fd) +{ + AS_EVENT(ev)->ev_fd = fd; +} + +void +ub_event_free(struct ub_event* ev) +{ + if (ev) + free(AS_EVENT(ev)); +} + +int +ub_event_add(struct ub_event* ev, struct timeval* tv) +{ + return event_add(AS_EVENT(ev), tv); +} + +int +ub_event_del(struct ub_event* ev) +{ + return event_del(AS_EVENT(ev)); +} + +int +ub_timer_add(struct ub_event* ev, struct ub_event_base* base, + void (*cb)(int, short, void*), void* arg, struct timeval* tv) +{ + event_set(AS_EVENT(ev), -1, EV_TIMEOUT, NATIVE_BITS_CB(cb), arg); + if (event_base_set(AS_EVENT_BASE(base), AS_EVENT(ev)) != 0) + return -1; + return evtimer_add(AS_EVENT(ev), tv); +} + +int +ub_timer_del(struct ub_event* ev) +{ + return evtimer_del(AS_EVENT(ev)); +} + +int +ub_signal_add(struct ub_event* ev, struct timeval* tv) +{ + return signal_add(AS_EVENT(ev), tv); +} + +int +ub_signal_del(struct ub_event* ev) +{ + return signal_del(AS_EVENT(ev)); +} + +void +ub_winsock_unregister_wsaevent(struct ub_event* ev) +{ +#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) + winsock_unregister_wsaevent(AS_EVENT(ev)); + free(AS_EVENT(ev)); +#else + (void)ev; +#endif +} + +void +ub_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) +{ +#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) + winsock_tcp_wouldblock(AS_EVENT(ev), NATIVE_BITS(eventbits)); +#else + (void)ev; + (void)eventbits; +#endif +} + +void ub_comm_base_now(struct comm_base* cb) +{ + #ifdef USE_MINI_EVENT +/** minievent updates the time when it blocks. */ + (void)cb; /* nothing to do */ +#else /* !USE_MINI_EVENT */ +/** fillup the time values in the event base */ + time_t *tt; + struct timeval *tv; + comm_base_timept(cb, &tt, &tv); + if(gettimeofday(tv, NULL) < 0) { + log_err("gettimeofday: %s", strerror(errno)); + } + *tt = tv->tv_sec; +#endif /* USE_MINI_EVENT */ +} + diff -Nru unbound-1.5.8/util/ub_event.h unbound-1.6.0/util/ub_event.h --- unbound-1.5.8/util/ub_event.h 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/util/ub_event.h 2016-09-05 07:23:23.000000000 +0000 @@ -0,0 +1,127 @@ +/* + * util/ub_event.h - indirection layer for pluggable events + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains prototypes for event loop functions. + * + */ + +#ifndef UB_EVENT_H +#define UB_EVENT_H + +struct ub_event_base; +struct ub_event; +struct comm_base; +struct event_base; + +/** event timeout */ +#define UB_EV_TIMEOUT 0x01 +/** event fd readable */ +#define UB_EV_READ 0x02 +/** event fd writable */ +#define UB_EV_WRITE 0x04 +/** event signal */ +#define UB_EV_SIGNAL 0x08 +/** event must persist */ +#define UB_EV_PERSIST 0x10 + +/** Returns event-base type. Could be "mini-event", "winsock-event" for the + * daemon compile, and will be "pluggable-event" for + * libunbound. + */ +const char* ub_event_get_version(void); +/** Return the name, system and method for the pluggable event base */ +void ub_get_event_sys(struct ub_event_base*, const char** n, const char** s, + const char** m); +/** Return a default event base. In the deamon thess will be the only event + * bases used. + */ +struct ub_event_base* ub_default_event_base(int, time_t*, struct timeval*); +/** Return an ub_event_base constructed for the given libevent event base */ +struct ub_event_base* ub_libevent_event_base(struct event_base*); +/** Return the libevent base underlying the given ub_event_base. Will return + * NULL when the ub_event_base does not have an underlying libevent event base + */ +struct event_base* ub_libevent_get_event_base(struct ub_event_base*); +/** Free event base. Free events yourself */ +void ub_event_base_free(struct ub_event_base*); +/** Run the event base */ +int ub_event_base_dispatch(struct ub_event_base*); +/** exit that loop */ +int ub_event_base_loopexit(struct ub_event_base*); + +/** Create a new ub_event for the event base */ +struct ub_event* ub_event_new(struct ub_event_base*, + int fd, short bits, void (*cb)(int, short, void*), void* arg); +/** Create a new ub_event signal for the event base */ +struct ub_event* ub_signal_new(struct ub_event_base*, int fd, + void (*cb)(int, short, void*), void* arg); +/** Create a new ub_event associated with the wsaevent for the event base */ +struct ub_event* ub_winsock_register_wsaevent(struct ub_event_base*, + void* wsaevent, void (*cb)(int, short, void*), void* arg); + +/** Add event bits for this event to fire on */ +void ub_event_add_bits(struct ub_event*, short bits); + /** Configure the event so it will not longer fire on given bits */ +void ub_event_del_bits(struct ub_event*, short bits); +/** Change or set the file descriptor on the event */ +void ub_event_set_fd(struct ub_event*, int fd); +/** free the event */ +void ub_event_free(struct ub_event*); +/** Activate the event. The given timeval is an timeout value. */ +int ub_event_add(struct ub_event*, struct timeval*); +/** Deactivate the event */ +int ub_event_del(struct ub_event*); +/** Reconfigure and activate a timeout event */ +int ub_timer_add(struct ub_event*, struct ub_event_base*, + void (*cb)(int, short, void*), void* arg, struct timeval*); +/** Deactivate the timeout event */ +int ub_timer_del(struct ub_event*); +/** Activate a signal event */ +int ub_signal_add(struct ub_event*, struct timeval*); +/** Deactivate a signal event */ +int ub_signal_del(struct ub_event*); +/** Free a with a wsaevent associated event */ +void ub_winsock_unregister_wsaevent(struct ub_event* ev); +/** Signal the eventloop when a TCP windows socket will block on next read + * or write (given by the eventbits) + */ +void ub_winsock_tcp_wouldblock(struct ub_event*, int bits); +/** Equip the comm_base with the current time */ +void ub_comm_base_now(struct comm_base* cb); + +#endif /* UB_EVENT_H */ diff -Nru unbound-1.5.8/util/ub_event_pluggable.c unbound-1.6.0/util/ub_event_pluggable.c --- unbound-1.5.8/util/ub_event_pluggable.c 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.6.0/util/ub_event_pluggable.c 2016-09-05 07:23:23.000000000 +0000 @@ -0,0 +1,692 @@ +/* + * util/ub_event_pluggable.c - call registered pluggable event functions + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains an implementation for the indirection layer for pluggable + * events that calls the registered pluggable event loop. It also defines a + * default pluggable event loop based on the default libevent (compatibility) + * functions. + */ +#include "config.h" +#include +#include "util/ub_event.h" +#include "libunbound/unbound-event.h" +#include "util/netevent.h" +#include "util/log.h" +#include "util/fptr_wlist.h" + +/* We define libevent structures here to hide the libevent stuff. */ + +#ifdef USE_MINI_EVENT +# ifdef USE_WINSOCK +# include "util/winsock_event.h" +# else +# include "util/mini_event.h" +# endif /* USE_WINSOCK */ +#else /* USE_MINI_EVENT */ + /* we use libevent */ +# ifdef HAVE_EVENT_H +# include +# else +# include "event2/event.h" +# include "event2/event_struct.h" +# include "event2/event_compat.h" +# endif +#endif /* USE_MINI_EVENT */ + +#if UB_EV_TIMEOUT != EV_TIMEOUT || UB_EV_READ != EV_READ || \ + UB_EV_WRITE != EV_WRITE || UB_EV_SIGNAL != EV_SIGNAL || \ + UB_EV_PERSIST != EV_PERSIST +/* Only necessary for libev */ +# define NATIVE_BITS(b) ( \ + (((b) & UB_EV_TIMEOUT) ? EV_TIMEOUT : 0) \ + | (((b) & UB_EV_READ ) ? EV_READ : 0) \ + | (((b) & UB_EV_WRITE ) ? EV_WRITE : 0) \ + | (((b) & UB_EV_SIGNAL ) ? EV_SIGNAL : 0) \ + | (((b) & UB_EV_PERSIST) ? EV_PERSIST : 0)) + +# define UB_EV_BITS(b) ( \ + (((b) & EV_TIMEOUT) ? UB_EV_TIMEOUT : 0) \ + | (((b) & EV_READ ) ? UB_EV_READ : 0) \ + | (((b) & EV_WRITE ) ? UB_EV_WRITE : 0) \ + | (((b) & EV_SIGNAL ) ? UB_EV_SIGNAL : 0) \ + | (((b) & EV_PERSIST) ? UB_EV_PERSIST : 0)) + +# define UB_EV_BITS_CB(C) void my_ ## C (int fd, short bits, void *arg) \ + { (C)(fd, UB_EV_BITS(bits), arg); } + +UB_EV_BITS_CB(comm_point_udp_callback); +UB_EV_BITS_CB(comm_point_udp_ancil_callback) +UB_EV_BITS_CB(comm_point_tcp_accept_callback) +UB_EV_BITS_CB(comm_point_tcp_handle_callback) +UB_EV_BITS_CB(comm_timer_callback) +UB_EV_BITS_CB(comm_signal_callback) +UB_EV_BITS_CB(comm_point_local_handle_callback) +UB_EV_BITS_CB(comm_point_raw_handle_callback) +UB_EV_BITS_CB(tube_handle_signal) +UB_EV_BITS_CB(comm_base_handle_slow_accept) + +static void (*NATIVE_BITS_CB(void (*cb)(int, short, void*)))(int, short, void*) +{ + if(cb == comm_point_udp_callback) + return my_comm_point_udp_callback; + else if(cb == comm_point_udp_ancil_callback) + return my_comm_point_udp_ancil_callback; + else if(cb == comm_point_tcp_accept_callback) + return my_comm_point_tcp_accept_callback; + else if(cb == comm_point_tcp_handle_callback) + return my_comm_point_tcp_handle_callback; + else if(cb == comm_timer_callback) + return my_comm_timer_callback; + else if(cb == comm_signal_callback) + return my_comm_signal_callback; + else if(cb == comm_point_local_handle_callback) + return my_comm_point_local_handle_callback; + else if(cb == comm_point_raw_handle_callback) + return my_comm_point_raw_handle_callback; + else if(cb == tube_handle_signal) + return my_tube_handle_signal; + else if(cb == comm_base_handle_slow_accept) + return my_comm_base_handle_slow_accept; + else + return NULL; +} +#else +# define NATIVE_BITS(b) (b) +# define NATIVE_BITS_CB(c) (c) +#endif + +#ifndef EVFLAG_AUTO +#define EVFLAG_AUTO 0 +#endif + +struct my_event_base { + struct ub_event_base super; + struct event_base* base; +}; + +struct my_event { + struct ub_event super; + struct event ev; +}; + +#define AS_MY_EVENT_BASE(x) ((struct my_event_base*)x) +#define AS_MY_EVENT(x) ((struct my_event*)x) + +const char* ub_event_get_version(void) +{ + return "pluggable-event"PACKAGE_VERSION; +} + +static void +my_event_add_bits(struct ub_event* ev, short bits) +{ + AS_MY_EVENT(ev)->ev.ev_events |= NATIVE_BITS(bits); +} + +static void +my_event_del_bits(struct ub_event* ev, short bits) +{ + AS_MY_EVENT(ev)->ev.ev_events &= ~NATIVE_BITS(bits); +} + +static void +my_event_set_fd(struct ub_event* ev, int fd) +{ + AS_MY_EVENT(ev)->ev.ev_fd = fd; +} + +static void +my_event_free(struct ub_event* ev) +{ + free(AS_MY_EVENT(ev)); +} + +static int +my_event_add(struct ub_event* ev, struct timeval* tv) +{ + return event_add(&AS_MY_EVENT(ev)->ev, tv); +} + +static int +my_event_del(struct ub_event* ev) +{ + return event_del(&AS_MY_EVENT(ev)->ev); +} + +static int +my_timer_add(struct ub_event* ev, struct ub_event_base* base, + void (*cb)(int, short, void*), void* arg, struct timeval* tv) +{ + event_set(&AS_MY_EVENT(ev)->ev, -1, EV_TIMEOUT,NATIVE_BITS_CB(cb),arg); + if (event_base_set(AS_MY_EVENT_BASE(base)->base, &AS_MY_EVENT(ev)->ev) + != 0) + return -1; + return evtimer_add(&AS_MY_EVENT(ev)->ev, tv); +} + +static int +my_timer_del(struct ub_event* ev) +{ + return evtimer_del(&AS_MY_EVENT(ev)->ev); +} + +static int +my_signal_add(struct ub_event* ev, struct timeval* tv) +{ + return signal_add(&AS_MY_EVENT(ev)->ev, tv); +} + +static int +my_signal_del(struct ub_event* ev) +{ + return signal_del(&AS_MY_EVENT(ev)->ev); +} + +static void +my_winsock_unregister_wsaevent(struct ub_event* ev) +{ +#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) + winsock_unregister_wsaevent(&AS_MY_EVENT(ev)->ev); + free(AS_MY_EVENT(ev)); +#else + (void)ev; +#endif +} + +static void +my_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) +{ +#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) + winsock_tcp_wouldblock(&AS_MY_EVENT(ev)->ev, NATIVE_BITS(eventbits)); +#else + (void)ev; + (void)eventbits; +#endif +} + +static struct ub_event_vmt default_event_vmt = { + my_event_add_bits, my_event_del_bits, my_event_set_fd, + my_event_free, my_event_add, my_event_del, + my_timer_add, my_timer_del, my_signal_add, my_signal_del, + my_winsock_unregister_wsaevent, my_winsock_tcp_wouldblock +}; + +static void +my_event_base_free(struct ub_event_base* base) +{ +#ifdef USE_MINI_EVENT + event_base_free(AS_MY_EVENT_BASE(base)->base); +#elif defined(HAVE_EVENT_BASE_FREE) && defined(HAVE_EVENT_BASE_ONCE) + /* only libevent 1.2+ has it, but in 1.2 it is broken - + assertion fails on signal handling ev that is not deleted + in libevent 1.3c (event_base_once appears) this is fixed. */ + event_base_free(AS_MY_EVENT_BASE(base)->base); +#endif /* HAVE_EVENT_BASE_FREE and HAVE_EVENT_BASE_ONCE */ + free(AS_MY_EVENT_BASE(base)); +} + +static int +my_event_base_dispatch(struct ub_event_base* base) +{ + return event_base_dispatch(AS_MY_EVENT_BASE(base)->base); +} + +static int +my_event_base_loopexit(struct ub_event_base* base, struct timeval* tv) +{ + return event_base_loopexit(AS_MY_EVENT_BASE(base)->base, tv); +} + +static struct ub_event* +my_event_new(struct ub_event_base* base, int fd, short bits, + void (*cb)(int, short, void*), void* arg) +{ + struct my_event *my_ev = (struct my_event*)calloc(1, + sizeof(struct my_event)); + + if (!my_ev) + return NULL; + + event_set(&my_ev->ev, fd, NATIVE_BITS(bits), NATIVE_BITS_CB(cb), arg); + if (event_base_set(AS_MY_EVENT_BASE(base)->base, &my_ev->ev) != 0) { + free(my_ev); + return NULL; + } + my_ev->super.magic = UB_EVENT_MAGIC; + my_ev->super.vmt = &default_event_vmt; + return &my_ev->super; +} + +static struct ub_event* +my_signal_new(struct ub_event_base* base, int fd, + void (*cb)(int, short, void*), void* arg) +{ + struct my_event *my_ev = (struct my_event*)calloc(1, + sizeof(struct my_event)); + + if (!my_ev) + return NULL; + + signal_set(&my_ev->ev, fd, NATIVE_BITS_CB(cb), arg); + if (event_base_set(AS_MY_EVENT_BASE(base)->base, &my_ev->ev) != 0) { + free(my_ev); + return NULL; + } + my_ev->super.magic = UB_EVENT_MAGIC; + my_ev->super.vmt = &default_event_vmt; + return &my_ev->super; +} + +static struct ub_event* +my_winsock_register_wsaevent(struct ub_event_base* base, void* wsaevent, + void (*cb)(int, short, void*), void* arg) +{ +#if defined(USE_MINI_EVENT) && defined(USE_WINSOCK) + struct my_event *my_ev = (struct my_event*)calloc(1, + sizeof(struct my_event)); + + if (!my_ev) + return NULL; + + if (!winsock_register_wsaevent(AS_MY_EVENT_BASE(base)->base, + &my_ev->ev, wsaevent, cb, arg)) { + free(my_ev); + return NULL; + + } + my_ev->super.magic = UB_EVENT_MAGIC; + my_ev->super.vmt = &default_event_vmt; + return &my_ev->super; +#else + (void)base; + (void)wsaevent; + (void)cb; + (void)arg; + return NULL; +#endif +} + +static struct ub_event_base_vmt default_event_base_vmt = { + my_event_base_free, my_event_base_dispatch, + my_event_base_loopexit, my_event_new, my_signal_new, + my_winsock_register_wsaevent +}; + +struct ub_event_base* +ub_default_event_base(int sigs, time_t* time_secs, struct timeval* time_tv) +{ + struct my_event_base* my_base = (struct my_event_base*)calloc(1, + sizeof(struct my_event_base)); + + if (!my_base) + return NULL; + +#ifdef USE_MINI_EVENT + (void)sigs; + /* use mini event time-sharing feature */ + my_base->base = event_init(time_secs, time_tv); +#else + (void)time_secs; + (void)time_tv; +# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) + /* libev */ + if(sigs) + my_base->base = (struct event_base*)ev_default_loop(EVFLAG_AUTO); + else + my_base->base = (struct event_base*)ev_loop_new(EVFLAG_AUTO); +# else + (void)sigs; +# ifdef HAVE_EVENT_BASE_NEW + my_base->base = event_base_new(); +# else + my_base->base = event_init(); +# endif +# endif +#endif + if (!my_base->base) { + free(my_base); + return NULL; + } + my_base->super.magic = UB_EVENT_MAGIC; + my_base->super.vmt = &default_event_base_vmt; + return &my_base->super; +} + +struct ub_event_base* +ub_libevent_event_base(struct event_base* base) +{ +#ifdef USE_MINI_EVENT + (void)base; + return NULL; +#else + struct my_event_base* my_base = (struct my_event_base*)calloc(1, + sizeof(struct my_event_base)); + + if (!my_base) + return NULL; + my_base->super.magic = UB_EVENT_MAGIC; + my_base->super.vmt = &default_event_base_vmt; + my_base->base = base; + return &my_base->super; +#endif +} + +struct event_base* +ub_libevent_get_event_base(struct ub_event_base* base) +{ +#ifndef USE_MINI_EVENT + if (base->vmt == &default_event_base_vmt) + return AS_MY_EVENT_BASE(base)->base; +#else + (void)base; +#endif + return NULL; +} + +#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EVBACKEND_SELECT) +static const char* ub_ev_backend2str_pluggable(int b) +{ + switch(b) { + case EVBACKEND_SELECT: return "select"; + case EVBACKEND_POLL: return "poll"; + case EVBACKEND_EPOLL: return "epoll"; + case EVBACKEND_KQUEUE: return "kqueue"; + case EVBACKEND_DEVPOLL: return "devpoll"; + case EVBACKEND_PORT: return "evport"; + } + return "unknown"; +} +#endif + +void +ub_get_event_sys(struct ub_event_base* ub_base, const char** n, const char** s, + const char** m) +{ +#ifdef USE_WINSOCK + (void)ub_base; + *n = "pluggable-event"; + *s = "winsock"; + *m = "WSAWaitForMultipleEvents"; +#elif defined(USE_MINI_EVENT) + (void)ub_base; + *n = "pluggable-event"; + *s = "internal"; + *m = "select"; +#else + struct event_base* b = ub_libevent_get_event_base(ub_base); + /* This function is only called from comm_base_create, so + * ub_base is guaranteed to exist and to be the default + * event base. + */ + assert(b); + *n = "pluggable-event"; + *s = event_get_version(); +# if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) + *n = "pluggable-libev"; +# ifdef EVBACKEND_SELECT + *m = ub_ev_backend2str_pluggable(ev_backend((struct ev_loop*)b)); +# else + *m = "not obtainable"; +# endif +# elif defined(HAVE_EVENT_BASE_GET_METHOD) + *n = "pluggable-libevent"; + *m = event_base_get_method(b); +# else + *m = "not obtainable"; +# endif +#endif +} + +void +ub_event_base_free(struct ub_event_base* base) +{ + if (base && base->magic == UB_EVENT_MAGIC) { + fptr_ok(base->vmt != &default_event_base_vmt || + base->vmt->free == my_event_base_free); + (*base->vmt->free)(base); + } +} + +int +ub_event_base_dispatch(struct ub_event_base* base) +{ + if (base->magic == UB_EVENT_MAGIC) { + fptr_ok(base->vmt != &default_event_base_vmt || + base->vmt->dispatch == my_event_base_dispatch); + return (*base->vmt->dispatch)(base); + } + return -1; +} + +int +ub_event_base_loopexit(struct ub_event_base* base) +{ + if (base->magic == UB_EVENT_MAGIC) { + fptr_ok(base->vmt != &default_event_base_vmt || + base->vmt->loopexit == my_event_base_loopexit); + return (*base->vmt->loopexit)(base, NULL); + } + return -1; +} + +struct ub_event* +ub_event_new(struct ub_event_base* base, int fd, short bits, + void (*cb)(int, short, void*), void* arg) +{ + if (base->magic == UB_EVENT_MAGIC) { + fptr_ok(base->vmt != &default_event_base_vmt || + base->vmt->new_event == my_event_new); + return (*base->vmt->new_event)(base, fd, bits, cb, arg); + } + return NULL; +} + +struct ub_event* +ub_signal_new(struct ub_event_base* base, int fd, + void (*cb)(int, short, void*), void* arg) +{ + if (base->magic == UB_EVENT_MAGIC) { + fptr_ok(base->vmt != &default_event_base_vmt || + base->vmt->new_signal == my_signal_new); + return (*base->vmt->new_signal)(base, fd, cb, arg); + } + return NULL; +} + +struct ub_event* +ub_winsock_register_wsaevent(struct ub_event_base* base, void* wsaevent, + void (*cb)(int, short, void*), void* arg) +{ + if (base->magic == UB_EVENT_MAGIC) { + fptr_ok(base->vmt != &default_event_base_vmt || + base->vmt->winsock_register_wsaevent == + my_winsock_register_wsaevent); + return (*base->vmt->winsock_register_wsaevent)(base, wsaevent, cb, arg); + } + return NULL; +} + +void +ub_event_add_bits(struct ub_event* ev, short bits) +{ + if (ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->add_bits == my_event_add_bits); + (*ev->vmt->add_bits)(ev, bits); + } +} + +void +ub_event_del_bits(struct ub_event* ev, short bits) +{ + if (ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->del_bits == my_event_del_bits); + (*ev->vmt->del_bits)(ev, bits); + } +} + +void +ub_event_set_fd(struct ub_event* ev, int fd) +{ + if (ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->set_fd == my_event_set_fd); + (*ev->vmt->set_fd)(ev, fd); + } +} + +void +ub_event_free(struct ub_event* ev) +{ + if (ev && ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->free == my_event_free); + (*ev->vmt->free)(ev); + } +} + +int +ub_event_add(struct ub_event* ev, struct timeval* tv) +{ + if (ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->add == my_event_add); + return (*ev->vmt->add)(ev, tv); + } + return -1; +} + +int +ub_event_del(struct ub_event* ev) +{ + if (ev && ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->del == my_event_del); + return (*ev->vmt->del)(ev); + } + return -1; +} + +int +ub_timer_add(struct ub_event* ev, struct ub_event_base* base, + void (*cb)(int, short, void*), void* arg, struct timeval* tv) +{ + if (ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->add_timer == my_timer_add); + return (*ev->vmt->add_timer)(ev, base, cb, arg, tv); + } + return -1; +} + +int +ub_timer_del(struct ub_event* ev) +{ + if (ev && ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->del_timer == my_timer_del); + return (*ev->vmt->del_timer)(ev); + } + return -1; +} + +int +ub_signal_add(struct ub_event* ev, struct timeval* tv) +{ + if (ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->add_signal == my_signal_add); + return (*ev->vmt->add_signal)(ev, tv); + } + return -1; +} + +int +ub_signal_del(struct ub_event* ev) +{ + if (ev && ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->del_signal == my_signal_del); + return (*ev->vmt->del_signal)(ev); + } + return -1; +} + +void +ub_winsock_unregister_wsaevent(struct ub_event* ev) +{ + if (ev && ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->winsock_unregister_wsaevent == + my_winsock_unregister_wsaevent); + (*ev->vmt->winsock_unregister_wsaevent)(ev); + } +} + +void +ub_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) +{ + if (ev->magic == UB_EVENT_MAGIC) { + fptr_ok(ev->vmt != &default_event_vmt || + ev->vmt->winsock_tcp_wouldblock == + my_winsock_tcp_wouldblock); + (*ev->vmt->winsock_tcp_wouldblock)(ev, eventbits); + } +} + +void ub_comm_base_now(struct comm_base* cb) +{ + time_t *tt; + struct timeval *tv; + +#ifdef USE_MINI_EVENT +/** minievent updates the time when it blocks. */ + if (comm_base_internal(cb)->magic == UB_EVENT_MAGIC && + comm_base_internal(cb)->vmt == &default_event_base_vmt) + return; /* Actually using mini event, so do not set time */ +#endif /* USE_MINI_EVENT */ + +/** fillup the time values in the event base */ + comm_base_timept(cb, &tt, &tv); + if(gettimeofday(tv, NULL) < 0) { + log_err("gettimeofday: %s", strerror(errno)); + } + *tt = tv->tv_sec; +} + diff -Nru unbound-1.5.8/util/winsock_event.c unbound-1.6.0/util/winsock_event.c --- unbound-1.5.8/util/winsock_event.c 2015-12-11 10:26:15.000000000 +0000 +++ unbound-1.6.0/util/winsock_event.c 2016-07-05 07:40:13.000000000 +0000 @@ -262,8 +262,9 @@ break; /* sanity check */ } log_assert(numwait <= WSA_MAXIMUM_WAIT_EVENTS); - verbose(VERB_CLIENT, "winsock_event bmax=%d numwait=%d wait=%x " - "timeout=%d", base->max, numwait, (int)wait, (int)timeout); + verbose(VERB_CLIENT, "winsock_event bmax=%d numwait=%d wait=%s " + "timeout=%d", base->max, numwait, (wait?"":""), + (int)timeout); /* do the wait */ if(numwait == 0) { diff -Nru unbound-1.5.8/validator/autotrust.c unbound-1.6.0/validator/autotrust.c --- unbound-1.5.8/validator/autotrust.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/validator/autotrust.c 2016-10-18 13:18:20.000000000 +0000 @@ -430,6 +430,8 @@ } tp = autr_tp_create(anchors, rr, dname_len, sldns_wirerr_get_class(rr, rr_len, dname_len)); + if(!tp) + return NULL; lock_basic_lock(&tp->lock); return tp; } @@ -1201,7 +1203,7 @@ if(fsync(fileno(out)) != 0) log_err("could not fsync(%s): %s", fname, strerror(errno)); #else - FlushFileBuffers((HANDLE)_fileno(out)); + FlushFileBuffers((HANDLE)_get_osfhandle(_fileno(out))); #endif if(fclose(out) != 0) { fatal_exit("could not complete write: %s: %s", @@ -2326,6 +2328,7 @@ qinfo.qname_len = tp->namelen; qinfo.qtype = LDNS_RR_TYPE_DNSKEY; qinfo.qclass = tp->dclass; + qinfo.local_alias = NULL; log_query_info(VERB_ALGO, "autotrust probe", &qinfo); verbose(VERB_ALGO, "retry probe set in %d seconds", (int)tp->autr->next_probe_time - (int)*env->now); @@ -2333,6 +2336,7 @@ edns.ext_rcode = 0; edns.edns_version = 0; edns.bits = EDNS_DO; + edns.opt_list = NULL; if(sldns_buffer_capacity(buf) < 65535) edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); else edns.udp_size = 65535; diff -Nru unbound-1.5.8/validator/val_anchor.c unbound-1.6.0/validator/val_anchor.c --- unbound-1.5.8/validator/val_anchor.c 2016-02-09 13:25:59.000000000 +0000 +++ unbound-1.6.0/validator/val_anchor.c 2016-03-23 08:19:49.000000000 +0000 @@ -1030,6 +1030,8 @@ ")", b); (void)rbtree_delete(anchors->tree, &ta->node); lock_basic_unlock(&ta->lock); + if(anchors->dlv_anchor == ta) + anchors->dlv_anchor = NULL; anchors_delfunc(&ta->node, NULL); ta = next; continue; diff -Nru unbound-1.5.8/validator/validator.c unbound-1.6.0/validator/validator.c --- unbound-1.5.8/validator/validator.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/validator/validator.c 2016-12-06 13:42:51.000000000 +0000 @@ -156,6 +156,9 @@ return 1; } +#ifdef USE_ECDSA_EVP_WORKAROUND +void ecdsa_evp_workaround_init(void); +#endif int val_init(struct module_env* env, int id) { @@ -171,10 +174,14 @@ lock_basic_init(&val_env->bogus_lock); lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus, sizeof(val_env->num_rrset_bogus)); +#ifdef USE_ECDSA_EVP_WORKAROUND + ecdsa_evp_workaround_init(); +#endif if(!val_apply_cfg(env, val_env, env->cfg)) { log_err("validator: could not apply configuration settings."); return 0; } + return 1; } @@ -371,6 +378,7 @@ ask.qname_len = namelen; ask.qtype = qtype; ask.qclass = qclass; + ask.local_alias = NULL; log_query_info(VERB_ALGO, "generate request", &ask); fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); /* enable valrec flag to avoid recursion to the same validation @@ -2081,7 +2089,7 @@ } /* store results in cache */ - if(qstate->query_flags&BIT_RD) { + if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { /* if secure, this will override cache anyway, no need * to check if from parentNS */ if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, @@ -2274,6 +2282,7 @@ (void)outbound; if(event == module_event_new || (event == module_event_pass && vq == NULL)) { + /* pass request to next module, to get it */ verbose(VERB_ALGO, "validator: pass to next module"); qstate->ext_state[id] = module_wait_module; @@ -2282,6 +2291,7 @@ if(event == module_event_moddone) { /* check if validation is needed */ verbose(VERB_ALGO, "validator: nextmodule returned"); + if(!needs_validation(qstate, qstate->return_rcode, qstate->return_msg)) { /* no need to validate this */ diff -Nru unbound-1.5.8/validator/val_neg.c unbound-1.6.0/validator/val_neg.c --- unbound-1.5.8/validator/val_neg.c 2016-02-24 15:02:35.000000000 +0000 +++ unbound-1.6.0/validator/val_neg.c 2016-10-20 15:05:30.000000000 +0000 @@ -1007,6 +1007,7 @@ qinfo.qname = qname; qinfo.qtype = LDNS_RR_TYPE_DLV; qinfo.qclass = qclass; + qinfo.local_alias = NULL; if(!nsec_proves_nodata(nsec, &qinfo, &wc) && !val_nsec_proves_name_error(nsec, qname)) { /* the NSEC is not a denial for the DLV */ diff -Nru unbound-1.5.8/validator/val_nsec3.c unbound-1.6.0/validator/val_nsec3.c --- unbound-1.5.8/validator/val_nsec3.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/validator/val_nsec3.c 2016-10-05 09:56:05.000000000 +0000 @@ -1180,7 +1180,7 @@ nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) && !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) { verbose(VERB_ALGO, "nsec3 nodata proof: matching " - "wilcard is a delegation, bogus"); + "wildcard is a delegation, bogus"); return sec_status_bogus; } /* everything is peachy keen, except for optout spans */ diff -Nru unbound-1.5.8/validator/val_nsec.c unbound-1.6.0/validator/val_nsec.c --- unbound-1.5.8/validator/val_nsec.c 2015-11-18 14:11:46.000000000 +0000 +++ unbound-1.6.0/validator/val_nsec.c 2016-11-22 10:10:48.000000000 +0000 @@ -343,7 +343,7 @@ } else { /* See if the next owner name covers a wildcard * empty non-terminal. */ - while (dname_strict_subdomain_c(nm, nsec->rk.dname)) { + while (dname_canonical_compare(nsec->rk.dname, nm) < 0) { /* wildcard does not apply if qname below * the name that exists under the '*' */ if (dname_subdomain_c(qinfo->qname, nm)) diff -Nru unbound-1.5.8/validator/val_secalgo.c unbound-1.6.0/validator/val_secalgo.c --- unbound-1.5.8/validator/val_secalgo.c 2016-02-19 12:17:03.000000000 +0000 +++ unbound-1.6.0/validator/val_secalgo.c 2016-12-07 12:58:47.000000000 +0000 @@ -72,6 +72,9 @@ #include #endif +/** fake DSA support for unit tests */ +int fake_dsa = 0; + /* return size of digest if supported, or 0 otherwise */ size_t nsec3_hash_algo_size_supported(int id) @@ -98,6 +101,12 @@ } } +void +secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) +{ + (void)SHA256(buf, len, res); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. @@ -188,6 +197,12 @@ return 0; case LDNS_DSA: case LDNS_DSA_NSEC3: +#ifdef USE_DSA + return 1; +#else + if(fake_dsa) return 1; + return 0; +#endif case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) @@ -227,6 +242,7 @@ log_err("%s crypto %s", str, buf); } +#ifdef USE_DSA /** * Setup DSA key digest in DER encoding ... * @param sig: input is signature output alloced ptr (unless failure). @@ -255,8 +271,12 @@ dsasig = DSA_SIG_new(); if(!dsasig) return 0; +#ifdef HAVE_DSA_SIG_SET0 + if(!DSA_SIG_set0(dsasig, R, S)) return 0; +#else dsasig->r = R; dsasig->s = S; +#endif *sig = NULL; newlen = i2d_DSA_SIG(dsasig, sig); if(newlen < 0) { @@ -268,6 +288,7 @@ DSA_SIG_free(dsasig); return 1; } +#endif /* USE_DSA */ #ifdef USE_ECDSA /** @@ -281,36 +302,82 @@ static int setup_ecdsa_sig(unsigned char** sig, unsigned int* len) { - ECDSA_SIG* ecdsa_sig; - int newlen; + /* convert from two BIGNUMs in the rdata buffer, to ASN notation. + * ASN preable: 30440220 0220 + * the '20' is the length of that field (=bnsize). +i * the '44' is the total remaining length. + * if negative, start with leading zero. + * if starts with 00s, remove them from the number. + */ + uint8_t pre[] = {0x30, 0x44, 0x02, 0x20}; + int pre_len = 4; + uint8_t mid[] = {0x02, 0x20}; + int mid_len = 2; + int raw_sig_len, r_high, s_high, r_rem=0, s_rem=0; int bnsize = (int)((*len)/2); + unsigned char* d = *sig; + uint8_t* p; /* if too short or not even length, fails */ if(*len < 16 || bnsize*2 != (int)*len) return 0; - /* use the raw data to parse two evenly long BIGNUMs, "r | s". */ - ecdsa_sig = ECDSA_SIG_new(); - if(!ecdsa_sig) return 0; - ecdsa_sig->r = BN_bin2bn(*sig, bnsize, ecdsa_sig->r); - ecdsa_sig->s = BN_bin2bn(*sig+bnsize, bnsize, ecdsa_sig->s); - if(!ecdsa_sig->r || !ecdsa_sig->s) { - ECDSA_SIG_free(ecdsa_sig); - return 0; - } - /* spool it into ASN format */ - *sig = NULL; - newlen = i2d_ECDSA_SIG(ecdsa_sig, sig); - if(newlen <= 0) { - ECDSA_SIG_free(ecdsa_sig); - free(*sig); + /* strip leading zeroes from r (but not last one) */ + while(r_rem < bnsize-1 && d[r_rem] == 0) + r_rem++; + /* strip leading zeroes from s (but not last one) */ + while(s_rem < bnsize-1 && d[bnsize+s_rem] == 0) + s_rem++; + + r_high = ((d[0+r_rem]&0x80)?1:0); + s_high = ((d[bnsize+s_rem]&0x80)?1:0); + raw_sig_len = pre_len + r_high + bnsize - r_rem + mid_len + + s_high + bnsize - s_rem; + *sig = (unsigned char*)malloc((size_t)raw_sig_len); + if(!*sig) return 0; + p = (uint8_t*)*sig; + p[0] = pre[0]; + p[1] = (uint8_t)(raw_sig_len-2); + p[2] = pre[2]; + p[3] = (uint8_t)(bnsize + r_high - r_rem); + p += 4; + if(r_high) { + *p = 0; + p += 1; + } + memmove(p, d+r_rem, (size_t)bnsize-r_rem); + p += bnsize-r_rem; + memmove(p, mid, (size_t)mid_len-1); + p += mid_len-1; + *p = (uint8_t)(bnsize + s_high - s_rem); + p += 1; + if(s_high) { + *p = 0; + p += 1; } - *len = (unsigned int)newlen; - ECDSA_SIG_free(ecdsa_sig); + memmove(p, d+bnsize+s_rem, (size_t)bnsize-s_rem); + *len = (unsigned int)raw_sig_len; return 1; } #endif /* USE_ECDSA */ +#ifdef USE_ECDSA_EVP_WORKAROUND +static EVP_MD ecdsa_evp_256_md; +static EVP_MD ecdsa_evp_384_md; +void ecdsa_evp_workaround_init(void) +{ + /* openssl before 1.0.0 fixes RSA with the SHA256 + * hash in EVP. We create one for ecdsa_sha256 */ + ecdsa_evp_256_md = *EVP_sha256(); + ecdsa_evp_256_md.required_pkey_type[0] = EVP_PKEY_EC; + ecdsa_evp_256_md.verify = (void*)ECDSA_verify; + + ecdsa_evp_384_md = *EVP_sha384(); + ecdsa_evp_384_md.required_pkey_type[0] = EVP_PKEY_EC; + ecdsa_evp_384_md.verify = (void*)ECDSA_verify; +} +#endif /* USE_ECDSA_EVP_WORKAROUND */ + /** * Setup key and digest for verification. Adjust sig if necessary. * @@ -325,10 +392,13 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, unsigned char* key, size_t keylen) { +#ifdef USE_DSA DSA* dsa; +#endif RSA* rsa; switch(algo) { +#ifdef USE_DSA case LDNS_DSA: case LDNS_DSA_NSEC3: *evp_key = EVP_PKEY_new(); @@ -347,9 +417,14 @@ "EVP_PKEY_assign_DSA failed"); return 0; } +#ifdef HAVE_EVP_DSS1 *digest_type = EVP_dss1(); +#else + *digest_type = EVP_sha1(); +#endif break; +#endif /* USE_DSA */ case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) @@ -435,20 +510,7 @@ return 0; } #ifdef USE_ECDSA_EVP_WORKAROUND - /* openssl before 1.0.0 fixes RSA with the SHA256 - * hash in EVP. We create one for ecdsa_sha256 */ - { - static int md_ecdsa_256_done = 0; - static EVP_MD md; - if(!md_ecdsa_256_done) { - EVP_MD m = *EVP_sha256(); - md_ecdsa_256_done = 1; - m.required_pkey_type[0] = (*evp_key)->type; - m.verify = (void*)ECDSA_verify; - md = m; - } - *digest_type = &md; - } + *digest_type = &ecdsa_evp_256_md; #else *digest_type = EVP_sha256(); #endif @@ -462,20 +524,7 @@ return 0; } #ifdef USE_ECDSA_EVP_WORKAROUND - /* openssl before 1.0.0 fixes RSA with the SHA384 - * hash in EVP. We create one for ecdsa_sha384 */ - { - static int md_ecdsa_384_done = 0; - static EVP_MD md; - if(!md_ecdsa_384_done) { - EVP_MD m = *EVP_sha384(); - md_ecdsa_384_done = 1; - m.required_pkey_type[0] = (*evp_key)->type; - m.verify = (void*)ECDSA_verify; - md = m; - } - *digest_type = &md; - } + *digest_type = &ecdsa_evp_384_md; #else *digest_type = EVP_sha384(); #endif @@ -508,9 +557,14 @@ char** reason) { const EVP_MD *digest_type; - EVP_MD_CTX ctx; - int res, dofree = 0; + EVP_MD_CTX* ctx; + int res, dofree = 0, docrypto_free = 0; EVP_PKEY *evp_key = NULL; + +#ifndef USE_DSA + if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && fake_dsa) + return sec_status_secure; +#endif if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) { verbose(VERB_QUERY, "verify: failed to setup key"); @@ -518,6 +572,7 @@ EVP_PKEY_free(evp_key); return sec_status_bogus; } +#ifdef USE_DSA /* if it is a DSA signature in bind format, convert to DER format */ if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && sigblock_len == 1+2*SHA_DIGEST_LENGTH) { @@ -527,10 +582,14 @@ EVP_PKEY_free(evp_key); return sec_status_bogus; } - dofree = 1; + docrypto_free = 1; } +#endif +#if defined(USE_ECDSA) && defined(USE_DSA) + else +#endif #ifdef USE_ECDSA - else if(algo == LDNS_ECDSAP256SHA256 || algo == LDNS_ECDSAP384SHA384) { + if(algo == LDNS_ECDSAP256SHA256 || algo == LDNS_ECDSAP384SHA384) { /* EVP uses ASN prefix on sig, which is not in the wire data */ if(!setup_ecdsa_sig(&sigblock, &sigblock_len)) { verbose(VERB_QUERY, "verify: failed to setup ECDSA sig"); @@ -543,32 +602,48 @@ #endif /* USE_ECDSA */ /* do the signature cryptography work */ - EVP_MD_CTX_init(&ctx); - if(EVP_VerifyInit(&ctx, digest_type) == 0) { - verbose(VERB_QUERY, "verify: EVP_VerifyInit failed"); +#ifdef HAVE_EVP_MD_CTX_NEW + ctx = EVP_MD_CTX_new(); +#else + ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx)); + if(ctx) EVP_MD_CTX_init(ctx); +#endif + if(!ctx) { + log_err("EVP_MD_CTX_new: malloc failure"); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); return sec_status_unchecked; } - if(EVP_VerifyUpdate(&ctx, (unsigned char*)sldns_buffer_begin(buf), - (unsigned int)sldns_buffer_limit(buf)) == 0) { - verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed"); + if(EVP_VerifyInit(ctx, digest_type) == 0) { + verbose(VERB_QUERY, "verify: EVP_VerifyInit failed"); + EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); return sec_status_unchecked; } - - res = EVP_VerifyFinal(&ctx, sigblock, sigblock_len, evp_key); - if(EVP_MD_CTX_cleanup(&ctx) == 0) { - verbose(VERB_QUERY, "verify: EVP_MD_CTX_cleanup failed"); + if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), + (unsigned int)sldns_buffer_limit(buf)) == 0) { + verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed"); + EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); return sec_status_unchecked; } + + res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key); +#ifdef HAVE_EVP_MD_CTX_NEW + EVP_MD_CTX_destroy(ctx); +#else + EVP_MD_CTX_cleanup(ctx); + free(ctx); +#endif EVP_PKEY_free(evp_key); - if(dofree) - free(sigblock); + if(dofree) free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); if(res == 1) { return sec_status_secure; @@ -620,6 +695,12 @@ } } +void +secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) +{ + (void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len); +} + size_t ds_digest_size_supported(int algo) { @@ -678,8 +759,10 @@ case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */ return 0; +#ifdef USE_DSA case LDNS_DSA: case LDNS_DSA_NSEC3: +#endif case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #ifdef USE_SHA2 @@ -920,6 +1003,7 @@ */ switch(algo) { +#ifdef USE_DSA case LDNS_DSA: case LDNS_DSA_NSEC3: *pubkey = nss_buf2dsa(key, keylen); @@ -930,6 +1014,7 @@ *htype = HASH_AlgSHA1; /* no prefix for DSA verification */ break; +#endif case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #ifdef USE_SHA2 @@ -1046,6 +1131,7 @@ return sec_status_bogus; } +#ifdef USE_DSA /* need to convert DSA, ECDSA signatures? */ if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) { if(sigblock_len == 1+2*SHA1_LENGTH) { @@ -1068,6 +1154,7 @@ SECITEM_FreeItem(p, PR_TRUE); } } +#endif /* USE_DSA */ /* do the signature cryptography work */ /* hash the data */ @@ -1131,6 +1218,9 @@ #include "macros.h" #include "rsa.h" #include "dsa.h" +#ifdef HAVE_NETTLE_DSA_COMPAT_H +#include "dsa-compat.h" +#endif #include "asn1.h" #ifdef USE_ECDSA #include "ecdsa.h" @@ -1206,6 +1296,12 @@ } } +void +secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) +{ + _digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. @@ -1263,8 +1359,10 @@ { /* uses libnettle */ switch(id) { +#ifdef USE_DSA case LDNS_DSA: case LDNS_DSA_NSEC3: +#endif case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #ifdef USE_SHA2 @@ -1283,6 +1381,7 @@ } } +#ifdef USE_DSA static char * _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock, unsigned int sigblock_len, unsigned char* key, unsigned int keylen) @@ -1370,6 +1469,7 @@ else return NULL; } +#endif /* USE_DSA */ static char * _verify_nettle_rsa(sldns_buffer* buf, unsigned int digest_size, char* sigblock, @@ -1541,6 +1641,7 @@ } switch(algo) { +#ifdef USE_DSA case LDNS_DSA: case LDNS_DSA_NSEC3: *reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen); @@ -1548,6 +1649,7 @@ return sec_status_bogus; else return sec_status_secure; +#endif /* USE_DSA */ case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: diff -Nru unbound-1.5.8/validator/val_secalgo.h unbound-1.6.0/validator/val_secalgo.h --- unbound-1.5.8/validator/val_secalgo.h 2015-11-17 11:32:04.000000000 +0000 +++ unbound-1.6.0/validator/val_secalgo.h 2016-04-15 14:19:00.000000000 +0000 @@ -60,6 +60,14 @@ unsigned char* res); /** + * Calculate the sha256 hash for the data buffer into the result. + * @param buf: buffer to digest. + * @param len: length of the buffer to digest. + * @param res: result is stored here (space 256/8 bytes). + */ +void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res); + +/** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. * @return size in bytes of digest, or 0 if not supported. diff -Nru unbound-1.5.8/validator/val_sigcrypt.c unbound-1.6.0/validator/val_sigcrypt.c --- unbound-1.5.8/validator/val_sigcrypt.c 2015-11-17 09:43:07.000000000 +0000 +++ unbound-1.6.0/validator/val_sigcrypt.c 2016-10-05 09:56:05.000000000 +0000 @@ -1283,15 +1283,23 @@ /* so now: * d->ttl: rrset ttl read from message or cache. May be reduced * origttl: original TTL from signature, authoritative TTL max. + * MIN_TTL: minimum TTL from config. * expittl: TTL until the signature expires. * - * Use the smallest of these. + * Use the smallest of these, but don't let origttl set the TTL + * below the minimum. */ - if(d->ttl > (time_t)origttl) { - verbose(VERB_QUERY, "rrset TTL larger than original TTL," - " adjusting TTL downwards"); + if(MIN_TTL > (time_t)origttl && d->ttl > MIN_TTL) { + verbose(VERB_QUERY, "rrset TTL larger than original and minimum" + " TTL, adjusting TTL downwards to minimum ttl"); + d->ttl = MIN_TTL; + } + else if(MIN_TTL <= origttl && d->ttl > (time_t)origttl) { + verbose(VERB_QUERY, "rrset TTL larger than original TTL, " + "adjusting TTL downwards to original ttl"); d->ttl = origttl; } + if(expittl > 0 && d->ttl > (time_t)expittl) { verbose(VERB_ALGO, "rrset TTL larger than sig expiration ttl," " adjusting TTL downwards"); diff -Nru unbound-1.5.8/validator/val_utils.c unbound-1.6.0/validator/val_utils.c --- unbound-1.5.8/validator/val_utils.c 2016-02-19 12:16:27.000000000 +0000 +++ unbound-1.6.0/validator/val_utils.c 2016-10-20 15:05:30.000000000 +0000 @@ -219,7 +219,7 @@ { size_t i; - if(subtype == VAL_CLASS_POSITIVE || subtype == VAL_CLASS_ANY) { + if(subtype == VAL_CLASS_POSITIVE) { /* check for the answer rrset */ for(i=skip; ian_numrrsets; i++) { if(query_dname_compare(qinf->qname, @@ -271,6 +271,29 @@ signer_name, signer_len, &matchcount); } } + } else if(subtype == VAL_CLASS_ANY) { + /* check for one of the answer rrset that has signatures, + * or potentially a DNAME is in use with a different qname */ + for(i=skip; ian_numrrsets; i++) { + if(query_dname_compare(qinf->qname, + rep->rrsets[i]->rk.dname) == 0) { + val_find_rrset_signer(rep->rrsets[i], + signer_name, signer_len); + if(*signer_name) + return; + } + } + /* no answer RRSIGs with qname, try a DNAME */ + if(skip < rep->an_numrrsets && + ntohs(rep->rrsets[skip]->rk.type) == + LDNS_RR_TYPE_DNAME) { + val_find_rrset_signer(rep->rrsets[skip], + signer_name, signer_len); + if(*signer_name) + return; + } + *signer_name = NULL; + *signer_len = 0; } else if(subtype == VAL_CLASS_REFERRAL) { /* find keys for the item at skip */ if(skip < rep->rrset_count) { @@ -1115,6 +1138,7 @@ qinfo.qname_len = nmlen; qinfo.qtype = LDNS_RR_TYPE_DS; qinfo.qclass = c; + qinfo.local_alias = NULL; /* do not add SOA to reply message, it is going to be used internal */ msg = val_neg_getmsg(env->neg_cache, &qinfo, region, env->rrset_cache, env->scratch_buffer, *env->now, 0, topname); diff -Nru unbound-1.5.8/winrc/setup.nsi unbound-1.6.0/winrc/setup.nsi --- unbound-1.5.8/winrc/setup.nsi 2015-12-02 17:55:03.000000000 +0000 +++ unbound-1.6.0/winrc/setup.nsi 2016-06-10 09:33:27.000000000 +0000 @@ -92,10 +92,18 @@ File "..\anchor-update.exe" File "unbound-control-setup.cmd" File "unbound-website.url" - File "service.conf" File "..\doc\example.conf" File "..\doc\Changelog" + # Does service.conf already exist? + IfFileExists "$INSTDIR\service.conf" 0 service_conf_not_found + # if so, leave it be and place the shipped file under another name + File /oname=service.conf.shipped "service.conf" + goto end_service_conf_not_found + # or, it is not there, place it and fill it. + service_conf_not_found: + File "service.conf" + # Store Root Key choice SectionGetFlags ${SectionRootKey} $R0 IntOp $R0 $R0 & ${SF_SELECTED} @@ -111,6 +119,7 @@ ${Else} WriteRegStr HKLM "Software\Unbound" "RootAnchor" "" ${EndIf} + end_service_conf_not_found: # store installation folder WriteRegStr HKLM "Software\Unbound" "InstallLocation" "$INSTDIR" @@ -179,7 +188,9 @@ Delete "$INSTDIR\anchor-update.exe" Delete "$INSTDIR\unbound-control-setup.cmd" Delete "$INSTDIR\unbound-website.url" - Delete "$INSTDIR\service.conf" + # keep the service.conf with potential local modifications + #Delete "$INSTDIR\service.conf" + Delete "$INSTDIR\service.conf.shipped" Delete "$INSTDIR\example.conf" Delete "$INSTDIR\Changelog" Delete "$INSTDIR\root.key" diff -Nru unbound-1.5.8/winrc/w_inst.c unbound-1.6.0/winrc/w_inst.c --- unbound-1.5.8/winrc/w_inst.c 2014-09-29 09:27:22.000000000 +0000 +++ unbound-1.6.0/winrc/w_inst.c 2016-06-09 14:30:37.000000000 +0000 @@ -231,8 +231,8 @@ NULL, /* no load ordering group */ NULL, /* no tag identifier */ NULL, /* no deps */ - NULL, /* on LocalSystem */ - NULL /* no password */ + NULL, /* on LocalSystem */ + NULL /* no password */ ); if(!sv) { CloseServiceHandle(scm); diff -Nru unbound-1.5.8/winrc/win_svc.c unbound-1.6.0/winrc/win_svc.c --- unbound-1.5.8/winrc/win_svc.c 2015-12-01 09:12:30.000000000 +0000 +++ unbound-1.6.0/winrc/win_svc.c 2016-09-05 07:23:23.000000000 +0000 @@ -51,7 +51,7 @@ #include "daemon/remote.h" #include "util/config_file.h" #include "util/netevent.h" -#include "util/winsock_event.h" +#include "util/ub_event.h" /** global service status */ static SERVICE_STATUS service_status; @@ -60,7 +60,7 @@ /** global service stop event */ static WSAEVENT service_stop_event = NULL; /** event struct for stop callbacks */ -static struct event service_stop_ev; +static struct ub_event* service_stop_ev = NULL; /** if stop even means shutdown or restart */ static int service_stop_shutdown = 0; /** config file to open. global communication to service_main() */ @@ -453,9 +453,9 @@ /* exit */ verbose(VERB_ALGO, "winservice - cleanup."); report_status(SERVICE_STOP_PENDING, NO_ERROR, 0); + if(service_stop_event) (void)WSACloseEvent(service_stop_event); service_deinit(daemon, cfg); free(service_cfgfile); - if(service_stop_event) (void)WSACloseEvent(service_stop_event); verbose(VERB_QUERY, "winservice - full stop"); report_status(SERVICE_STOPPED, NO_ERROR, 0); } @@ -565,7 +565,7 @@ /** Set the timer for cron for the next wake up */ static void -set_cron_timer() +set_cron_timer(void) { struct timeval tv; int crontime; @@ -600,9 +600,9 @@ /* if not started with -w service, do nothing */ if(!service_stop_event) return; - if(!winsock_register_wsaevent(comm_base_internal(worker->base), - &service_stop_ev, service_stop_event, - &worker_win_stop_cb, worker)) { + if(!(service_stop_ev = ub_winsock_register_wsaevent( + comm_base_internal(worker->base), service_stop_event, + &worker_win_stop_cb, worker))) { fatal_exit("could not register wsaevent"); return; }